SonarQube Server (formerly SonarQube) Reviews

Name: SonarQube Server (formerly SonarQube)
Brand: Sonar
Rating: 4.0 (117 reviews)

Vendor: Sonar

4.0 out of 5

117 reviews
81% willing to recommend

What is SonarQube Server (formerly SonarQube)?

SonarQube Server aids in enhancing code quality and security for development teams by providing extensive programming language support, customizable quality gates, and integration with CI/CD pipelines.

Get the SonarQube Server (formerly SonarQube) Buyer's Guide and find out what your peers are saying about SonarQube Server (formerly SonarQube), Snyk, GitLab and more!

SonarQube Server (formerly SonarQube) is the #1 ranked solution in application security solutions, AST tools, and top Software Development Analytics solutions. PeerSpot users give SonarQube Server (formerly SonarQube) an average rating of 8.0 out of 10. SonarQube Server (formerly SonarQube) is most commonly compared to Snyk: SonarQube Server (formerly SonarQube) vs Snyk. SonarQube Server (formerly SonarQube) is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 15% of all views.

Buyer's Guide

SonarQube Server (formerly SonarQube)

October 2025

Get the report

Helped 872,846 peers since 2012

Featured SonarQube Server (formerly SonarQube) reviews

Sthembiso Zondi

Head of Software Engineering at ronaldmariah@gmail.com

The features of SonarQube Server (formerly SonarQube) that I find most useful are the suggestions received from reviewing the code. When they review the code, they provide suggestions on how to fix it, and we find those very useful from a development perspective. We use SonarQube Server's (formerly SonarQube) centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve. We use that for organizational improvement purposes. The ability to tailor metrics tracking in SonarQube Server (formerly SonarQube) has been beneficial to my team. There are team-specific dashboards which are related to specific repositories they utilize, and we have that aggregative dashboard that shows the whole organization's performance. We can drill down per specific repository, which makes it easier for the team to improve specific things.

Read full review

Sathyamurthi Natarajan

IT Officer (Solution Architect) at World Bank

SonarQube Server (formerly SonarQube) could be improved on the reporting front. Instead of grouping, I would prefer to scan the code as part of development and then generate a report on a daily basis among different units or projects, which is currently complicated. We need to change it to more of a portfolio report, where configuring or setting up things on the portfolio requires tagging at the ADO level.

Read full review

Jaile Sebes

Senior Software Architect at Siemens Industry

I integrate SonarQube into my CI/CD pipeline by running it during the build process for static code analysis. Once the analysis is complete, the results are sent to the dashboard for easy monitoring and tracking of code quality. Using SonarQube for security vulnerability detection offers several benefits such as comprehensive security rule coverage and integration with the dashboard for easy monitoring. Additionally, SonarQube provides features like password handling, eliminating the need for separate tools and enhancing overall code security. SonarQube handles false positives during code analysis by allowing teams to review and exclude them, especially in long-term projects where patterns are familiar. While false positives may occur, experienced teams can easily identify and manage them, ensuring accurate analysis results. For software development, especially in Java-based environments, I highly recommend using SonarQube due to its effectiveness in ensuring code quality and minimizing potential issues. While there are free tools available, SonarQube's comprehensive support for various languages and its benefits make it a valuable choice for developers. Overall, I would rate SonarQube as an eight out of ten.

Read full review

SonarQube Server (formerly SonarQube) mindshare

Product category:

As of November 2025, the mindshare of SonarQube Server (formerly SonarQube) in the Application Security Tools category stands at 19.3%, down from 25.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools Market Share Distribution
Product	Market Share (%)
SonarQube Server (formerly SonarQube)	19.3%
Checkmarx One	10.4%
Veracode	6.9%
Other	63.4%

