SonarQube

SonarQube

Top Rated
About TrustRadius Scoring
Score 8.2 out of 100
Top Rated
SonarQube

Overview

Recent Reviews

Code scanning for developers

9 out of 10
April 30, 2021
Our organization has a dedicated static security scanning tools we run against our code to check for vulnerabilities. While the security …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of SonarQube, and make your voice heard!

Return to navigation

Pricing

View all pricing

Community

Free

On Premise

Developer EDITION

Starts at $150

On Premise
100,000 Lines of Code

Enterprise EDITION

Starts at $20,000

On Premise
1 Million Lines of Code

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.sonarsource.com/plans-and…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services
Return to navigation

Features Scorecard

No scorecards have been submitted for this product yet..
Return to navigation

Product Details

What is SonarQube?

SonarQube is a tool for continuously inspecting Code Quality and Code Security, and guiding development teams during code reviews. SonarQube provides remediation guidance for 27 languages so developers can understand and fix issues, and so teams can deliver better and safer software. SonarQube integrates into the user's workflow to provide the right feedback at the right time: in-IDE with SonarLint, in pull requests, and in SonarQube itself. Boasting over 225,000 deployments helping small development teams and global organizations, SonarQube provides a means for teams and companies around the world to own and impact their Code Quality and Code Security.

SonarQube Features

  • Supported: Code Quality and Code Security
  • Supported: Developer workflow integration
  • Supported: Deep support for the Clean as You Code methodology

SonarQube Integrations

  • GitLab
  • Bitbucket
  • ALM Integration available for GitHub
  • Azure DevOps - self-managed & in-cloud
  • CI integrations with: Jenkins
  • GitHub Actions
  • GitLab CI
  • Bitbucket Pipelines
  • Azure DevOps Pipelines
  • SCM integrations with: Git
  • Subversion
  • Authentication integrations with: GitHub
  • LDAP
  • SAML
  • HTTP headers

SonarQube Competitors

SonarQube Technical Details

Deployment TypesOn-premise, SaaS
Operating SystemsWindows, Linux, Mac, Cloud
Mobile ApplicationNo
Supported CountriesGlobal
Supported LanguagesCommunity localization plugins support several languages.

Frequently Asked Questions

SonarQube (formerly Sonar) is an open source application security solution.

Veracode, Checkmarx, and Snyk are common alternatives for SonarQube.

The most common users of SonarQube are Enterprises (1,001+ employees) from the Information Technology & Services industry.
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

 (60)

Ratings

Reviews

(1-15 of 15)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use SonarQube in our project to basically calculate the code quality report mostly, in that report we test for the bugs, vulnerabilities, code smells, code issues, criticals, blockers, major & minor issues, and also calculate the code coverage of junits. We also set the quality profile which contains the rules which we set according to the rules we follow in our project and on that basis, we generate the junit coverage report.

One business problem I mostly faced was that if we had run the server once, and tried to run it again if we closed it, then it does not run and closes automatically. To run the server again we have to restart the system, then only it works, so those issues can be resolved.

The scope of my case is to generate the code quality report for the codebase in our project according to the custom quality profile we add in SonarQube.
Debobrata Bose | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
SonarQube is being used in my organization as an Static Application Security tool which will detect the security issues in code and will try to fix the vulnerabilities that compromises the app. It is being currently used in all the projects in my department.
It being used in our Azure devops Continuous Integration pipeline to identify the vulnerabilities in code and provides detailed issue descriptions and code highlights that explain why your code is at risk.
Daniel Anjos | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
SonarQube is used as part of the build process (Continuous Integration and Continuous Delivery) in all Java services to ensure a high quality of code and remove bugs that can be found during static analysis. The whole engineering organisation is using it, and it solves the problem of low quality code reaching to production and causing bugs and incidents due to poor reviews. With Sonar we are able to quickly identify if a new change will introduce issues in Production before it is merged and deployed. It also helps identify issues with legacy code and improve code quality in existing services, by providing solutions to known problems. I would definitively recommend Sonar to any Software Engineering company, either using Java or C++ or any other supported language.
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use SonarQube to check and ensure Java code quality as part of our development process. With built in suggestions for coding improvements the rate at which we produce and deploy quality code has been a game changer. Also, it works to train developers continuously helping to adhere to best practices.
Sharique Khan | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
SonarQube is the static security code analysis tool used in the organization. It is integrated with Continuous Integration pipelines of multiple product lines including legacy and modern applications. It has been implemented with TeamCity, Azure DevOps and VSTS CI/CD tools. Its purpose is to ensure the builds are of the highest quality and free of security vulnerabilities.
Prathamesh Sawant | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
SonarQube is currently used in silos in our organizations. One of our departments is using it full-time for all their code repositories whereas in the other department we are slowly ramping up from a POC to full-blown organization-wide usage. For us it solves the problems of Code quality, figuring out static code issues, bad coding practices, and mostly enabling toll-gating on our side to prevent bad code from making it to the production environments.
Arush Soel | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We are using it currently while building a .NET CI\CD pipeline for an automated analysis of our code quality and all the vulnerabilities by scanning our various repositories in Bitbucket version control and publishing our stacks for any kinds of bugs found and ensure the proper code coverage and make our projects more reliable
Score 9 out of 10
Vetted Review
Verified User
Review Source
Our organization has a dedicated static security scanning tools we run against our code to check for vulnerabilities. While the security team runs this, the development team is running Sonar Qube to track bugs, code quality, and and code.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Our development team uses SonarQube in our web applications during out continuous integration check-in process.

The business problem we had in the past was that we weren't folloiwng a standard deveopment process. SonarQube offered us the ability to see code smells and apply our own development standards. Our code has become more robust and resilient because SonarQube helps catch problems before they're checked in.
Score 8 out of 10
Vetted Review
Verified User
Review Source
Excellent static analysis tool for identifying potential issues with your code. Sonarqube is easily integrated with your CI/CD workflow, including a containerized version. Once implemented, it scans code every time we push it and reports back any issues that need to be addressed. Customization is available to fine tune the reports, identifying what's really important to you and your team.
Sanyam Jain | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use SonarQube for the coding standards we follow within the organization. Whatever be the output executable of the code, the quality of our work must be reflected in the code. How clean is it to debug and how easy to understand with other developers. Helps in highlighting the issues with Atlassian Unit testing products. Integration support is good.
Return to navigation