SonarQube

SonarQube

Top Rated
About TrustRadius Scoring
Score 8.2 out of 100
Top Rated
SonarQube

Overview

What is SonarQube?

SonarQube (formerly Sonar) is an open source application security solution.
Read more

Recent Reviews

Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of SonarQube, and make your voice heard!

Return to navigation

Pricing

View all pricing

Community

Free

On Premise

Developer EDITION

Starts at $150

On Premise
100,000 Lines of Code

Enterprise EDITION

Starts at $20,000

On Premise
1 Million Lines of Code

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.sonarsource.com/plans-and…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services
Return to navigation

Product Details

What is SonarQube?

SonarQube is a tool for continuously inspecting Code Quality and Code Security, and guiding development teams during code reviews. SonarQube provides remediation guidance for 27 languages so developers can understand and fix issues, and so teams can deliver better and safer software. SonarQube integrates into the user's workflow to provide the right feedback at the right time: in-IDE with SonarLint, in pull requests, and in SonarQube itself. Boasting over 225,000 deployments helping small development teams and global organizations, SonarQube provides a means for teams and companies around the world to own and impact their Code Quality and Code Security.

SonarQube Features

  • Supported: Code Quality and Code Security
  • Supported: Developer workflow integration
  • Supported: Deep support for the Clean as You Code methodology

SonarQube Integrations

  • GitLab
  • Bitbucket
  • ALM Integration available for GitHub
  • Azure DevOps - self-managed & in-cloud
  • CI integrations with: Jenkins
  • GitHub Actions
  • GitLab CI
  • Bitbucket Pipelines
  • Azure DevOps Pipelines
  • SCM integrations with: Git
  • Subversion
  • Authentication integrations with: GitHub
  • LDAP
  • SAML
  • HTTP headers

SonarQube Competitors

SonarQube Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac, Cloud
Mobile ApplicationNo
Supported CountriesGlobal
Supported LanguagesCommunity localization plugins support several languages.

Frequently Asked Questions

SonarQube (formerly Sonar) is an open source application security solution.

Veracode, Checkmarx, and Snyk are common alternatives for SonarQube.

The most common users of SonarQube are Enterprises (1,001+ employees) from the Information Technology & Services industry.
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

 (61)

Ratings

Reviews

(1-10 of 10)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
I have used other tools like SoapUI and Postman, but their working and use case are totally different from the SonarQube, so basically cannot compare SonarQube with them. We use SonarQube in our project to basically calculate the code quality report mostly. In that report, we test for the bugs, vulnerabilities, code smells, code issues, criticals, blockers, and major & minor issues and also calculate the code coverage of junits. But with the help of Postman, we send the API request to the server, and with SoapUI, we create the mock data in our local the create the server calls in our local.
Debobrata Bose | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
SonarQube is an open-source. It's a scalable product. The costs for this application, for the kind of job it does, are pretty descent. Pipeline scan is more secured in SonarQube. Its a very good tool and its support multiple languages. Its main core competency is of static code analysis and that is why SonarQube exists and it does it exceedingly well. The quality of scan on code convention, best practices, coding standards, unit test coverage etc makes them one of the best competent tool in the market
Daniel Anjos | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
I personally evaluated klocwork in a previous company and it worked well for Static Code Analysis for C++ applications but the Java support was not as good as SonarQube.

Also the overall tooling and integrations provided by SonarQube is stellar and very other competitors can provide such services and IDE integrations.

The output results from SonarQube tests can be easily read, including by other services for automation purposes, and creating reports for audits or other teams is nice and easy.
Prathamesh Sawant | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Codacy:
  1. Pros
    1. Code quality tests
    2. Code quality trending
    3. Security analysis
    4. Claims integrations with BitBucket, JIRA, Slack, although hard to find detail on their web page.
      1. https://www.codacy.com/products/bitbucket-code-review
      2. https://support.codacy.com/hc/en-us/sections/201760869-Integrations
  2. Cons
    1. Website is light on technical details
    2. Relatively new product from a small startup. https://www.crunchbase.com/organization/codacy
    3. No BitBucket code review integration
    4. $15/per user/per month, no free tier
WhiteSource
  1. Pros
    1. BitBucket code review integration.
    2. Open source license and vulnerability testing.
  2. Cons
    1. No code analysis, just open source dependency checking.
Arush Soel | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
SonarQube contains all of their features. Findbugs has very limited capabilities. It is just a static code analyser and does not check for a continous code quality and also not possible to integrate its plugin azure devops .net pipelines and more importantly SonarQube ui is quite user friendly and highlighted.
Score 9 out of 10
Vetted Review
Verified User
Sonar Qube doesn't do as good of a job of finding security vulnerabilities as dedicated SAST software, but it does more for code quality that the developers want to see. A comparison of Sonar Qube to something like Veracode or Fortify isn't apples to apples since they're not focused on the same things.
Score 9 out of 10
Vetted Review
Verified User
We found SonarQube right at the beginning of our research process and found that it met most of our needs. SonarQube fit very nicely into our TFS continuous integration process. We seamlessly integrated the SonarQube steps into our TFS process via the Microsoft Marketplace. Since this was such an easy integration process, we didn't need to look any further.
Score 8 out of 10
Vetted Review
Verified User
Gitlab, if you have the right license, ships with a static analysis tool. It integrates better with Gitlab, but didn't seem to have the same quality output that Sonarqube did. Sonarqube's community version is plenty suitable for day to day analysis operations.
Return to navigation