SonarQube Server Reviews & Ratings 2025

Q: What are SonarQube Server's top competitors?

Veracode , Checkmarx , and Fugue, part of Snyk are common alternatives for SonarQube Server.

Starting at $160 per year per installation

Overview

What is SonarQube Server?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

SonarQube Experience

Rating: 10 out of 10

August 26, 2024

Vetted ReviewVerified User

It is one of the components within the gateway to get products into production. We have over 700 projects and just over 20m lines of code. We have been using it since 2018. ...

Verified user

Engineer

6 years of experience

Code Quality is a Must!

Rating: 9 out of 10

February 3, 2023

IncentivizedVetted ReviewVerified User

We use SonarQube as part of the CICD pipeline running on Azure DevOps. Mostly .Net projects, and currently integrating with react native.

Ariel Cabeza

Team Lead - Information Technology

Tech Lead

Andreani Grupo Logístico

4 years of experience

SonarQube, you don't need to search more!

Rating: 8 out of 10

January 26, 2023

IncentivizedVetted ReviewVerified User

It's used as a quality gate for software development in the feature implementation, as well as a security barrier for bugs and good practices enforcer.

Sérgio Cagica

Technician - Other

Software Engineer

diconium

3 years of experience

SonarQube: Helper of Dev and organisation for better code quality and security practices.

Rating: 10 out of 10

January 20, 2023

IncentivizedVetted ReviewVerified User

As service based and product based organisation we are dealing with variety of products and projects so in order to maintain the Code Quality and also improve the coding struc...

Aman Makwana

Engineer - Engineering

DevOps Engineer

Yudiz Solutions Pvt Ltd

2 years of experience

Great Code Analysis Tool

Rating: 9 out of 10

January 18, 2023

IncentivizedVetted ReviewVerified User

It's always best to catch bugs and other code issues as soon as possible, especially when people from different teams and time zones touch the same code. While code reviews ar...

Gabriel Freire

Engineer - Information Technology

Staff Network Software Engineer

Equinix

3 years of experience

Return to navigation

Pricing

View all pricing

Community

Free

On Premise

Developer EDITION

Starts at $160

On Premise

per year per installation

Enterprise EDITION

Starts at $21,000

On Premise

per year per installation

Entry-level set up fee?

No setup fee

For the latest information on pricing, visithttps://www.sonarsource.com/plans-and…

Offerings

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services

Starting price (does not include set up fee)

$160 per year per installation

Return to navigation

Product Demos

Understanding Issues with Multiple Locations

YouTube

SonarQube analysis with Jenkins

YouTube

GitHub: Block the Merge of a Pull Requests

YouTube

Return to navigation

Product Details

About
Integrations
Competitors
Tech Details
FAQs

What is SonarQube Server?

SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating with DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of the release pipeline, displaying pass/fail results for new code based on quality profiles that can be customized to a company's standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production. At its core, SonarQube includes a static code analyzer that identifies bugs, security vulnerabilities, hidden secrets, and code smells. The platform guides the user through issue resolution, fostering a culture of continuous improvement. SonarQube’s reporting helps dev teams to monitor their codebase's overall health and quality across multiple projects in their portfolio. UltimatelySonarQube aims to enable users to achieve a state of Clean Code, leading to secure, reliable, and maintainable software.

SonarQube Server Screenshots

SonarQube Server Integrations

SonarQube Server Competitors

SonarQube Server Technical Details

Deployment Types	On-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating Systems	Windows, Linux, Mac, Cloud
Mobile Application	No
Supported Countries	Global
Supported Languages	Community localization plugins support several languages.

Frequently Asked Questions

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

SonarQube Server starts at $160.

Veracode, Checkmarx, and Fugue, part of Snyk are common alternatives for SonarQube Server.

The most common users of SonarQube Server are from Enterprises (1,001+ employees).

Return to navigation

Comparisons

View all alternatives

Compare with

Reviews From Top Reviewers

View all reviews

(1-5 of 14)

Sort By *

Great tool to keep your code clean

Rating: 10 out of 10

Incentivized

April 30, 2021

Verified User

Engineer in Information Technology

Financial Services Company, 51-200 employees

Vetted Review

Verified User

3 years of experience

Use Cases and Deployment Scope

We use SonarQube to scan our code for vulnerabilities and code "smells." SonarQube is wired into our continuous integration software Jenkins, so it scans the code every time a build runs.

