SonarQube Cloud provides vulnerability discovery, security hotspots detection, and continuous code analysis. Integrating with CI/CD tools, it enhances code quality, supporting mono and microservices. Users appreciate its user-friendly interface and success in reducing false positives.
| Product | Market Share (%) |
|---|---|
| SonarQube Cloud (formerly SonarCloud) | 4.3% |
| SonarQube Server (formerly SonarQube) | 18.6% |
| Checkmarx One | 10.0% |
| Other | 67.1% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Static Application Security Testing (SAST) | Nov 3, 2025 | Download |
| Product | Reviews, tips, and advice from real users | Nov 3, 2025 | Download |
| Comparison | SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube) | Nov 3, 2025 | Download |
| Comparison | SonarQube Cloud (formerly SonarCloud) vs Veracode | Nov 3, 2025 | Download |
| Comparison | SonarQube Cloud (formerly SonarCloud) vs GitGuardian Platform | Nov 3, 2025 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| SonarQube Server (formerly SonarQube) | 4.0 | 18.6% | 81% | 117 interviewsAdd to research |
| Snyk | 4.0 | 5.4% | 100% | 49 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 3 |
| Large Enterprise | 4 |
| Company Size | Count |
|---|---|
| Small Business | 266 |
| Midsize Enterprise | 204 |
| Large Enterprise | 577 |
SonarQube Cloud stands out for its ability to uncover vulnerabilities and detect security hotspots while offering continuous code analysis. Its seamless integration with CI/CD tools allows for real-time code quality assessments. The platform's support for both mono and microservices ensures comprehensive insights into technical debt and code quality metrics. Users value its ease of integration and efficient bug detection capabilities. Although facing challenges with integration and container testing, SonarQube Cloud provides valuable feedback, helping to enhance security posture and code quality.
What Are SonarQube Cloud's Key Features?In industries focused on maintaining high code quality and security standards, SonarQube Cloud is frequently implemented within CI/CD pipelines. By providing continuous feedback on code vulnerabilities and quality issues at the pull request level, it supports teams in meeting quality gates. This consistent focus on quality ensures that code adheres to industry standards, enhancing overall development efforts.
| Author info | Rating | Review Summary |
|---|---|---|
| Security Analyst at Dover Corporation | 4.0 | I use SonarQube Cloud daily on Microsoft Azure for security checks, finding it user-friendly with precise reports and easy CI/CD integration. It saves time, offers detailed code insights, but could improve UI and provide more elaborate solutions for CVEs. |
| CEO at a computer software company with 1-10 employees | 3.5 | I primarily use SonarQube Cloud for static code analysis because it's easy to integrate and use. However, it needs improved vulnerability detection compared to Veracode, which I find more complex but with better capabilities. I haven't calculated ROI yet. |
| Architect at sigpsc inc | 4.5 | I use SonarQube Cloud for scanning code quality and identifying vulnerabilities, noting its excellent integration into YAML pipelines. However, I find it lacks in covering vulnerabilities, static scanning, and misarchitecture comprehensively, and it caters more to larger clients. |
| consultant at a computer software company with 1,001-5,000 employees | 4.0 | I use SonarQube Cloud for code inspection, managing technical debt, and identifying security vulnerabilities. Its integration with CI/CD tools is invaluable, though it lacks dynamic code scanning. The interface is superior, and it's a great fit for several languages and platforms. |
| DevOps Lead at CODVO | 3.5 | I use SonarQube Cloud for code analysis in CI/CD pipelines to track vulnerabilities and code quality, though it lacks features like DAST and auto-ticketing, and some useful functionalities now require a paid version. |
| Software Quality Coordinator at a retailer with 10,001+ employees | 4.0 | We use SonarCloud integrated into our pipeline to ensure code quality and detect security issues as a quality gate. While it meets our needs, it lacks reporting features. We're considering Veracode as an alternative due to increasing costs. |
| Devops Architect at a tech vendor with 51-200 employees | 4.5 | I use SonarQube Cloud mainly for code quality checks through quality gates in our pipeline. It reliably identifies bugs, suggests fixes, and has improved our code and team skills. Overall, it's stable, scalable, and support is helpful. |
| Cloud Engineer | Solution Architect at Respond.io | 4.5 | SonarQube Cloud is our primary tool for static code analysis, excelling in security and code optimization. The recent support for mono reports enhances service assessments, though setup and documentation could improve. Its all-in-one capability and positive ROI are notable. |
