Skip to main content
TrustRadius
SonarQube Server

SonarQube Server

Overview

What is SonarQube Server?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

Read more

Learn from top reviewers

SonarQube Experience

Rating: 10 out of 10
August 26, 2024
Vetted ReviewVerified User
It is one of the components within the gateway to get products into production. We have over 700 projects and just over 20m lines of code. We have been using it since 2018. ...
Continue reading
Verified user
Engineer
SonarQube Server6 years of experience

Code Quality is a Must!

Rating: 9 out of 10
February 3, 2023
IncentivizedVetted ReviewVerified User
We use SonarQube as part of the CICD pipeline running on Azure DevOps. Mostly .Net projects, and currently integrating with react native.
Continue reading
Ariel Cabeza
Team Lead - Information Technology
Tech Lead
Andreani Grupo Logístico
SonarQube Server4 years of experience

SonarQube, you don't need to search more!

Rating: 8 out of 10
January 26, 2023
IncentivizedVetted ReviewVerified User
It's used as a quality gate for software development in the feature implementation, as well as a security barrier for bugs and good practices enforcer.
Continue reading
Sérgio Cagica
Technician - Other
Software Engineer
diconium
SonarQube Server3 years of experience

SonarQube: Helper of Dev and organisation for better code quality and security practices.

Rating: 10 out of 10
January 20, 2023
IncentivizedVetted ReviewVerified User
As service based and product based organisation we are dealing with variety of products and projects so in order to maintain the Code Quality and also improve the coding struc...
Continue reading
Aman Makwana
Engineer - Engineering
DevOps Engineer
Yudiz Solutions Pvt Ltd
SonarQube Server2 years of experience

Great Code Analysis Tool

Rating: 9 out of 10
January 18, 2023
IncentivizedVetted ReviewVerified User
It's always best to catch bugs and other code issues as soon as possible, especially when people from different teams and time zones touch the same code. While code reviews ar...
Continue reading
Gabriel Freire
Engineer - Information Technology
Staff Network Software Engineer
Equinix
SonarQube Server3 years of experience
Log in with LinkedIn to see content from your network
Return to navigation

Pricing

View all pricing

Community

Free

On Premise

Developer EDITION

Starts at $160

On Premise
per year per installation

Enterprise EDITION

Starts at $21,000

On Premise
per year per installation

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.sonarsource.com/plans-and…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Starting price (does not include set up fee)

  • $160 per year per installation
Return to navigation

Product Demos

Understanding Issues with Multiple Locations

YouTube

SonarQube analysis with Jenkins

YouTube

GitHub: Block the Merge of a Pull Requests

YouTube
Return to navigation

Product Details

What is SonarQube Server?

SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating with DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of the release pipeline, displaying pass/fail results for new code based on quality profiles that can be customized to a company's standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production. At its core, SonarQube includes a static code analyzer that identifies bugs, security vulnerabilities, hidden secrets, and code smells. The platform guides the user through issue resolution, fostering a culture of continuous improvement. SonarQube’s reporting helps dev teams to monitor their codebase's overall health and quality across multiple projects in their portfolio. UltimatelySonarQube aims to enable users to achieve a state of Clean Code, leading to secure, reliable, and maintainable software.

SonarQube Server Screenshots

Screenshot of Application Status.Screenshot of Portfolio Overview.Screenshot of Taint Analysis.

SonarQube Server Integrations

SonarQube Server Competitors

SonarQube Server Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac, Cloud
Mobile ApplicationNo
Supported CountriesGlobal
Supported LanguagesCommunity localization plugins support several languages.

Frequently Asked Questions

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

SonarQube Server starts at $160.

Veracode, Checkmarx, and Fugue, part of Snyk are common alternatives for SonarQube Server.

The most common users of SonarQube Server are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

View all reviews
(1-5 of 18)

SonarQube review by a Hybris Developer

Rating: 8 out of 10
Incentivized
May 08, 2022
sj
shaurya jain
digital tech developer associate
Accenture (Information Technology & Services, 10,001+ employees)
Vetted Review
Verified User
SonarQube Server
1 year of experience
Use Cases and Deployment Scope
We use SonarQube in our project to basically calculate the code quality report mostly, in that report we test for the bugs, vulnerabilities, code smells, code issues, criticals, blockers, major & minor issues, and also calculate the code coverage of junits. We also set the quality profile which contains the rules which we set according to the rules we follow in our project and on that basis, we generate the junit coverage report.

One business problem I mostly faced was that if we had run the server once, and tried to run it again if we closed it, then it does not run and closes automatically. To run the server again we have to restart the system, then only it works, so those issues can be resolved.