Application Security Tools

PeerResearch reports based on SonarQube Server (formerly SonarQube) reviews

Type	Title	Date
Category	Application Security Tools	Nov 2, 2025	Download
Product	Reviews, tips, and advice from real users	Nov 2, 2025	Download
Comparison	SonarQube Server (formerly SonarQube) vs Veracode	Nov 2, 2025	Download
Comparison	SonarQube Server (formerly SonarQube) vs Checkmarx One	Nov 2, 2025	Download
Comparison	SonarQube Server (formerly SonarQube) vs GitHub Advanced Security	Nov 2, 2025	Download

Title	Rating	Mindshare	Recommending
Snyk	4.0	6.0%	100%	49 interviews Add to research
GitLab	4.2	2.3%	97%	87 interviews Add to research

Valuable Features

SonarQube Server's key features include seamless pipeline integration, customizable quality gates, comprehensive code analysis, support for over 20 languages, and a user-friendly interface. It identifies vulnerabilities and technical debt, offers real-time feedback, and allows easy integration with tools like Jenkins. The platform’s quality gates and dashboards streamline code quality management, improving reliability and consistency across projects. Comprehensive community support and constant updates enhance its functionality.

"The ability to tailor metrics tracking with SonarQube Server (formerly SonarQube) has been beneficial to my team and stakeholders as we are able to get portfolio reports and project-wise reports, though there are areas for improvement."
"SonarQube Server (formerly SonarQube) is very stable."
"Overall, I would rate SonarQube Server (formerly SonarQube) as a 9 out of 10."

Room for Improvement

SonarQube Server (formerly SonarQube) faces challenges in improving security scanning, particularly for dynamic testing and deeper vulnerability analysis. Users find the interface and integration with third-party tools lacking and complicated. Performance issues arise with large codebases, and the static analysis has accuracy problems, often reporting false positives. The installation process is complex, support is limited, and reports are difficult to generate or interpret. Improvements in automation, user-friendliness, and timely updates are needed.

"SonarQube Server (formerly SonarQube) could be improved on the reporting front. Instead of grouping, I would prefer to scan the code as part of development and then generate a report on a daily basis among different units or projects, which is currently complicated."
"I think SonarQube Server (formerly SonarQube) should improve by integrating a new feature that includes AI. As soon as I see that they've got a new feature that integrates AI that is not as generative as other GenAI platforms that actually generate the code and help developers develop faster, I believe that capability is lacking."
"I see a problem with SonarQube Server (formerly SonarQube) because the vulnerability assessment is continuous; if I fix some vulnerabilities today, they reappear in the next scan, and there will be completely different issues that need to be fixed."

ROI

Users of SonarQube Server (formerly SonarQube) see an ROI by preventing rework and enhancing security and quality. Though hard to quantify, its benefits include the automation of code evaluation and detection of vulnerabilities, reducing effort in bug fixing. These improvements boost productivity and DevOps processes. Despite potential for growth, users find value in its application over time, with observed improvements in coding quality and measurable gains in coding efforts and project stability.

Pricing

SonarQube Server offers a freemium model, providing substantial open-source functionalities at no cost, making it appealing for organizations with smaller budgets. Enterprise options, including the Developer and Enterprise editions, incur costs based on lines of code, with some users reporting annual fees. Many users find the pricing reasonable, especially compared to competitors, though some perceive it as high. Additional costs typically involve hosting infrastructure and optional commercial plugins for enhanced features. Satisfied users often cite cost-effectiveness in larger deployments.

"SonarQube is a cost-effective solution."
"We use the solution free of cost."
"The tool's pricing is reasonable."

Popular Use Cases

SonarQube Server (formerly SonarQube) is primarily used for static code analysis, ensuring code quality, security, and compliance with coding standards. It is integrated into the CI/CD pipeline to detect vulnerabilities and enforce quality gates. Organizations utilize it for security testing, identifying bugs, and managing technical debt across diverse programming languages, deploying it both on-premise and in cloud environments. Developers receive immediate feedback to address issues and enhance software quality.

