Skip to main content
TrustRadius: an HG Insights Company
SonarQube Server

SonarQube Server

Overview

What is SonarQube Server?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

Read more

Learn from top reviewers

Return to navigation

Pricing

View all pricing

Community

Free

On Premise

Developer EDITION

Starts at $160

On Premise
per year per installation

Enterprise EDITION

Starts at $21,000

On Premise
per year per installation

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.sonarsource.com/plans-and…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Starting price (does not include set up fee)

  • $160 per year per installation
Return to navigation

Product Demos

Understanding Issues with Multiple Locations

YouTube

SonarQube analysis with Jenkins

YouTube

GitHub: Block the Merge of a Pull Requests

YouTube
Return to navigation

Product Details

What is SonarQube Server?

SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating with DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of the release pipeline, displaying pass/fail results for new code based on quality profiles that can be customized to a company's standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production. At its core, SonarQube includes a static code analyzer that identifies bugs, security vulnerabilities, hidden secrets, and code smells. The platform guides the user through issue resolution, fostering a culture of continuous improvement. SonarQube’s reporting helps dev teams to monitor their codebase's overall health and quality across multiple projects in their portfolio. UltimatelySonarQube aims to enable users to achieve a state of Clean Code, leading to secure, reliable, and maintainable software.

SonarQube Server Screenshots

Screenshot of Application Status.Screenshot of Portfolio Overview.Screenshot of Taint Analysis.

SonarQube Server Competitors

SonarQube Server Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac, Cloud
Mobile ApplicationNo
Supported CountriesGlobal
Supported LanguagesCommunity localization plugins support several languages.

Frequently Asked Questions

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

SonarQube Server starts at $160.

Veracode, Checkmarx, and Fugue, part of Snyk are common alternatives for SonarQube Server.

The most common users of SonarQube Server are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

(1-5 of 35)

SonarQube Experience

Rating: 10 out of 10
August 26, 2024
Vetted Review
Verified User
SonarQube Server
6 years of experience
It is one of the components within the gateway to get products into production. We have over 700 projects and just over 20m lines of code.

We have been using it since 2018.

We focus currently on vulnerabilities with required gates and stepped options with temporary "get well plans". The more advanced teams are focusing on quality aspect and self-manage their maturity. But there is currently no hard lines for quality at this time except for team agreed upon minimum complexity and duplication standards on new code.

Regarding helm charts and kubernetes... this was long awaited and welcomed! Making our deployments easier. Concern was on testing and such, there was a mistep in the last 10.6.0 push which caused a slight concern, but SonarSource was very quick at getting 10.6.1 out and distributing the information.

The only other concern we had, that we hadn't experienced in that past (at least not like this), the change of JDKs at minor versions, scanners, linters, especially without backwards compatibility where pipelines must actively change from JDK 11 to JDK 17 might be tough for groups who have large amounts of pipelines. **Pipelines which support templates that inject SAST requirements help a bunch to reduce the scope of pipeline changes, but still caught us by surprise. This sort of change is expected at major versions, right... But still, very stable... this hiccup didn't sway our thoughts about the product overall.

We're still trying to figure out how we can reduce costs... although value is very tangible tangible to some, the significant overhead is often questioned. Prompts us into discussions that force decisions on which code bases to remove, even if temporarily, for code that is relatively static for long periods.

We really appreciate the engagement of the SonarSource Community site. We use it to stay informed and to get quick insights and responsive support. Great folks out there--appreciate them and the engagement and they represent SonarSource well.

SonarQube: Helper of Dev and organisation for better code quality and security practices.

Rating: 10 out of 10
January 20, 2023
AM
Vetted Review
Verified User
SonarQube Server
2 years of experience
As service based and product based organisation we are dealing with variety of products and projects so in order to maintain the Code Quality and also improve the coding structure by following the suggestions given by SonarQube Analysis and also checking the Code Coverage so we get to know that our code has fully passed through the Sonar Analysis. As a part of DevOps team we integrate SonarQube checks in CI(continuous integration part) so its an part of continuous code quality and we have also created custom Quality Gates in order to prevent the false or unimproved code from going into any environments.

Great Code Analysis Tool

Rating: 9 out of 10
January 18, 2023
GF
Vetted Review
Verified User
SonarQube Server
3 years of experience
It's always best to catch bugs and other code issues as soon as possible, especially when people from different teams and time zones touch the same code. While code reviews are obviously still necessary, SonarQube does filter the code seamlessly so that obvious issues are immediately detected and resolved. In some cases, there is customisation required for the general best practice rules and SonarQube accommodates this.
Return to navigation