Try our new research platform with insights from 80,000+ expert users
SonarQube Logo

SonarQube Reviews

Vendor: SonarSource Sàrl
4.0 out of 5
Badge Ranked 1
Leave a review

What is SonarQube?

SonarQube provides comprehensive support for multi-language development, custom coding rules, and quality gates, integrated seamlessly into CI/CD pipelines. It empowers teams with clear insights through intuitive dashboards, identifying vulnerabilities, code smells, and technical debt.

Get the SonarQube Buyer's Guide and find out what your peers are saying about SonarQube, Snyk, GitLab and more!
SonarQube is the #1 ranked solution in application security solutions, AST tools, and top Software Development Analytics solutions. PeerSpot users give SonarQube an average rating of 8.0 out of 10. SonarQube is most commonly compared to Snyk: SonarQube vs Snyk. SonarQube is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 14% of all views.
Buyer's Guide
SonarQube
December 2025
Get the report
Helped 879,259 peers since 2012

Featured SonarQube reviews

Read more reviews

SonarQube mindshare

Product category:
Application Security Tools
As of December 2025, the mindshare of SonarQube in the Application Security Tools category stands at 19.2%, down from 26.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Application Security Tools Market Share Distribution
ProductMarket Share (%)
SonarQube19.2%
Checkmarx One10.2%
Veracode6.1%
Other64.5%
Application Security Tools

PeerResearch reports based on SonarQube reviews

TypeTitleDate
CategoryApplication Security ToolsDec 29, 2025Download
ProductReviews, tips, and advice from real usersDec 29, 2025Download
ComparisonSonarQube vs VeracodeDec 29, 2025Download
ComparisonSonarQube vs Checkmarx OneDec 29, 2025Download
ComparisonSonarQube vs GitHubDec 29, 2025Download
Suggested products
TitleRatingMindshareRecommending
Snyk4.16.1%100%50 interviewsAdd to research
GitLab4.22.3%97%88 interviewsAdd to research
 
 
Key learnings from peers
Last updated Nov 5, 2025

Valuable Features

SonarQube is valued for its wide programming language support, customizable quality gates, and integration capabilities. Features like SonarLint, quality profiles, and dashboards enhance coding standards and issue detection. Users appreciate code coverage analysis and security vulnerability checks. The tool's stability and ease of use, integration with CI/CD pipelines including Jenkins, and the ability to create tailored metrics and reports make it indispensable for teams seeking improved code quality and technical debt management.
  • "When we push our code to the repo, while in continuous integration, it will run a few tests and based on the vulnerability data set it has, it can track the vulnerabilities, indicate the code line where the issue exists, and show how much code is covered by all the unit tests, integration tests, and those sorts of things."
  • "SonarQube Cloud (formerly SonarCloud) has had a positive impact on my organization by giving the best impact for code checking and code structuring, making the code more usable and better."
  • "The ability to tailor metrics tracking with SonarQube Server (formerly SonarQube) has been beneficial to my team and stakeholders as we are able to get portfolio reports and project-wise reports, though there are areas for improvement."

Room for Improvement

SonarQube needs improved C/C++ compatibility, reporting features, and UI enhancements. Users desire better integration with AI, dynamic code analysis, and fewer false positives. Security features and support for various languages, particularly Python, can be enhanced. Better integration with tools like JIRA is sought, and improvements in the product’s setup process are needed. Reducing analysis time and enhancing security capabilities are important areas for development, alongside providing more detailed solutions for fixing code issues.
  • "SonarQube Server (formerly SonarQube) could be improved on the reporting front. Instead of grouping, I would prefer to scan the code as part of development and then generate a report on a daily basis among different units or projects, which is currently complicated."
  • "I think SonarQube Server (formerly SonarQube) should improve by integrating a new feature that includes AI. As soon as I see that they've got a new feature that integrates AI that is not as generative as other GenAI platforms that actually generate the code and help developers develop faster, I believe that capability is lacking."
  • "I see a problem with SonarQube Server (formerly SonarQube) because the vulnerability assessment is continuous; if I fix some vulnerabilities today, they reappear in the next scan, and there will be completely different issues that need to be fixed."

ROI

Organizations report SonarQube significantly reduces effort in identifying and resolving code issues, enhancing code quality and security. It integrates seamlessly with CI/CD pipelines, aiding in fewer defects and improved stability. While precise ROI metrics are difficult to quantify, many experience time and cost savings over time. The tool assists in static code analysis and promotes better coding practices, increasing productivity. Despite increasing costs, it remains valuable for many, especially in larger enterprises.