The scope of my case is to generate the code quality report for the codebase in our project according to the custom quality profile we add in SonarQube.
Pros
  • Generating code quality report
  • Calculates junit coverage of the codebase very efficiently and precisely
  • Highlights the bugs and vulnerabilities in our codebase
  • Informs the user of the improvements which can be done to the code to make it cleaner
  • SonarQube also suggests remediation and resolution of the problems it highlights
Cons
  • Importing a new custom quality profile on SonarQube is a bit tricky, it can be made easier
  • Every second time when we want to rerun the server, we have to restart the whole system, otherwise, the server stops and closes automatically
  • When we generate a new report a second time and try to access the report, it shows details of the old report only and takes a lot of time to get updated with the details of the new and fresh report generated
Likelihood to Recommend

SonarQube - solid static code analysis tool

Rating: 7 out of 10
January 19, 2023
Verified User
Engineer in Research & Development
Biotechnology Company, 10,001+ employees
Vetted Review
Verified User
SonarQube Server
2 years of experience
Use Cases and Deployment Scope
We use SonarQube in the software department in our devOps pipeline to analyze source code for our application and provide metrics on issues that it identifies within the codebase. Basically we'll run SonarQube at various steps of code check ins and merges as one of many metricsto determine code quality and alert the teams to potential issues in recently checked in codde that may need to be triaged and addressed.
Pros
  • Works well with .Net
  • Has a nice extension that allows us to run it in our IDE (visual studio)
  • Is customizable in the sense that you can write your own rule set that you want SonarQube to analyze the code against
Cons
  • Often it finds errors that aren't really errors that have impact, takes a lot of time to sort through those cases
  • It's a good screener, but by no means can it catch all bugs or be the sole predictor of code quality, so the metrics that it provides need to be caveated when reporting to leadership, etc
Likelihood to Recommend
Overall it's a nice check to incorporate into the devOps pipeline as another sanity check on the code that's being checked in and the codebase in general. It's good as a supplemental tool, but not if an org is looking for a complete view into code quality or security. Basically SonarQube is able to give you some flagged issues to look into and a metric that reflects the number of issues with the code it identifies, but still requires developers to take a second look and adequately triage which of the SonarQube issues are high impact and need to be addressed.

Sonarqube is a worth static analysis tool

Rating: 8 out of 10
Incentivized
June 29, 2019
Verified User
Engineer in Engineering
Computer & Network Security Company, 1-10 employees
Vetted Review
Verified User
SonarQube Server
2 years of experience
Use Cases and Deployment Scope
Excellent static analysis tool for identifying potential issues with your code. Sonarqube is easily integrated with your CI/CD workflow, including a containerized version. Once implemented, it scans code every time we push it and reports back any issues that need to be addressed. Customization is available to fine tune the reports, identifying what's really important to you and your team.
Pros
  • Core competency of static analysis. This is why SonarQube exists and it does it exceedingly well.
  • Customized quality settings let you tailor the tool for your specific needs.
  • Support for many languages including C, C++, Python, and more.
Cons
  • Ability to set automated alerts. For instance, when code hasn't been scanned in a long period of time.
  • Tighter integration with issue tracking systems such as jira and Gitlab.
Likelihood to Recommend
Any modern-day CI/CD tool chain should include a static analyzer such as SonarQube. Using such a tool helps enhance the overall security of your application and helps train developers along the way. SonarQube does this exceedingly well and is lightweight enough to deploy quickly and easily. Definitely a great addition to your toolset.

Quick and easy static analysis and bug detection

Rating: 9 out of 10
Incentivized
January 18, 2023
Verified User
Employee in Engineering
Computer Software Company, 1001-5000 employees
Vetted Review
Verified User
SonarQube Server
3 years of experience
Use Cases and Deployment Scope
  • Standardized scanning tools to make sure code doesn't use obvious code smells
  • Enfrocement of standardized naming conventions in code
  • Identification of potentially needlessly complicated code
Pros
  • Identify code smells
  • Low level bugs
  • Basic static analysis
Cons
  • Reports can take a bit of time
  • Custom rules can be a bit annoying to setup
Likelihood to Recommend
If you are looking for something that is reasonably simple and validates your code, this is the tool you are looking for. It works well and gives very helpful feedback, especially for more junior devs.

Let the SonarQube guide your devs towards a better future.

Rating: 9 out of 10
Incentivized
January 19, 2023
Verified User
Engineer in Professional Services
Food & Beverages Company, 501-1000 employees
Vetted Review
Verified User
SonarQube Server
2 years of experience
Use Cases and Deployment Scope
We use SonarQube and SonarLint to improve our code and locate vulnerabilities. It helps our developers learn best practices and secure our code.
Pros
  • Gives advice on coding practices
  • Rates our code over time
  • Highlights worst offending code to make prioritization easier
  • Helps improve our code over time
Cons
  • Notifications based on findings needs a lot of work. Options are extremely basic so far.
  • Integration of Dependency Check is very basic and could use some UX love.
  • Making it easier to turn down the noise of problems so teams can focus on the highest priority first without getting bogged down.
Likelihood to Recommend
SonarQube is best at giving advice over a wide array of languages. It's ability to filter results by many facets is excellent.
Return to navigation