TrustRadius Insights
SonarCloud has addressed several key business problems that users face when developing and testing code. By automating the process of code …
Starting at $10 per month
View PricingOverview
What is SonarCloud?
SonarCloud is a cloud based (SaaS) static code analysis solution that can be used by dev teams to ensure code quality and security. It helps produce software that is secure, reliable, and maintainable. SonarCloud is free for open-source projects and…
Recent Reviews
Leaving a review helps other professionals like you evaluate Static Code Analysis Tools
Be the first one in your network to review SonarCloud, and make your voice heard!
Get StartedPricing
Public Projects
Free
Cloud
Private Projects
Starting at 10 euros
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.sonarsource.com/plans-and…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Details
- About
- Integrations
- Competitors
- Tech Details
- Downloadables
What is SonarCloud?
SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security analysis as a service. SonarCloud integrates with popular version control and CI/CD platforms such as GitHub, Bitbucket, and Azure DevOps. It provides static code analysis to identify and help remediate issues such as bugs and security vulnerabilities. SonarCloud enables developers to receive immediate feedback on their code within their development environment, facilitating the maintenance of high-quality code standards, and promoting a culture of continuous improvement in software development projects. It helps produce software that is secure, reliable, and maintainable. SonarCloud is free for open-source projects and is offered as a paid subscription for private projects, priced per lines of code.
SonarCloud Features
- Supported: Automatic, zero-configuration, analysis with GitHub for many popular languages
- Supported: Authentication integration with GitHub, Azure DevOps, Bitbucket and GitLab
- Supported: Language Support: Supports more than 26 programming languages including Java, JavaScript, C#, and Python.
- Supported: Immediate access to new features and functionality
- Supported: Free open source code analysis
- Supported: Clear go/no-go Sonar Quality Gate - Fail pipelines when the code quality doesn’t meet defined requirements and prevent problems from being merged or deployed.
SonarCloud Screenshots
SonarCloud Video
Understanding Issues with Multiple Locations
SonarCloud Integrations
SonarCloud Competitors
SonarCloud Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
| Supported Languages | Community localization plugins support several languages. |
SonarCloud Downloadables
Comparisons
Compare with
Reviews
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
SonarCloud has addressed several key business problems that users face when developing and testing code. By automating the process of code validation, bug detection, and identifying security risks, SonarCloud has made testing code more efficient and bug-free. Users have experienced improved code quality, enhanced collaboration, and reduced risks and associated costs. This has resulted in a more enjoyable, productive, and rewarding coding experience.
One of the primary benefits of SonarCloud is its ability to remediate vulnerabilities, bugs, security hotspots, and code smells. Users have been able to improve code quality in each new release and meet security and vulnerability points for certifications. Additionally, SonarCloud integrates with CI/CD pipelines to make them 10 times faster by automating tasks previously executed by developers. This reduction in overhead has allowed developers to gain more control over their time without sacrificing code quality.
Furthermore, SonarCloud improves software quality and developers' skills by highlighting bugs, security hotspots, and providing guidance on how to correct them. It enables early integration and early code feedback by offloading the task of ensuring optimal unit test code coverage, code quality, and code smells. Integration with GitLab CI has also been valuable for teams as it allows for custom rule-based reports from the security team, preventing the deployment of buggy code.
Overall, SonarCloud has proven to be a valuable tool for optimizing and improving code quality. By providing checks for reliability, security, maintainability, and coverage, it helps users achieve better overall software quality. With its ability to automate tedious tasks and provide valuable insights into code weaknesses, SonarCloud saves time an
Top vulnerability and security tool: Reviewers have consistently praised SonarCloud as a top vulnerability and security tool, with multiple users highlighting its strong focus on security and compliance.
Effective code issue detection: Many reviewers have expressed their appreciation for SonarCloud's ability to detect bugs, vulnerabilities, code issues, and other quality problems in code. This feature has proven valuable in improving the overall code quality.
Seamless integration with CI/CD tools: The seamless integration of SonarCloud with various CI/CD tools like GitLab and GitHub has been highly valued by users. This integration allows for easy code quality and security checks in real-time using plugins, making it an indispensable tool for software engineering teams.
Complexity: Some users have found SonarCloud to be complex, making it more challenging to use and configure.
Limited runtime code flaw detection: Several users have mentioned that SonarCloud is not able to detect runtime code flaws effectively, expressing a desire for improvement in this area.
Slow setup and scanning for large projects: Setting up and initiating scanning using the agent can be slow, especially in very large projects, which has been highlighted by a number of users.