Pricing

SonarQube offers a free Community edition and paid versions like Developer, Enterprise, and Data Center editions. Users find the open-source version cost-effective, though setup and infrastructure incurs additional costs. The licensing for paid versions is based on lines of code, which some find reasonable, while others consider it expensive compared to competitors. Self-hosted options are noted for leveraging existing infrastructure efficiently. The pricing may vary globally, influencing perceived value.
  • "Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
  • "SonarQube is a cost-effective solution."
  • "We use the solution free of cost."

Popular Use Cases

SonarQube is used for static code analysis, code quality improvement, and security checks. Many developers integrate it into CI/CD pipelines to enhance code standards and detect vulnerabilities. Organizations appreciate its ability to automate code inspections, provide immediate feedback, and support continuous improvement. Key features include identifying technical debt, code duplication, and offering a clean, consistent codebase for better software maintenance and security. It efficiently ensures adherence to coding standards across diverse projects.

Service and Support

SonarQube's customer service and support are mixed. Many users rely on community forums and documentation, finding them sufficient. The Spanish community forum is particularly helpful. While some praise the responsiveness and expertise of the support team, others highlight delays or lack of proactive engagement. The open-source version requires users to find solutions independently. Those using enterprise editions find the provided support package beneficial, but it is noted that technical support involves an extra cost and is not included by default.

Deployment

Many users find SonarQube's initial setup straightforward, especially those with technical knowledge. The process is smooth with helpful documentation and online support. Some complexity arises when adapting to organizational needs or integrating with existing tools. Challenges may occur with plugins or compatibility, but most installations proceed without significant issues. For some, setup is nearly effortless, while others point to configuration and adaptation as key areas requiring more attention. The deployment timeframe varies, but many achieve quick installations.

Scalability

SonarQube scales effectively for varying project sizes. Many companies report no issues while integrating with CI/CD pipelines. Some users note resource demands on large codebases or with Community Edition limitations, while others benefit from using cloud resources. Organizations successfully extend SonarQube's usage across numerous teams, handling thousands of projects. Concerns include performance on substantial portfolios or specific configurations. SonarQube efficiently supports collaboration across diverse environments with flexible deployment options.

Stability

Users find SonarQube to be generally stable. Many report no major issues, though some mention initial configuration challenges and rare performance hiccups related to resource constraints. The need for proper setup and occasional third-party plugin conflicts are noted, but these do not significantly impact stability. It is reliable with good user feedback on stability, particularly in newer versions. The system's stability ratings often range from seven to ten out of ten.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our SonarQube Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business36
Midsize Enterprise20
Large Enterprise60
By reviewers
By visitors reading reviews
Company SizeCount
Small Business1530
Midsize Enterprise1054
Large Enterprise4603
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
14%
Computer Software Company
14%
Manufacturing Company
14%
Government
5%
Comms Service Provider
5%
Insurance Company
4%
Retailer
4%
Healthcare Company
4%
University
3%
Energy/Utilities Company
3%
Educational Organization
3%
Outsourcing Company
2%
Media Company
2%
Construction Company
2%
Non Profit
2%
Real Estate/Law Firm
2%
Performing Arts
2%
Transportation Company
2%
Consumer Goods Company
2%
Legal Firm
2%
Aerospace/Defense Firm
1%
Hospitality Company
1%
Wholesaler/Distributor
1%
Pharma/Biotech Company
1%
Logistics Company
1%
Recreational Facilities/Services Company
1%
Marketing Services Firm
1%
Engineering Company
1%

Compare SonarQube with alternative products

Go!

Learn more about SonarQube

SonarQube is renowned for its extensive capabilities in static code analysis, making it an invaluable tool for maintaining code quality. By fully integrating into development processes, it allows organizations to manage vulnerabilities and ensure compliance with coding standards. Its extensive community and open-source roots contribute to its accessibility, while robust dashboards facilitate code quality monitoring. Despite its strengths, feedback suggests enhancing analysis speed, better integration with DevOps tools, and refining the user interface. Users also point to the need for handling false positives effectively and expanding on AI-based features for dynamic code analysis.

What are SonarQube's main features?
  • Multi-language Support: Broad compatibility with diverse programming languages
  • Custom Coding Rules: Flexible customization of coding standards
  • Quality Gates: Set thresholds for maintaining coding standards
  • Vulnerability Identification: Detects security and performance issues
  • Integration with CI/CD: Streamlines quality checks in development workflows
  • Open Source Access: Supported by an active developer community
  • Technical Debt Tracking: Identifies and manages coding inefficiencies
What benefits should users expect?
  • Enhanced Code Quality: Improve code reliability and maintainability
  • Security Assurance: Identify and mitigate potential vulnerabilities
  • Reduced Technical Debt: Streamline the process of managing poor coding practices
  • Development Efficiency: Facilitates continuous integration and delivery processes
  • Community Support: Leverages an active network for continual improvements

In industries like finance and healthcare, SonarQube aids in obtaining regulatory compliance through rigorous code quality assessments. It is implemented to enhance cybersecurity by identifying potential vulnerabilities, while ensuring code meets the stringent standards demanded in these fields. As part of a broader development ecosystem, its integration in CI/CD pipelines ensures smooth and efficient software delivery, catering to phases from code inception to deployment, effectively supporting large-scale and critical software applications.

