Skip to main content
TrustRadius
SonarQube Server

SonarQube Server

Overview

What is SonarQube Server?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

Read more

Learn from top reviewers

SonarQube Experience

Rating: 10 out of 10
August 26, 2024
Vetted ReviewVerified User
It is one of the components within the gateway to get products into production. We have over 700 projects and just over 20m lines of code. We have been using it since 2018. ...
Continue reading
Verified user
Engineer
SonarQube Server6 years of experience

Code Quality is a Must!

Rating: 9 out of 10
February 3, 2023
IncentivizedVetted ReviewVerified User
We use SonarQube as part of the CICD pipeline running on Azure DevOps. Mostly .Net projects, and currently integrating with react native.
Continue reading
Ariel Cabeza
Team Lead - Information Technology
Tech Lead
Andreani Grupo Logístico
SonarQube Server4 years of experience

SonarQube, you don't need to search more!

Rating: 8 out of 10
January 26, 2023
IncentivizedVetted ReviewVerified User
It's used as a quality gate for software development in the feature implementation, as well as a security barrier for bugs and good practices enforcer.
Continue reading
Sérgio Cagica
Technician - Other
Software Engineer
diconium
SonarQube Server3 years of experience

SonarQube: Helper of Dev and organisation for better code quality and security practices.

Rating: 10 out of 10
January 20, 2023
IncentivizedVetted ReviewVerified User
As service based and product based organisation we are dealing with variety of products and projects so in order to maintain the Code Quality and also improve the coding struc...
Continue reading
Aman Makwana
Engineer - Engineering
DevOps Engineer
Yudiz Solutions Pvt Ltd
SonarQube Server2 years of experience

Great Code Analysis Tool

Rating: 9 out of 10
January 18, 2023
IncentivizedVetted ReviewVerified User
It's always best to catch bugs and other code issues as soon as possible, especially when people from different teams and time zones touch the same code. While code reviews ar...
Continue reading
Gabriel Freire
Engineer - Information Technology
Staff Network Software Engineer
Equinix
SonarQube Server3 years of experience
Log in with LinkedIn to see content from your network
Return to navigation

Pricing

View all pricing

Community

Free

On Premise

Developer EDITION

Starts at $160

On Premise
per year per installation

Enterprise EDITION

Starts at $21,000

On Premise
per year per installation

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.sonarsource.com/plans-and…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Starting price (does not include set up fee)

  • $160 per year per installation
Return to navigation

Product Demos

Understanding Issues with Multiple Locations

YouTube

SonarQube analysis with Jenkins

YouTube

GitHub: Block the Merge of a Pull Requests

YouTube
Return to navigation

Product Details

What is SonarQube Server?

SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating with DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of the release pipeline, displaying pass/fail results for new code based on quality profiles that can be customized to a company's standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production. At its core, SonarQube includes a static code analyzer that identifies bugs, security vulnerabilities, hidden secrets, and code smells. The platform guides the user through issue resolution, fostering a culture of continuous improvement. SonarQube’s reporting helps dev teams to monitor their codebase's overall health and quality across multiple projects in their portfolio. UltimatelySonarQube aims to enable users to achieve a state of Clean Code, leading to secure, reliable, and maintainable software.

SonarQube Server Screenshots

Screenshot of Application Status.Screenshot of Portfolio Overview.Screenshot of Taint Analysis.

SonarQube Server Integrations

SonarQube Server Competitors

SonarQube Server Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac, Cloud
Mobile ApplicationNo
Supported CountriesGlobal
Supported LanguagesCommunity localization plugins support several languages.

Frequently Asked Questions

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

SonarQube Server starts at $160.

Veracode, Checkmarx, and Fugue, part of Snyk are common alternatives for SonarQube Server.

The most common users of SonarQube Server are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

View all reviews
(1-5 of 35)

Easy to use DevSecOps tool

Rating: 10 out of 10
Incentivized
January 19, 2023
PC
Prashant Chaudhari
Head of Engineering & Founding team member
Jombay (Information Technology & Services, 51-200 employees)
Vetted Review
Verified User
SonarQube Server
1 year of experience
View profile
Use Cases and Deployment Scope
We use SonarQube to scan our source code whenever we push changes to github. SonarQube helps in identifying code smells and security issues in the code with detailed explanation and intuitive reports.
Pros
  • code analysis
  • code smell detection
  • security issues with code
  • syntax highlighting for different languages
Cons
  • Setup steps can be explained a bit better
Likelihood to Recommend
Using docker, we were able to setup sonarqube and ran our first scan in about a day's time. It was quick to create different projects and linking source code to scan.
It clearly segregates issues under Reliability, Security and Maintainability buckets.
It also suggests solutions to fix issues with the code with up to date standards.

