Is sonar and veracode serves the same purpose or we can use both tools to scan our applications?
Metrics like, coverage, duplications, bugs and code smells are avilable in sonar but they are not available in veracode. so we need to use both tools or we can scan above mentioned metrics in veracode as well?
Thanks
Each of those tools has a specific focus. Veracode is used for finding security vulnerabilities. SonarQube is used for determining general code quality. SonarQube has some static rules that address some vulnerabilities, but those are limited, and Veracode does much more thorough analysis of security vulnerabilities.