SonarQube was previously known as Sonar, SonarQube Cloud .

Related questions

  • 409
Is SonarQube the best tool for static analysis?
  • 50
Which gives you more for your money - SonarQube or Veracode?
  • 24
What Is The Biggest Difference Between Fortify on Demand And SonarQube?
  • 39
What is the biggest difference between Checkmarx and SonarQube?
  • 98
Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
  • 113
How does SonarQube instance relate to the license?
  • 185
Which software is ideal for code quality and security?
  • 128
What is the difference between Coverity and SonarQube?
  • 30
What is the biggest difference between Coverity and SonarQube?
  • 484
How would you decide between Coverity and Sonarqube?

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Software Development Analytics

Popular Comparisons

Popular Comparisons
Snyk vs SonarQube Logo
Snyk vs SonarQube
GitLab vs SonarQube Logo
GitLab vs SonarQube
Checkmarx One vs SonarQube Logo
Checkmarx One vs SonarQube
Veracode vs SonarQube Logo
Veracode vs SonarQube
Coverity Static vs SonarQube Logo
Coverity Static vs SonarQube
CrowdStrike Falcon Cloud Security vs SonarQube Logo
CrowdStrike Falcon Cloud Security vs SonarQube
GitHub Advanced Security vs SonarQube Logo
GitHub Advanced Security vs SonarQube
OWASP Zap vs SonarQube Logo
OWASP Zap vs SonarQube
OpenText Core Application Security vs SonarQube Logo
OpenText Core Application Security vs SonarQube
Mend.io vs SonarQube Logo
Mend.io vs SonarQube
Acunetix vs SonarQube Logo
Acunetix vs SonarQube
Sonatype Lifecycle vs SonarQube Logo
Sonatype Lifecycle vs SonarQube
PortSwigger Burp Suite Professional vs SonarQube Logo
PortSwigger Burp Suite Professional vs SonarQube
HCL AppScan vs SonarQube Logo
HCL AppScan vs SonarQube
HackerOne vs SonarQube Logo
HackerOne vs SonarQube
See all alternatives
 
SonarQube Reviews Summary
Author infoRatingReview Summary
Sr Software Engineering Supervisor at Mozarc Medical4.5I use SonarQube Server for static code analysis to detect build vulnerabilities, valuing its rule control despite ongoing scanning issues. Transitioning from Coverity, I see ROI due to its FDA approval, essential for our reports.
Head of Software Engineering at ronaldmariah@gmail.com4.5I use SonarQube Server for static code analysis to enhance code quality and manage technical debt. Its valuable features include code suggestions and customizable metric tracking, though it could improve by integrating AI. It replaced AppScan, offering better functionality.
Security Analyst at Dover Corporation4.0I use SonarQube Cloud daily on Microsoft Azure for security checks, finding it user-friendly with precise reports and easy CI/CD integration. It saves time, offers detailed code insights, but could improve UI and provide more elaborate solutions for CVEs.
IT Officer (Solution Architect) at World Bank4.0I've used SonarQube Server for years to monitor code quality through static analysis and test coverage, finding it effective overall, though reporting can be complex and improvements in AI and IDE integration would enhance the experience.
CEO at a computer software company with 1-10 employees3.5I primarily use SonarQube Cloud for static code analysis because it's easy to integrate and use. However, it needs improved vulnerability detection compared to Veracode, which I find more complex but with better capabilities. I haven't calculated ROI yet.
Architect at sigpsc inc4.5I use SonarQube Cloud for scanning code quality and identifying vulnerabilities, noting its excellent integration into YAML pipelines. However, I find it lacks in covering vulnerabilities, static scanning, and misarchitecture comprehensively, and it caters more to larger clients.
consultant at a computer software company with 1,001-5,000 employees4.0I use SonarQube Cloud for code inspection, managing technical debt, and identifying security vulnerabilities. Its integration with CI/CD tools is invaluable, though it lacks dynamic code scanning. The interface is superior, and it's a great fit for several languages and platforms.
DevOps Lead at CODVO3.5I use SonarQube Cloud for code analysis in CI/CD pipelines to track vulnerabilities and code quality, though it lacks features like DAST and auto-ticketing, and some useful functionalities now require a paid version.