Bitbucket Server (formerly Stash) from Atlassian was a self-hosted source code management solution. The product is no longer available for sale, and support for existing licenses ended in 2024.
N/A
SonarQube
Score 8.1 out of 10
N/A
SonarQube is an automated code review solution, serving as the verification layer for code quality and SDLC security. SonarQube is used to ensure that code is secure, reliable, and maintainable. It is available through SaaS or self-managed deployment.
$0
Pricing
Bitbucket Server (discontinued)
SonarQube
Editions & Modules
No answers on this topic
Cloud-based: Free
$0
Self-managed: Developer
Starting at $720 annually
per year per installation
Self-managed: Enterprise
Contact sales for pricing
per year per installation
Cloud-based: Enterprise
Contact sales for pricing
per year per installation
Cloud-based: Teams
Starting at $32 per month
per month per installation
Self-managed: Data Center
Contact sales for pricing
per year per installation
Offerings
Pricing Offerings
Bitbucket Server (discontinued)
SonarQube
Free Trial
No
Yes
Free/Freemium Version
No
Yes
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Bitbucket Server (discontinued)
SonarQube
Considered Both Products
Bitbucket Server (discontinued)
Verified User
Engineer
Chose Bitbucket Server (discontinued)
We migrated several of our applications to BitBucket from legacy Team Foundation Server, and the experience has been significantly better. It's easy to use and plenty flexible. Other solutions such as GitHub are also good, but we needed to keep everything on-prem due to …
Bitbucket Server would be good to use if you are not extremely reliant on the availability of your code at any given moment. If you have other systems relying on the up status of Bitbucket Server that can cause problems if unable to reach it -- you might consider going with a different product
SonarQube is excellent if you start using it at the beginning when developing a new system, in this situation you will be able to fix things before they become spread and expensive to correct. It’s a bit less suitable to use on existing code with bad design as it’s usually too expensive to fix everything and only allows you to ensure the situation doesn’t get worse.
Detecting bugs and vulnerabilities: SonarQube can identify a wide range of bugs and vulnerabilities in code, such as null pointer exceptions, SQL injection, and cross-site scripting (XSS) attacks. It uses static analysis to analyze the code and identify potential issues, and it can also integrate with dynamic analysis tools to provide even more detailed analysis.
Measuring code quality: SonarQube can measure a wide range of code quality metrics, such as cyclomatic complexity, duplicated code, and code coverage. This can help teams understand the quality of their code and identify areas that need improvement.
Providing actionable insights: SonarQube provides detailed information about issues in the code, including the file and line number where the issue occurs and the severity of the issue. This makes it easy for developers to understand and address issues in the code.
Integrating with other tools: SonarQube can be integrated with a wide range of development tools and programming languages, such as Git, Maven, and Java. This allows teams to use SonarQube in their existing development workflow and take advantage of its powerful code analysis capabilities.
Managing technical debt: SonarQube provides metrics and insights on the technical debt on the codebase, enabling teams to better prioritize issues to improve the quality of the code.
Compliance with coding standards: SonarQube can check the code against industry standards like OWASP, CWE and more, making sure the code is compliant with security and coding standards.
Importing a new custom quality profile on SonarQube is a bit tricky, it can be made easier
Every second time when we want to rerun the server, we have to restart the whole system, otherwise, the server stops and closes automatically
When we generate a new report a second time and try to access the report, it shows details of the old report only and takes a lot of time to get updated with the details of the new and fresh report generated
The usability of its interface is pretty straight forward when it comes to creating projects and repositories, but when you have to dive into finer grained portions of the UI things can get tricky. If you are used to using tools like GitHub or Gitlab -- Bitbucket is just different enough to be a bother.
Never really needed any support as the application is very easy to set up and maintain. Any questions we had were well documented in their online documentation, and community forum.
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Stash was selected before I was at the company, but we're looking at these alternatives and actively considering switching. Stash seems to have all the necessary features we need to make it work, but it doesn't have any bells and whistles or extra special features that we can use to create more advanced integrations with other products like Jenkins or Amazon Web Services.
SonarQube is an open-source. It's a scalable product. The costs for this application, for the kind of job it does, are pretty descent. Pipeline scan is more secured in SonarQube. Its a very good tool and its support multiple languages. Its main core competency is of static code analysis and that is why SonarQube exists and it does it exceedingly well. The quality of scan on code convention, best practices, coding standards, unit test coverage etc makes them one of the best competent tool in the market
Stash has certainly improved the productivity of the team. We no longer have to use Shared Drive on network which is prone to hacks and errors to manage our code.
During the process of releases, the release engineering team can pull the latest and approved code from Stash and need not be dependent upon the availability of the developers during their non availability. It improves productivity and fastens the ETA for requests.
We have stayed on course for project deadlines since introduction of Stash and helps us achieve the goals of timely completion of projects.
Positive ROI from the standpoint of flagging several issues that would have otherwise likely been unaddressed and caused more time to be spent closer to launch
Slightly positive ROI from time-saving perspective (it's an automated check which is nice, but depending on the issues it finds, can take developers time to investigate and resolve)
