When comparing SonarQube vs OWASP Dependency-Check, the Slant community recommends SonarQube for most people. In the question“What are the best DevOps security tools?” SonarQube is ranked 1st while OWASP Dependency-Check is ranked 8th. The most important reason people chose SonarQube is:
Quick installation/configuration and code review. This follows rules that support industry standards.(across of installation of plugins). Quality model (Bugs track code, Vulnerabilities, Code Smells all are raised on code in a simple user interface)
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Continuous code quality as a service
Quick installation/configuration and code review. This follows rules that support industry standards.(across of installation of plugins). Quality model (Bugs track code, Vulnerabilities, Code Smells all are raised on code in a simple user interface)
Pro Free
Pro Jenkins plugin
Pro Azure DevOps Extension
An Azure DevOps Extension is available on the Visual Studio Marketplace.
Cons
Con Enterprise deployment
The Enterprise Deployment version has commercial value.
Con Needs Java
Needs Java to be installed.
Con No TeamCity plugin
There is no official TeamCity plugin, but there seems to be an unofficial tool: PacMon.