SonarQube

4.6 (61)
Write a Review!
SonarQube is a code quality and vulnerability solution.

About SonarQube

SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of your release pipeline, displaying pass/fail results for new code based on quality profiles you customize to your company standards.


Key benefits of SonarQube

-Self-managed deployment in the infrastructure of your choice
-Static Code Analysis to improve code quality and maintainability
-Static Application Security Testing (SAST)
-Scans all file types in the repository
-Secrets detection
-Clear go/no-go Sonar Quality Gates
-30+ languages, frameworks & IaC platforms
-High availability deployment with Data Center Edition
-Super-fast analysis
-Critical security rules for vital languages
-Comprehensive reporting capabilities with commercial editions
-Real-time coding guidance in the IDE with SonarLint (in connected mode)


Images

SonarQube Software - Application Status
SonarQube Software - Portfolio Overview
SonarQube Software - Security Report
View 7 more
SonarQube video
SonarQube video
SonarQube video
SonarQube video
SonarQube Software - Application Status
SonarQube Software - Portfolio Overview
SonarQube Software - Security Report

Not sure about SonarQube? Compare with a popular alternative

SonarQube

4.6 (61)
VS.

Starting Price

US$160.00
year
No pricing found

Pricing Options

Free version
Free trial
Free version
Free trial

Features

37
22

Integrations

4
11

Ease of Use

4.3 (61)
4.6 (41)

Value for Money

4.5 (61)
4.5 (41)

Customer Service

4.1 (61)
4.7 (41)
Green rating bars show the winning product based on the average rating and number of reviews.

Alternatives

GitGuardian

4.8
#1 Alternative to SonarQube
GitGuardian is helping developers and security teams secure software development with automated secrets detection &...

CAST Highlight

5
#2 Alternative to SonarQube
CAST Highlight is a SaaS product that provides rapid insights across a portfolio of applications.

Coverity

3.5
#3 Alternative to SonarQube
Coverity is a static application security testing (SAST) solution designed to help businesses manage risks across the...

CodeScan

4.8
#4 Alternative to SonarQube
For Salesforce DevOps teams, CodeScan helps businesses scan and analyze Salesforce codes, define quality and security...

Reviews

Overall rating

4.6 /5
(61)
Value for Money
4.5/5
Features
4.4/5
Ease of Use
4.3/5
Customer Support
4.1/5

Already have SonarQube?

Software buyers need your help! Product reviews help the rest of us make great decisions.

Showing 5 reviews of 61
Sachin
Sachin
Overall rating
  • Industry: Computer Software
  • Company size: 10,000+ Employees
  • Used Daily for 6-12 months
  • Review Source

Overall rating

  • Value for Money
  • Ease of Use
  • Customer Support
  • Likelihood to recommend 9.0 /10

Code Analysis and ensuing security against threats

Reviewed on 2022/05/23

Overall experience with Sonarqube is pretty wholesome integration came handy with my CI/CD tools...

Overall experience with Sonarqube is pretty wholesome integration came handy with my CI/CD tools such as Azure Devops and Jenkins. Provides insights against vulnerabilities and common threats so that necessary actions can be taken by developers to ensure the security and good coding practices to follow. Features like PR decoration allows to get results in CI/CD tools itself if passed then only commit happens to master branch.

Pros

Feature like Code Analysis and publishing those analysis report to end user. You can use default Quality Gates and Quality Profiles for scanning of your code. In case you want to modify these you can do that and define your own rule. Whenever there's commit in repo you just need to configure the task in your continuous integration pipeline if it passed the parameter only then commit will happens the master/main branch otherwise it will not. With these features you can eliminate the security threats and ensure that developers are following good practices while developing their code. I have integrated it with Azure DevOps.

Cons

Only thing which I can think can be improved is logging of events. Sometime it becomes hard to debug the issues. Other then that, I think over all this fulfills all the requirements.

Verified Reviewer
Overall rating
  • Industry: Information Technology & Services
  • Company size: 501–1,000 Employees
  • Used Daily for 1+ year
  • Review Source

Overall rating

  • Value for Money
  • Ease of Use
  • Customer Support
  • Likelihood to recommend 9.0 /10

Best Code Quality check Tool

Reviewed on 2022/08/25

We are really taking help of SonarQUbe in maintaining code quality. Doing code scanning on each ...

We are really taking help of SonarQUbe in maintaining code quality. Doing code scanning on each JIRA story completion. It also helps our developers to improve their code quality. Coding standards are better now. Reports are very useful.

Pros

1. Calculate the quality of code and also helps to improve the quality by providing the solution
2. Highlight the vulnerabilities , repetitive line of code
3. Developer Friendly tool as it provides recommendations on the line of code which needs an improvement.
4. Create Scan reports on demand
5. Option to add exception in code

Cons

1. Report Generation sometime take long time.
2. User Interface should be enhanced.
3. Lack custom rule set
4. As per cost, it is little bit expensive.

