What users are saying about
1 Rating
Top Rated
61 Ratings
1 Rating
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 7 out of 100
Top Rated
61 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.2 out of 100

Attribute Ratings

  • SonarQube is rated higher in 1 area: Likelihood to Recommend

Likelihood to Recommend

7.0

Findbugs

70%
1 Rating
8.4

SonarQube

84%
15 Ratings

Support Rating

Findbugs

N/A
0 Ratings
9.0

SonarQube

90%
2 Ratings

Likelihood to Recommend

Open Source

Findbugs is best suited even when you want to adapt to certain coding conventions and discover possible bugs beforehand and it's best suited for the java open source. whether you are a developer or a DevOps engineer you can even use it as a plugin in your Jenkins pipeline or any other build automation server and your developer tool such as visual studio as well.
Read full review

SonarSource

SonarQube has a friendly UI that is easy to use and understand. The admin's control panel is very good and It's not really difficult to get through the settings. Its possible to build many rules that apply for each programming language, for example, .NET, and Java. You can easily set up rules and even with the community version. It's a great tool but you have to have a good project plan before being introduced to the tools. I would recommend using the SonarQube open-source version to get used to it before purchasing the license. Before we go with an enterprise product, we have to know the terms and how things are done to run software quality
Read full review

Pros

Open Source

  • Scan the code for existing bugs present
  • It can detect an vulnerabilities and also show possible bad warnings
  • Can help identify errors in advance to avoid code crash post deployment
Read full review

SonarSource

  • Generating code quality report
  • Calculates junit coverage of the codebase very efficiently and precisely
  • Highlights the bugs and vulnerabilities in our codebase
  • Informs the user of the improvements which can be done to the code to make it cleaner
  • SonarQube also suggests remediation and resolution of the problems it highlights
Read full review

Cons

Open Source

  • It’s documentation is not always up to date
  • Difficulty in finding a prper solution when an issue arises during its configuration
  • has limited features
Read full review

SonarSource

  • Local dashboard wont work without java installed on your machine
  • If talking about the local ui the configuration may be quite complex. Needs an experts advise
  • Its enterprise edition cost a fortune depending on a company size or users that may use it.
Read full review

Pricing Details

Findbugs

Starting Price

Editions & Modules

Findbugs editions and modules pricing
EditionModules

Footnotes

    Offerings

    Free Trial
    Free/Freemium Version
    Premium Consulting/Integration Services

    Entry-level set up fee?

    No setup fee

    Additional Details

    SonarQube

    Starting Price

    $0

    Editions & Modules

    SonarQube editions and modules pricing
    EditionModules
    CommunityFree1
    Developer EDITIONStarts at $1502
    Enterprise EDITIONStarts at $20,0003
    Data Center EDITIONStarts at $130,0004

    Footnotes

    1. none
    2. 100,000 Lines of Code
    3. 1 Million Lines of Code
    4. 20 Million Lines of Code

    Offerings

    Free Trial
    Free/Freemium Version
    Premium Consulting/Integration Services

    Entry-level set up fee?

    No setup fee

    Additional Details

    Support Rating

    Open Source

    No answers on this topic

    SonarSource

    We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
    Read full review

    Alternatives Considered

    Open Source

    Sonar cloud has its own cloud where all the code vulnerabilities are collected and stored as a whole whereas its a plugin that is used in a code itself but the cons is that SonarCloud needs a license if you want to use it privately and also requires personal access token authentication if used with an external service
    Read full review

    SonarSource

    I personally evaluated klocwork in a previous company and it worked well for Static Code Analysis for C++ applications but the Java support was not as good as SonarQube. Also the overall tooling and integrations provided by SonarQube is stellar and very other competitors can provide such services and IDE integrations. The output results from SonarQube tests can be easily read, including by other services for automation purposes, and creating reports for audits or other teams is nice and easy.
    Read full review

    Return on Investment

    Open Source

    • Its being used overall by most of the teams
    • Some of the teams migrating to another testing tool as it has limited features
    • Still recommend as its open source and beginners friendly
    Read full review

    SonarSource

    • Our client is quite pleased with the demonstration of this tools
    • Our organisation is using a community edition right now but is planning to migrate to a enterprise version to use it commercially.
    • It is quite a costly tool but our organisation is willing to buy it for its enhanced features and security
    Read full review

    Add comparison