Top Rated
About TrustRadius Scoring
Score 8.2 out of 100
Top Rated


What is SonarQube?

SonarQube (formerly Sonar) is an open source application security solution.
Read more

Recent Reviews

Read all reviews


Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of SonarQube, and make your voice heard!

Return to navigation


View all pricing



On Premise

Developer EDITION

Starts at $150

On Premise
100,000 Lines of Code

Enterprise EDITION

Starts at $20,000

On Premise
1 Million Lines of Code

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visit…


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services
Return to navigation

Product Details

What is SonarQube?

SonarQube is a tool for continuously inspecting Code Quality and Code Security, and guiding development teams during code reviews. SonarQube provides remediation guidance for 27 languages so developers can understand and fix issues, and so teams can deliver better and safer software. SonarQube integrates into the user's workflow to provide the right feedback at the right time: in-IDE with SonarLint, in pull requests, and in SonarQube itself. Boasting over 225,000 deployments helping small development teams and global organizations, SonarQube provides a means for teams and companies around the world to own and impact their Code Quality and Code Security.

SonarQube Features

  • Supported: Code Quality and Code Security
  • Supported: Developer workflow integration
  • Supported: Deep support for the Clean as You Code methodology

SonarQube Integrations

  • GitLab
  • Bitbucket
  • ALM Integration available for GitHub
  • Azure DevOps - self-managed & in-cloud
  • CI integrations with: Jenkins
  • GitHub Actions
  • GitLab CI
  • Bitbucket Pipelines
  • Azure DevOps Pipelines
  • SCM integrations with: Git
  • Subversion
  • Authentication integrations with: GitHub
  • LDAP
  • SAML
  • HTTP headers

SonarQube Competitors

SonarQube Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac, Cloud
Mobile ApplicationNo
Supported CountriesGlobal
Supported LanguagesCommunity localization plugins support several languages.

Frequently Asked Questions

SonarQube (formerly Sonar) is an open source application security solution.

Veracode, Checkmarx, and Snyk are common alternatives for SonarQube.

The most common users of SonarQube are Enterprises (1,001+ employees) from the Information Technology & Services industry.
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings




(1-15 of 15)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
  • SonarQube made our code clean and efficient
  • SonarQube make our code short and avoid bad code practices
  • SonarQube restricts all the loopholes and vulnerabilities which can be used by hackers and for phishing attacks
  • SonarQube makes the code more secured
Score 8 out of 10
Vetted Review
Verified User
  • Using SonarQube allowed for the creation of code standards across a remote development team
  • Suggestions show you how you might want to fix an issue
  • Our third party application security review didn't find any flaws in our code, savings days of code review and refactoring
October 14, 2021

SonarQube wins!

Score 8 out of 10
Vetted Review
Verified User
  • Increased confidence from developers when they build code
  • Code scan and results help mitigate issues at the earliest
  • Shift left approach for software development
Arush Soel | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
  • Our client is quite pleased with the demonstration of this tools
  • Our organisation is using a community edition right now but is planning to migrate to a enterprise version to use it commercially.
  • It is quite a costly tool but our organisation is willing to buy it for its enhanced features and security
Score 9 out of 10
Vetted Review
Verified User
  • Our business has shifted to do more business online. This in turn has placed more importance on writing solid business critical applications. SonarQube has forced all developers to write better code and to have better code coverage with unit tests.
  • A negative impact has been seen when SonarQube has been applied for the first time to existing applications. If an application did not have enough code coverage and SonarQube was added to the continuous integration process, a lot of time was needed to get code coverage high enough to allow code to be checked in. We only found that out during the check-in process. We thought we were done development during the check-in process but then found out that there wasn't enough code coverage and had to delay the feature launch.
Return to navigation