What TrustRadius Research Says
SonarQube Pricing 2022
One of the hardest parts of programming in the modern world is cyber security and stability. In the early days of software development, developers didn’t worry about hackers or writing “clean code.” Today if you want a quality application you need to get it right the first time. This means fewer errors, better debugging, and stronger security and monitoring. SonarQube is a powerful software that can help your dev teams stay on track and build high-end applications.
What Is SonarQube?
SonarQube is a computer software program designed to enhance your code quality and code security. DevOps, engineers, and information technology (IT) teams can use it for debugging source code as well as fixing vulnerabilities in individual lines of code (LOC). It can provide static analysis for popular programming languages like Python or Java.
SonarQube offers simple functionality for programmers, especially with their code quality metrics. In an intuitive interface with optimal ease of use, you can find noninvasive notifications that watch for bugs, vulnerabilities, and even code smells. Code smells are technically not a bug. They are an error in the code that does not prevent execution but will make the source code itself less clean, especially for edits.
You can also set up specific quality gates which are policies your team decides to ensure a specific level of overall quality. This will make all the LOC of each project more efficient and stable for future development and updates.
The absolute best feature of SonarQube is it's available completely free. Below is a full-length tutorial on how to install and configure SonarQube.
SonarQube Tutorial | Installing and Configuring SonarQube | What is SonarQube | Intellipaat
SonarQube comes in both free and paid versions.
Is SonarQube A Free Or Paid Software?
SonarQube is an open-source solution created by SonarSource. You might get confused with the pricing details for SonarSource’s paid subscriptions that include SonarQube as a feature. SonarQube itself is a readily available software and you can download the free version called the Community Edition here.
Special features of the Community Edition include bug tracking, application security, code analysis, and branch analysis. It’s easily integrated with other tools and applications and can be used with up to 29 programming languages (but only 17 for the Community Edition).
SonarSource also created sister open-source software for SonarQube called SonarLint and SonarCloud. SonarLint is an integrated development environment (IDE) for writing source code easier and faster.
The free version of SonarCloud is available for only open source projects, not private ones. You will need to sign up with a GitHub, GitLab, Bitbucket, or Azure DevOps account. You can find the download links for both programs on SonarSource’s main site here.
Open source software comes with an abundance of freedom, but also some challenges. Below is a quick review of the main pros and cons of using a program like SonarQube.
Open Source Software Pros
Open Source Software Cons
More freedom and control over data
Self-maintenance and management
Cost savings for your budget
Can sometimes offer less than a paid version
More transparency in the application
Can cost extra to run the application and store the data
The best part about open source solutions is there is no cost to try it, which makes it super accessible for a wide range of consumers. This means you can find a plethora of helpful user reviews about the software.
What Is The Paid Alternative To SonarQube?
The alternative to the open-source version of SonarCube includes the commercial editions and the business version of SonarCloud.
The paid editions are SonarSource packages. These packages include SonarQube as a feature, along with other premium features. This is also why the packages are so expensive.
The pricing model is based on usage. Usage takes into account per instance per year and the number of LOC. All plans only get customer support when you hit 30 million LOC.
Data Center Edition
When looking through the information between SonarQube’s website and SonarSource’s website it can get very confusing. Both sites offer different information about the paid packages. SonarQube offers no pricing information, and SonarSource has the pricing information, but both highlight different plan features.
The Developer Edition includes SonarQube, SonarLint, and only 24 of the 29 programming languages SOnarQube works with. It does allow users to use SOnarQube analysis for pull requests and taint analysis for monitoring user input. It’s also easier to integrate with other devops platforms like GitHub and GitLab.
The benefit with the developer version is less configuration and the option for paid SonarCloud hosting. In general, it's not all that much better to use the open source versions of SonarQube and SonarLint. If you’re a small team that’s perfectly fine with managing the software yourself then you may not need this upgrade.
For the Enterprise Edition you get all 29 languages, more pull request decoration features, more reporting and more security features like security engine customization. They recommend this version for larger enterprises that need security for their source code.
When it comes to the Data Center Edition, the main difference is data resilience and more scalability. This version offers better data availability for bigger teams.
Whether you not you go with the paid subscriptions or the open source version it comes down to your team's needs. Over 200,000 different companies enjoy the free version of SonarQube, but your team
End-User Reviews And Satisfaction
SonarQube’s end-user reviews have some very positive feedback. Users enjoy the performance and find the functionality to be as good as advertised. One customer even stated, “There's no other tool in the market that is as reliable and trustworthy than SonarQube for Static Analysis.” They did also note some negative issues like they wished the IDE integration was better and that there was more support for dynamic code analysis.
The main negative feedback tends to be the cost of paid tiers, the lack of support, and integration features not being up to par sometimes. There were also some complaints concerning the fact you need Java to run the local versions and some problems with issue tracking. A user that gave SonarQube a 10/10 still reported they found that “It could be easier to define policies for different levels of code smells.”
We recommend you look through the specific details in user reviews because some complaints and praise may apply directly to your needs. When it comes to SonarQube, we highly encourage you to try out the open source version first because the paid tiers are almost regrettably expensive according to users.
If you want to see software that is similar to SonarQube, we have quite a few helpful product lists. The related software includes DevSecOps, static code analysis, and static application security testing (SAST) tools.
For those that have used any of the platforms discussed here please leave a review to help other buyers make informed decisions.