Service and Support

SonarQube Server's customer service is generally satisfactory, with active community support, especially online forums. Many rely on the extensive, accessible documentation. Official technical support is not always utilized or praised due to significant community resources. Paid support exists but is often unnecessary for many, who handle issues internally. Some users find responses can be slow, and support availability is limited in terms of hours. Overall, community contributions significantly aid user experience.

Deployment

Most experiences with SonarQube Server (formerly SonarQube) initial setup were straightforward, aided by good documentation and ease of installation. Many found it simple to deploy and configure, though some mentioned complexity in customizing or integrating with other tools. While some encountered challenges adapting the setup to their organizational needs, many users appreciated the standard quality profiles. Challenges were more prominent when dealing with large-scale deployments or specific technical integrations such as with Apache Maven or Kubernetes.

Scalability

Many users report that SonarQube Server (formerly SonarQube) scales effectively, accommodating multiple projects and users without significant issues. Some experience increased resource usage with upgrades, while others note challenges with very large codebases or limitations in the Community Edition. Businesses leverage SonarQube Server across various teams and integrate it with CI/CD pipelines, benefiting from its capability to handle thousands of projects and support extensive user bases.

Stability

SonarQube Server (formerly SonarQube) is highly stable, with minimal issues reported. Some configurations affect performance, especially with database locations and diverse code sizes. Stability concerns include rare plugin-induced glitches and occasional server restarts. Users employing Java benefit more, whereas C++ requires adjustments. Resource constraints may occur during simultaneous deployments, likely due to system resources rather than inherent flaws. With ongoing use, stability ranks between 7 to 10 out of 10 for most users.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our SonarQube Server (formerly SonarQube) Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	27
Midsize Enterprise	17
Large Enterprise	56

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	1487
Midsize Enterprise	994
Large Enterprise	4821

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

15%

Computer Software Company

14%

Manufacturing Company

14%

Government

Comms Service Provider

Insurance Company

Retailer

Healthcare Company

University

Educational Organization

Energy/Utilities Company

Media Company

Construction Company

Real Estate/Law Firm

Non Profit

Outsourcing Company

Consumer Goods Company

Transportation Company

Legal Firm

Aerospace/Defense Firm

Performing Arts

Hospitality Company

Wholesaler/Distributor

Pharma/Biotech Company

Recreational Facilities/Services Company

Logistics Company

Engineering Company

Compare SonarQube Server (formerly SonarQube) with alternative products

Learn more about SonarQube Server (formerly SonarQube)

Designed for static code analysis, SonarQube Server assists development teams in identifying bugs and vulnerabilities, promoting coding standards, and reducing technical debt. It offers centralized management of code quality metrics through its dashboard while supporting integration with Jenkins for seamless project management. However, challenges in interface design, analysis time, and reporting need addressing. While SonarQube Server offers significant benefits, users call for enhanced plug-in diversity, better documentation, and smoother upgrades.

What are SonarQube Server's most important features?

Extensive Language Support: Analyzes code across many programming languages.
Customizable Quality Gates: Tailors code assessment criteria to team needs.
CI/CD Integration: Works with continuous integration processes to enhance efficiency.
Security Vulnerability Detection: Identifies potential security threats within code.
SonarLint: Provides real-time feedback during development.
Security Hotspot Detection: Highlights potential security risks for further analysis.
Centralized Dashboard: Offers an overview of project metrics and code quality.

How do users evaluate benefits or ROI?

Improved Code Quality: Enhances coding standards and reduces bugs.
Technical Debt Reduction: Aids in maintaining clean and efficient code.
Security Management: Offers robust tools for detecting and managing vulnerabilities.
Continuous Improvement: Facilitates ongoing enhancements to coding practices.
Time Efficiency: Streamlines the integration of quality checks in development.

In industries like security organizations and enterprises, SonarQube Server is integrated into CI/CD pipelines to audit code and monitor coding standards. It assists in detecting security issues, ensuring compliance, and automating quality checks, helping businesses maintain high coding standards and improve development workflows.

