SonarQube Reviews & Ratings 2022

Q: What are SonarQube's top competitors?

Veracode , Checkmarx , and Snyk are common alternatives for SonarQube.

SonarQube

Starting at $150 100,000 Lines of Code

View Pricing

Overview

What is SonarQube?

SonarQube (formerly Sonar) is an open source application security solution.

SonarQube review by a Hybris Developer

8 out of 10

May 08, 2022

We use SonarQube in our project to basically calculate the code quality report mostly, in that report we test for the bugs, …

SonarQube, the best choice for a Static Code Analysis tool leveraging application security at large

7 out of 10

April 26, 2022

SonarQube is being used in my organization as an Static Application Security tool which will detect the security issues in code and will …

Using SonarQube professionally for more than 7 years and fully recommend it to any Software Engineer

10 out of 10

November 05, 2021

SonarQube is used as part of the build process (Continuous Integration and Continuous Delivery) in all Java services to ensure a high …

Code Quality Improvements Made Easy

8 out of 10

November 04, 2021

We use SonarQube to check and ensure Java code quality as part of our development process. With built in suggestions for coding …

SonarQube wins!

8 out of 10

October 14, 2021

Used across the organization for static code analysis.

An important tool to implement Secure SDLC practices

9 out of 10

September 22, 2021

SonarQube is the static security code analysis tool used in the organization. It is integrated with Continuous Integration pipelines of …

SonarQube: The go-to tool for code quality

8 out of 10

June 20, 2021

SonarQube is currently used in silos in our organizations. One of our departments is using it full-time for all their code repositories …

SAST Tools selection - SonarQube to the rescue

8 out of 10

May 20, 2021

We use [SonarQube] for static scans for all custom apps at JLL

Quality archway for projects

8 out of 10

May 03, 2021

We are using it currently while building a .NET CI\CD pipeline for an automated analysis of our code quality and all the vulnerabilities …

Code scanning for developers

9 out of 10

April 30, 2021

Our organization has a dedicated static security scanning tools we run against our code to check for vulnerabilities. While the security …

Great tool to keep your code clean

10 out of 10

April 30, 2021

We use SonarQube to scan our code for vulnerabilities and code "smells." SonarQube is wired into our continuous integration software …

Excellent tool for enforcing good coding practices and conventions

9 out of 10

February 26, 2020

Our development team uses SonarQube in our web applications during out continuous integration check-in process.

The business problem we had …

Sonarqube is a worth static analysis tool

8 out of 10

June 29, 2019

Excellent static analysis tool for identifying potential issues with your code. Sonarqube is easily integrated with your CI/CD workflow, …

SonarQube is the final solution for all your code quality checkups

7 out of 10

June 05, 2019

We use SonarQube for the coding standards we follow within the organization. Whatever be the output executable of the code, the quality of …

SonarQube : perfect SONAR for your code

8 out of 10

September 13, 2017

SobarQube is used by the whole department. We use it for code quality analysis and to check code coverage. Also we use it to know the code …

Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Top Rated

2022

Reviewer Pros & Cons

View all pros & cons

Informs the user of the improvements which can be done to the code to make it cleaner
Importing a new custom quality profile on SonarQube is a bit tricky, it can be made easier

shaurya jain

digital tech developer associate

Accenture (Information Technology & Services, 10,001+ employees)

Highlight suspicious code snippets that developers should review
The community version have some issues, example Integrating with Azure or Single Sign On

Debobrata Bose

Solution Architect

Danske IT and Support Services India Pvt Ltd (Financial Services, 10,001+ employees)

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of SonarQube, and make your voice heard!

Record a review

Return to navigation

Pricing

View all pricing

Community

Free

On Premise

Developer EDITION

Starts at $150

On Premise

100,000 Lines of Code

Enterprise EDITION

Starts at $20,000

On Premise

1 Million Lines of Code

Entry-level set up fee?

No setup fee

For the latest information on pricing, visithttps://www.sonarsource.com/plans-and…

Offerings

Free Trial
Free/Freemium Version
Premium Consulting / Integration Services

Return to navigation

Product Details

What is SonarQube?

SonarQube is a tool for continuously inspecting Code Quality and Code Security, and guiding development teams during code reviews. SonarQube provides remediation guidance for 27 languages so developers can understand and fix issues, and so teams can deliver better and safer software. SonarQube integrates into the user's workflow to provide the right feedback at the right time: in-IDE with SonarLint, in pull requests, and in SonarQube itself. Boasting over 225,000 deployments helping small development teams and global organizations, SonarQube provides a means for teams and companies around the world to own and impact their Code Quality and Code Security.

SonarQube Features

Supported: Code Quality and Code Security
Supported: Developer workflow integration
Supported: Deep support for the Clean as You Code methodology

SonarQube Integrations

GitLab
Bitbucket
ALM Integration available for GitHub
Azure DevOps - self-managed & in-cloud
CI integrations with: Jenkins
GitHub Actions
GitLab CI
Bitbucket Pipelines
Azure DevOps Pipelines
SCM integrations with: Git
Subversion
Authentication integrations with: GitHub
LDAP
SAML
HTTP headers

SonarQube Competitors

SonarQube Technical Details

Deployment Types	On-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating Systems	Windows, Linux, Mac, Cloud
Mobile Application	No
Supported Countries	Global
Supported Languages	Community localization plugins support several languages.