Pros

Finding security flaws.
Finding code that does not follow best practices and standards.
Looking for code coverage.

Cons

For code "smells" it would be nice to have different levels of issues.
It could be easier to define policies for different levels of code "smells."
Prioritize different types of code "smells."

Likelihood to Recommend

It should always be a part of the continuous integration. Our application is quite old and has a lot of code "smells" unfortunately. We make it a rule that if you are going to fix a problem, then you should fix the code issues found by Sonar in that part of the code also. Eventually we will have a much cleaner code base.

Quick and easy static analysis and bug detection

Rating: 9 out of 10

Incentivized

January 18, 2023

Verified User

Employee in Engineering

Computer Software Company, 1001-5000 employees

Vetted Review

Verified User

3 years of experience

Use Cases and Deployment Scope

Standardized scanning tools to make sure code doesn't use obvious code smells
Enfrocement of standardized naming conventions in code
Identification of potentially needlessly complicated code

Pros

Identify code smells
Low level bugs
Basic static analysis

Cons

Reports can take a bit of time
Custom rules can be a bit annoying to setup

Likelihood to Recommend

If you are looking for something that is reasonably simple and validates your code, this is the tool you are looking for. It works well and gives very helpful feedback, especially for more junior devs.

SonarQube, you don't need to search more!

Rating: 8 out of 10

Incentivized

January 26, 2023

Sérgio Cagica

Software Engineer

diconium (Program Development, 1-10 employees)

Vetted Review

Verified User

3 years of experience

View profile

Use Cases and Deployment Scope

It's used as a quality gate for software development in the feature implementation, as well as a security barrier for bugs and good practices enforcer.

Pros

Easily setup quality gate for code analysis and tests.
Quick reports for vulnerabilities and good practices.
Easy setup of vulnerabilities level requirements.

Cons

Credentials manager, like managing users, groups and permissions is complex.
UI for code review can be improved, feels old but is useful nonetheless.
The ticket management system can also be improved.

Likelihood to Recommend

Sonarqube does its job properly, it can improve in some points like usability and user experience, but in the end, it does everything you need well.

SonarQube: A great solution for code quality management and analysis

Rating: 10 out of 10

Incentivized

January 18, 2023

Verified User

Professional in Information Technology

Industrial Automation Company, 10,001+ employees

Vetted Review

Verified User

7 years of experience

Use Cases and Deployment Scope

The main business problem that SonarQube addresses is ensuing our software is of high quality and free of defects. We use SonarQube to identify and fix issues in our code during development and integration before they become a bigger problem, thus reducing the risk of costly bugs and vulnerabilities.

Common use cases for SonarQube include:

Identifying and fixing bugs and vulnerabilities in code
Improving code readability and maintainability
Increasing code coverage and testing
Measuring code quality and compliance with industry standards
Keeping track of technical debt

Pros

Detecting bugs and vulnerabilities: SonarQube can identify a wide range of bugs and vulnerabilities in code, such as null pointer exceptions, SQL injection, and cross-site scripting (XSS) attacks. It uses static analysis to analyze the code and identify potential issues, and it can also integrate with dynamic analysis tools to provide even more detailed analysis.
Measuring code quality: SonarQube can measure a wide range of code quality metrics, such as cyclomatic complexity, duplicated code, and code coverage. This can help teams understand the quality of their code and identify areas that need improvement.
Providing actionable insights: SonarQube provides detailed information about issues in the code, including the file and line number where the issue occurs and the severity of the issue. This makes it easy for developers to understand and address issues in the code.
Integrating with other tools: SonarQube can be integrated with a wide range of development tools and programming languages, such as Git, Maven, and Java. This allows teams to use SonarQube in their existing development workflow and take advantage of its powerful code analysis capabilities.
Managing technical debt: SonarQube provides metrics and insights on the technical debt on the codebase, enabling teams to better prioritize issues to improve the quality of the code.
Compliance with coding standards: SonarQube can check the code against industry standards like OWASP, CWE and more, making sure the code is compliant with security and coding standards.