SonarQube Server (formerly SonarQube) was previously known as Sonar.

Product Categories

Application Security Tools

Static Application Security Testing (SAST)

Software Development Analytics

Popular Comparisons

Snyk vs SonarQube Server (formerly SonarQube)

GitLab vs SonarQube Server (formerly SonarQube)

Checkmarx One vs SonarQube Server (formerly SonarQube)

Veracode vs SonarQube Server (formerly SonarQube)

Coverity Static vs SonarQube Server (formerly SonarQube)

CrowdStrike Falcon Cloud Security vs SonarQube Server (formerly SonarQube)

Mend.io vs SonarQube Server (formerly SonarQube)

GitHub Advanced Security vs SonarQube Server (formerly SonarQube)

OpenText Core Application Security vs SonarQube Server (formerly SonarQube)

SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube)

OWASP Zap vs SonarQube Server (formerly SonarQube)

Acunetix vs SonarQube Server (formerly SonarQube)

Sonatype Lifecycle vs SonarQube Server (formerly SonarQube)

HCL AppScan vs SonarQube Server (formerly SonarQube)

PortSwigger Burp Suite Professional vs SonarQube Server (formerly SonarQube)

See all alternatives

SonarQube Server (formerly SonarQube) Reviews Summary
Author info	Rating	Review Summary
Sr Software Engineering Supervisor at Mozarc Medical	4.5	I use SonarQube Server for static code analysis to detect build vulnerabilities, valuing its rule control despite ongoing scanning issues. Transitioning from Coverity, I see ROI due to its FDA approval, essential for our reports.
Head of Software Engineering at ronaldmariah@gmail.com	4.5	I use SonarQube Server for static code analysis to enhance code quality and manage technical debt. Its valuable features include code suggestions and customizable metric tracking, though it could improve by integrating AI. It replaced AppScan, offering better functionality.
IT Officer (Solution Architect) at World Bank	4.0	I've used SonarQube Server for years to monitor code quality through static analysis and test coverage, finding it effective overall, though reporting can be complex and improvements in AI and IDE integration would enhance the experience.
Distinguish Engineer at Gtmhub	4.5	I use SonarQube Server for static code analysis in our Jenkins CI builds, primarily on Golang projects. It effectively identifies code issues and improvements. Although satisfied, potential enhancements could include bill of materials functionality. We switched from Snyk for cost efficiency.
Senior Manager Product Engineering at GlobalLogic	4.5	My company uses SonarQube for static code analysis and unit test coverage. While it provides comprehensive insights, it can sometimes trigger false alarms. Its integration helps identify bugs in the testing phase, though improvements with AI could be beneficial.
Consultant at Green method	4.0	I use SonarQube for static code analysis due to its structured and native integration, especially compared to tools like GitHub Advanced Security. While its flaw detection is effective, enhancing the analytics engine would significantly improve analysis and reporting capabilities.
Tools manager at Harmony international	4.0	At our company, we use SonarQube to scan Dot.Net and Java sources, supporting various languages and offering an open-source model. However, improvements are needed for C/C++ compatibility and potential AI integration like GitHub Copilot.
Senior Software Architect at a tech vendor with 10,001+ employees	4.0	I use SonarQube mainly to analyze code quality, focusing on bugs and vulnerabilities. Its comprehensive analysis is valuable, though improvements like inter-procedural analysis and AI suggestions would enhance it. Coverity offers better vendor support and advanced features.

SonarQube Server (formerly SonarQube) Reviews

What is SonarQube Server (formerly SonarQube)?

Featured SonarQube Server (formerly SonarQube) reviews

SonarQube Server (formerly SonarQube) mindshare

PeerResearch reports based on SonarQube Server (formerly SonarQube) reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare SonarQube Server (formerly SonarQube) with alternative products

Learn more about SonarQube Server (formerly SonarQube)

Related questions

Product Categories

Popular Comparisons