Easy to use DecSecOps application

Rating: 8 out of 10
Incentivized
January 20, 2023
Verified User
Engineer in Engineering
Renewables & Environment Company, 51-200 employees
Vetted Review
Verified User
SonarQube Server
1 year of experience
Use Cases and Deployment Scope
SonarQube is a freeware used for checking security vulnerabilities, inspection of automatic code quality checks and for CI/CD automation. In our organization we used this application as an integrated service plugin with Microsoft Azure's DevOps for CI/CD automation. It is very helpful application for inspection of applications developed using a variety of programming languages.
Pros
  • Automatic code analysis
  • Checking Security vulnerabilities
  • Easy integration with devops applications
Cons
  • Need more examples for different programming language codes
  • Better documentation
Likelihood to Recommend
Well suited:
- Easy to Integrate with different DevOps platforms for CI/CD automation
- To detect application security vulnerabilities
- For automation static code checks / analysis in order to detect bugs
- Can be used for variety of programming language applications
Improvement areas:
- Better documentation
- More programming language specific examples

Code Quality Improvements Made Easy

Rating: 8 out of 10
Incentivized
November 04, 2021
Verified User
Director in Corporate
Information Technology & Services Company, 11-50 employees
Vetted Review
Verified User
SonarQube Server
1 year of experience
Use Cases and Deployment Scope
We use SonarQube to check and ensure Java code quality as part of our development process. With built in suggestions for coding improvements the rate at which we produce and deploy quality code has been a game changer. Also, it works to train developers continuously helping to adhere to best practices.
Pros
  • Easy to Use
  • Code Quality Improvements
  • Code Suggestions
Cons
  • Lacks custom rule sets
  • Expensive
  • Smaller / Less active user community
Likelihood to Recommend
We only use SonarQube for Java development, so this review can't speak to its effectiveness for other programming languages, of which SonarQube has coverage for many. There are a plethora of CI/CD integrations, so chances are you can put in an automated code quality check in your process to squash bugs before they are deployed.

Quick and easy static analysis and bug detection

Rating: 9 out of 10
Incentivized
January 18, 2023
Verified User
Employee in Engineering
Computer Software Company, 1001-5000 employees
Vetted Review
Verified User
SonarQube Server
3 years of experience
Use Cases and Deployment Scope
  • Standardized scanning tools to make sure code doesn't use obvious code smells
  • Enfrocement of standardized naming conventions in code
  • Identification of potentially needlessly complicated code
Pros
  • Identify code smells
  • Low level bugs
  • Basic static analysis
Cons
  • Reports can take a bit of time
  • Custom rules can be a bit annoying to setup
Likelihood to Recommend
If you are looking for something that is reasonably simple and validates your code, this is the tool you are looking for. It works well and gives very helpful feedback, especially for more junior devs.

SonarQube to make your project secure

Rating: 8 out of 10
Incentivized
January 18, 2023
Verified User
Employee in Information Technology
Computer Software Company, 10,001+ employees
Vetted Review
Verified User
SonarQube Server
2 years of experience
Use Cases and Deployment Scope
We use Sonar in order to ensure our code is secure. We have used it on APIs and on our Frontend. We have also used the Sonar lint for Android. We have a plug in for our Jenkins account which will check our project code coverage etc in Sonar if this fails then our code cannot go live or merged into master
Pros
  • Code coverage
  • Shows potential fixes
  • Speed
Cons
  • Sometimes the messages can be long and for someone's first time seeing this it can be hard to find what to look for
  • Sometimes potential fixes are not available
  • Documentation on setting up with Jenkins was hard to follow at some parts
Likelihood to Recommend
I think having SonarQube in your project is a big bonus as it can spot small vulnerabilities that you might not think of. This also will improve your overall skill in coding securely. They also update regularly so that it can spot new vulnerabilities which may not be known. As package updates there can be more vulnerabilities deep in your project that you may not know about
Return to navigation