Cons

Complexity of setup and configuration: SonarQube can be quite complex to set up and configure, especially for organizations that have a large codebase or use a variety of different programming languages. This can make it difficult for teams to get started with the tool and may require specialized expertise.
Limited support for certain languages: While SonarQube supports a wide range of programming languages, it may not have full support for some languages, particularly newer or less common languages. This can limit the tool's usefulness for teams that use these languages.
Lack of integration with certain development tools: While SonarQube can be integrated with a wide range of development tools, it may not have integration with certain IDEs or build tools. This can make it difficult for teams to use SonarQube in their existing development workflow.
False-positive and False-negative issues: As with any static code analysis tool, SonarQube can generate a number of false positives, where it reports an issue that is not actually a problem, or false negatives, where it fails to report an issue that is actually a problem. This can make it difficult for teams to trust the tool's analysis results and may require manual review.
Limited scalability: For large codebase, SonarQube's performance and scalability can be an issue. It may take longer for the analysis to finish and the results may not be as accurate.
Limited collaboration capabilities: While SonarQube allows teams to view and track code quality issues, it has limited capabilities to collaborate and discuss those issues.

Likelihood to Recommend

Scenarios where SonarQube is well suited:

Large codebase: The tool's static analysis capabilities can help teams quickly identify and fix bugs, vulnerabilities, and code smells in large codebases.
Compliance and security: The tool can check the code against industry standards or regulations, such as OWASP and CWE, and identify any issues that need to be addressed.
Agile development: SonarQube can be integrated with CI/CD pipelines allowing teams to continuously monitor and improve code quality throughout the development process.
Teams using multiple languages: Teams that use multiple programming languages can benefit from using SonarQube, as the tool supports a wide range of languages and can be integrated with a variety of development tools.

Scenarios where SonarQube may be less appropriate:

Small codebase: Organizations with a small codebase may not see the full benefits of using SonarQube, as the tool's static analysis capabilities may be overkill for a smaller codebase.
Limited resources: Organizations with limited resources may find it difficult to set up and configure SonarQube, as the tool can be complex and may require specialized expertise.
Limited integration: Organizations that use development tools or IDEs that are not supported by SonarQube may find it difficult to integrate the tool into their existing development workflow.
Limited scalability: Large organizations with millions of lines of code may find SonarQube's performance and scalability to be an issue. It may take longer for the analysis to finish and the results may not be as accurate.

SonarQube- A perfect QC for Reviewers

Rating: 9 out of 10

Incentivized

January 24, 2023

Sayam Jain

Software Architect

ReliableSoft Technologies Pvt. Ltd. - India (Information Technology & Services, 11-50 employees)

Vetted Review

Verified User

3 years of experience

View profile

Use Cases and Deployment Scope

We are a product based Company where we are using SonarQube to keep an eye on the Code quality of our all the projects. It really reduced the workload of the reviewers and helped a lot to improved our code quality and efficiency of the project. It helped us a lot where we can define our own set of rules in all the languages. It has helped us to identify the static code which reduced our deployment efforts.

Pros

You can set your own rules for almost all the languages
Most of the rules are already defined you just need to use them
It helps us on Security aspects too.
you can place a gate on Code coverage too.

Cons

UI part of reporting needs more improvement.
Simple tooltips can be there for the users to understand better instead of reading documents.
For report extraction in Excel or Pdf you need Enterprise version

Likelihood to Recommend

As we were having multiple projects in multiple languages to support our product, A team of 20 developers was working with the various level of experience. To maintain the code integrity and its Sanity SonarQube helped a lot to place the quality gates, Some of the rules were pre-defined and required very minor tweaking. It really made life easy for the reviewers as it supports multiple integration with gitlab, confluence and Jenkins.

Return to navigation

Community

Free

Developer EDITION

Starts at $160

Enterprise EDITION

Starts at $21,000

Understanding Issues with Multiple Locations

SonarQube analysis with Jenkins

GitHub: Block the Merge of a Pull Requests

S4 for Salesforce

Coverity Static Analysis (SAST)

Sentinel Source

ZAP by Checkmarx

Mend SAST

Reshift

Beyond Security beSOURCE

Brakeman Scanner

CodePatrol

Cons

Cons

Cons

Cons

Cons