Alternatives Considered

Embold, Coverity and CodeScan

Reasons for Choosing SonarQube

SOnarQube is better in terms of quality percentage, provide more insights.

Switched From

Coverity
Yusmeidy
Overall rating
  • Industry: Telecommunications
  • Company size: 1,001–5,000 Employees
  • Used Daily for 2+ years
  • Review Source

Overall rating

  • Value for Money
  • Ease of Use
  • Customer Support
  • Likelihood to recommend 9.0 /10

Well defined by consistency and high operability

Reviewed on 2024/05/14

Brings quality and professionalism in the final results. It is an impressive tool.

Brings quality and professionalism in the final results. It is an impressive tool.

Pros

One of the outstanding values about SonarQube is the speed of analysis. It makes it easy to collaborate with other features to generate clean codes. I and my team had an easy time during deployment. It was quite easy to relate with our needs. Combining all this benefits leads to a consistent and reliable coding behavior.

Cons

Installation of the tool was troublesome. We were forced to buy a new device with higher processing speed to avoid the numerous rebooting. Later, deployment and use was smooth.

Chandramouli
Overall rating
  • Industry: Hospital & Health Care
  • Company size: 501–1,000 Employees
  • Used Daily for 6-12 months
  • Review Source

Overall rating

  • Value for Money
  • Ease of Use
  • Customer Support
  • Likelihood to recommend 7.0 /10

Great tool to drive Coding Quality standards

Reviewed on 2021/08/12

PR analysis and Integration with Bitbucket are most in avoiding the new issues.
The tool needs a...

PR analysis and Integration with Bitbucket are most in avoiding the new issues.
The tool needs a lot of improvements
1. Number of rules should be increased.
2. Few rules should have custom exclusions. Ex: Naming conventions => Organisation-specific words will be there which should be in Capital.
3. Generating a lot of false positives
4. Executive reports should generate based on scheduled triggers. We have 20 projects which are assigned to a Portfolio. if you are going to generate a report and send an email for the first portfolio calculation then the rest of the 19 projects info for that day will be missed. Higher management will think that the generated report is the latest but it is not.
5. PR analysis reports should be generated Quickly

Pros

PR analysis and Integration with Bitbucket are most helpful.

Cons

1. Number of rules should be increased.
2. Few rules should have custom exclusions. Ex: Naming conventions => Organisation-specific words will be there which should be in Capital.
3. Generating a lot of false positives
4. Executive reports should generate based on scheduled triggers. We have 20 projects which are assigned to a Portfolio. if you are going to generate a report and send an email for the first portfolio calculation then the rest of the 19 projects info for that day will be missed. Higher management will think that the generated report is the latest but it is not.
5. PR analysis reports should be generated Quickly

Response from SonarSource

Thank you for your review, Chandramouli. We appreciate your feedback, and invite you to join the SonarSource Community Forum.

SonarSource Community Forum: https://community.sonarsource.com/

Posting to the Forum will allow there to be transparency to the community, and allow our product managers & users to understand any issues you are facing.

To better assist you, please indicate what language(s), and how long the PR analysis is actually taking; as well as, examples of the false positives.

Thanks!

Kreasan
Overall rating
  • Industry: Construction
  • Company size: 10,000+ Employees
  • Used Weekly for 2+ years
  • Review Source

Overall rating

  • Value for Money
  • Ease of Use
  • Customer Support
  • Likelihood to recommend 10.0 /10

SonarQube delivers high code quality standards for every project

Reviewed on 2024/05/22

Vibrant customer service and interactive product demo. Their work is great and commendable.

Vibrant customer service and interactive product demo. Their work is great and commendable.

Pros

For a while, I used the SonarQube product demo which is great and interactive giving the best experience. The dashboard is easy to use since it is designed with a lot of clarity and motivation. While in use, SonarQube can detect and help remove secrets in code but at the same time offering security against any breaches. Dealing with security vulnerabilities in codes is now made possible. Lastly, there are clear security reports in PDF form which helps us to evaluate the risks on our systems.

Cons

It meets our quality and security expectations. No setbacks.

Showing 5 reviews of 61 Read all reviews

SonarQube FAQs

Below are some frequently asked questions for SonarQube.

SonarQube offers the following pricing plans:

  • Starting from: US$160.00/year
  • Pricing model: Free Version, Subscription
  • Free Trial: Available

SonaQube offers a free and open-source version, after which it is available across three paid plans based on the number of lines of codes. Details include: Community Edition - Free & open-source; Developer Edition - starts at $160; Enterprise Edition - starts at $21,000; Data Center Edition - starts at $136,000.

SonarQube has the following typical customers:

Self Employed, 2–10, 11–50, 51–200, 201–500, 501–1,000, 1,001–5,000

We do not have any information about what languages SonarQube supports

SonarQube supports the following devices:

SonarQube integrates with the following applications:

Bitbucket, GitHub, GitLab, Microsoft Azure

SonarQube offers the following support options:

Email/Help Desk, FAQs/Forum, Phone Support

Related categories

See all software categories found for SonarQube.