Frequently Asked Questions

SonarQube (formerly Sonar) is an open source application security solution.

Veracode, Checkmarx, and Snyk are common alternatives for SonarQube.

The most common users of SonarQube are Enterprises (1,001+ employees) from the Information Technology & Services industry.

Return to navigation

Comparisons

View all alternatives

Compare with

Reviews and Ratings

(61)

Ratings

Support Rating (2)
9.0
90%

Reviews

(1-11 of 11)

Sort by

Popular Filters

Companies can't remove reviews or game the system. Here's why

May 08, 2022

SonarQube review by a Hybris Developer

shaurya jain

digital tech developer associate

Accenture (Information Technology & Services, 10,001+ employees)

Score 8 out of 10

Vetted Review

Verified User

Most Important Features

For our organisation, the most important feature is to generate the code quality report
We also use it for calculating the junit coverage of the total code base along with the new codebase added
It also helps in highlighting the faults and errors like bugs, vulnerabilities, code smells, etc

April 26, 2022

SonarQube, the best choice for a Static Code Analysis tool leveraging application security at large

Debobrata Bose

Solution Architect

Danske IT and Support Services India Pvt Ltd (Financial Services, 10,001+ employees)

Score 7 out of 10

Vetted Review

Verified User

Most Important Features

Jenkins, Bitbucket, Gradle and Travis CI etc are some of the popular tools that integrate with SonarQube i.e. CI-CD Integrations
Getting feedback during code review
Identify Technical Debts
Identify and fix application vulnerabilities in code

November 05, 2021

Using SonarQube professionally for more than 7 years and fully recommend it to any Software Engineer

Daniel Anjos

Product Design/Development Engineer

Transferwise (Financial Services, 1001-5000 employees)

Score 10 out of 10

Vetted Review

Verified User

Most Important Features

Automatic Quality Gate
Static Code Analysis
Security and Vulnerabilities scan

November 04, 2021

Code Quality Improvements Made Easy

Verified User

Director in Corporate

Information Technology & Services Company, 11-50 employees

Score 8 out of 10

Vetted Review

Verified User

Most Important Features

Code Quality Checks
CI / CD Integration
IDE Integration

October 14, 2021

SonarQube wins!

Verified User

Team Lead in Information Technology

Information Technology & Services Company, 10,001+ employees

Score 8 out of 10

Vetted Review

Verified User

Most Important Features

Static code analysis
Ease of set up
Ease of integration with SSO
Easy plugins to integrate with azure devops

September 22, 2021

An important tool to implement Secure SDLC practices

Sharique Khan

DevOps Engineering Manager

Varian, A Siemens Healthineers Company (Hospital & Health Care, 5001-10,000 employees)

Score 9 out of 10

Vetted Review

Verified User

Most Important Features

Security Ruleset
Ease of integration with CI CD tools
Intelligent Reporting

June 20, 2021

SonarQube: The go-to tool for code quality

Prathamesh Sawant

Senior Software Engineer

Boku Inc (Information Technology & Services, 201-500 employees)

Score 8 out of 10

Vetted Review

Verified User

Most Important Features

Code quality determination.
Ease of integration with Jenkins CI/CD.
Integration with Github and code review process.

May 20, 2021

SAST Tools selection - SonarQube to the rescue

Kirti Thakkar

Devops Manager

JLL (Real Estate, 10,001+ employees)

Score 8 out of 10

Vetted Review

Verified User

Most Important Features

Cloud setup
Run scans on demand
Integrate scans with builds

May 03, 2021

Quality archway for projects

Arush Soel

DevOps Engineer

Bebo Technologies Pvt Ltd (Computer Software, 501-1000 employees)

Score 8 out of 10

Vetted Review

Verified User

Most Important Features

We are currently using its community edition in our internal projects
Apart from that we use its plugin in our azure devops pipeline to maintain our repository’s code quality
Its bug spotting feature is also used by our organisation from time to time

April 30, 2021

Code scanning for developers

Verified User

Employee in Information Technology

Insurance Company, 1001-5000 employees

Score 9 out of 10

Vetted Review

Verified User

Most Important Features

Code coverage metrics.
Grades for applications.
Code duplication metrics.

April 30, 2021

Great tool to keep your code clean

Verified User

Engineer in Information Technology

Financial Services Company, 51-200 employees

Score 10 out of 10

Vetted Review

Verified User

Most Important Features

Security is number one for sure.
Code duplication.
Code cleanup.

Return to navigation

Community

Free

Developer EDITION

Starts at $150

Enterprise EDITION

Starts at $20,000

Entry-level set up fee?

Offerings

Checkmarx

Veracode

Snyk

SonarLint

ReSharper

GitLab

Codacy

Findbugs

Selenium