Last updated on
Company health
Ratings
SonarQube description
SonarQube helps development teams write better and more secure code. It integrates into your existing workflow and flags potential bugs, security vulnerabilities, and code quality issues in real-time. This helps you catch and fix problems early in the development process, saving time and money in the long run. SonarQube supports many popular programming languages and offers different editions to suit the needs of small teams and large enterprises.
Who is SonarQube best for
SonarQube helps software development teams improve code quality and security. It integrates with your workflow to catch bugs, vulnerabilities, and code smells early. Users love its ability to identify hidden issues and seamless CI/CD integration but dislike its analysis speed for large projects and complex setup. SonarQube is best for teams prioritizing code quality and security.
-
Best for small to enterprise-level software teams.
-
Ideal for software development teams.
SonarQube features
| Supported SonarQube supports over 25 programming languages, including Java, JavaScript, C#, C++, Python, PHP, and more. |
| Supported SonarQube's deep code analysis goes beyond simple syntax checking to identify complex issues that can impact code maintainability, reliability, and security. |
| Supported SonarQube's security analysis helps developers proactively address potential risks by identifying vulnerabilities and security hotspots in their code. |
| Supported SonarQube allows users to define clear quality standards and ensure consistent code quality across projects using customizable quality gates and profiles. |
| Supported SonarQube integrates with version control systems to analyze branches and pull requests, providing early feedback on code quality and security. |
| Supported SonarQube offers comprehensive reporting and analytics features, allowing developers to gain insights into their code quality and security trends. |
| Supported SonarQube provides flexible deployment options, allowing users to deploy the server on-premises or in their preferred cloud environment. |
We evaluate the sentiment that users express about non-functional aspects of the software
Value and Pricing Transparency
Customer Service
Ease of Use
Reliability and Performance
Ease of Implementation
Scalability
SonarQube reviews
We've summarised 151 SonarQube reviews (SonarQube Capterra reviews and SonarQube G2 reviews) and summarised the main points below.
- Effectively identifies hidden bugs, security vulnerabilities, and code quality issues across multiple languages.
- Seamless integration with CI/CD pipelines allows for continuous quality monitoring.
- Detailed reports facilitate team improvement and codebase understanding.
- Customizable rules and plugins offer flexibility.
- Provides valuable code reviews and feedback, improving code quality and developer confidence.
- Slow analysis speed, especially for large projects, impacts workflow.
- Setup and configuration can be complex and time-consuming.
- Limited and costly Enterprise features, like parallel analysis.
- Some features, like reports API and SCA, could be more flexible.
SonarQube pricing
The commentary is based on 20 reviews from SonarQube Capterra reviews and SonarQube G2 reviews.
While SonarQube offers a free version, many users find the enterprise edition costly, especially for smaller teams. Some express concerns about licensing costs for specific languages or features like parallel analysis. However, others find the developer edition's pricing reasonable, considering its value for maintaining code quality.
Users sentiment
See the SonarQube pricing page.
SonarQube alternatives
CodacyHas slightly faster website traffic growth, but slower employee growth. Offers engineering performance monitoring via Codacy Pulse. Lacks official RHEL support and has limited C++ tool support. Users report slow analysis for large codebases and limited custom rule flexibility. A better SonarQube competitor for teams focused on DORA metrics.Read more
sonarqube vs CoverityMore focused on security flaws and coding errors. Known for speed and accuracy with large codebases. Has stronger website traffic growth momentum.Read more
CodigaBetter for sharing code snippets within teams and offers real-time feedback in IDEs. Users praise smart code completion. However, users mention limited language support and occasional issues with the plugin API.Read more
DeepSourceHas more momentum and offers automated code formatting and cleanup. Provides code coverage analysis and auto-fix features. However, it has more limited language support and setup can be difficult with some frameworks.Read more
sonarqube vs SnykBetter for securing open-source libraries, containers, and cloud infrastructure. More suitable for companies focused on cloud-native application security. Has slightly more momentum.Read more
sonarqube vs CheckmarxBetter for larger enterprises with dedicated security teams. Has faster website traffic growth momentum. More focused on security scanning across various areas, including cloud infrastructure and APIs.Read more
SonarQube FAQ
What is SonarQube and what does SonarQube do?
SonarQube is a code analysis platform that helps developers write cleaner and safer code. It detects bugs, vulnerabilities, and code smells in real-time, integrating with your workflow to provide continuous code quality monitoring and feedback. SonarQube supports various programming languages and helps improve codebase health.
How does SonarQube integrate with other tools?
SonarQube integrates seamlessly with popular CI/CD pipelines, allowing for continuous code quality monitoring. It also supports various IDEs and project management tools, enhancing developer workflows. Plugins extend functionality for diverse needs.
What the main competitors of SonarQube?
Top SonarQube alternatives include GitLab, GitHub, Codacy, and Jit. These platforms offer similar code analysis and security features, often with varying focuses on developer workflows, collaboration, and security automation. They cater to different team sizes and project needs.
Is SonarQube legit?
Yes, SonarQube is a legitimate and widely used platform for code quality and security analysis. It helps developers identify and fix bugs, vulnerabilities, and code smells, improving software quality and security. SonarQube is trusted by many development teams for its comprehensive analysis and integrations.
How much does SonarQube cost?
SonarQube offers a Community Edition, which is free and open-source. The commercial editions, Developer, Enterprise, and Data Center, have varying prices based on the number of lines of code analyzed. Contact SonarSource for pricing details.
Is SonarQube customer service good?
Customer reviews on SonarQube's customer service are mixed. While some users praise the helpful and responsive support, others express dissatisfaction, especially regarding the support for smaller clients or the resolution of major bugs. Some users mention prompt responses via email, while others find the support lacking for the price.
Reviewed by
Michal has worked at startups for many years and writes about topics relating to software selection and IT management. As a former consultant for Bain, a business advisory company, he also knows how to understand needs of any business and find solutions to its problems.
Tymon is a seasoned CTO who loves finding the perfect tools for any task. He recently headed up the tech department at Batmaid, a well-known Swiss company, where he managed about 60 software purchases, including CX, HR, Payroll, Marketing automation and various developer tools.