Try our new research platform with insights from 80,000+ expert users
SonarQube Server (formerly SonarQube) Logo

SonarQube Server (formerly SonarQube) Reviews

Vendor: Sonar
4.0 out of 5
Badge Ranked 1
Leave a review

What is SonarQube Server (formerly SonarQube)?

SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.

Get the SonarQube Server (formerly SonarQube) Buyer's Guide and find out what your peers are saying about SonarQube Server (formerly SonarQube), GitLab, Snyk and more!
SonarQube Server (formerly SonarQube) is the #1 ranked solution in application security solutions, AST tools, and top Software Development Analytics solutions. PeerSpot users give SonarQube Server (formerly SonarQube) an average rating of 8.0 out of 10. SonarQube Server (formerly SonarQube) is most commonly compared to GitLab: SonarQube Server (formerly SonarQube) vs GitLab. SonarQube Server (formerly SonarQube) is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.
Buyer's Guide
SonarQube Server (formerly SonarQube)
August 2025
Get the report
Helped 865,985 peers since 2012

Featured SonarQube Server (formerly SonarQube) reviews

Read more reviews

SonarQube Server (formerly SonarQube) mindshare

Product category:
Application Security Tools
As of August 2025, the mindshare of SonarQube Server (formerly SonarQube) in the Application Security Tools category stands at 22.4%, down from 26.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Application Security Tools Market Share Distribution
ProductMarket Share (%)
SonarQube Server (formerly SonarQube)22.4%
Checkmarx One10.3%
Veracode8.8%
Other58.5%
Application Security Tools

PeerResearch reports based on SonarQube Server (formerly SonarQube) reviews

TypeTitleDate
CategoryApplication Security ToolsAug 28, 2025Download
ProductReviews, tips, and advice from real usersAug 28, 2025Download
ComparisonSonarQube Server (formerly SonarQube) vs VeracodeAug 28, 2025Download
ComparisonSonarQube Server (formerly SonarQube) vs Checkmarx OneAug 28, 2025Download
ComparisonSonarQube Server (formerly SonarQube) vs GitHub Advanced SecurityAug 28, 2025Download
Suggested products
TitleRatingMindshareRecommending
GitLab4.22.6%97%85 interviewsAdd to research
Snyk4.07.2%100%48 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

SonarQube Server's key features include seamless pipeline integration, customizable quality gates, comprehensive code analysis, support for over 20 languages, and a user-friendly interface. It identifies vulnerabilities and technical debt, offers real-time feedback, and allows easy integration with tools like Jenkins. The platform’s quality gates and dashboards streamline code quality management, improving reliability and consistency across projects. Comprehensive community support and constant updates enhance its functionality.
  • "SonarQube Server (formerly SonarQube) is very stable."
  • "Overall, I would rate SonarQube Server (formerly SonarQube) as a 9 out of 10."
  • "The freemium version of SonarQube Server offers excellent value, especially compared to the high costs of Snyk."

Room for Improvement

SonarQube Server (formerly SonarQube) faces challenges in improving security scanning, particularly for dynamic testing and deeper vulnerability analysis. Users find the interface and integration with third-party tools lacking and complicated. Performance issues arise with large codebases, and the static analysis has accuracy problems, often reporting false positives. The installation process is complex, support is limited, and reports are difficult to generate or interpret. Improvements in automation, user-friendliness, and timely updates are needed.
  • "I think SonarQube Server (formerly SonarQube) should improve by integrating a new feature that includes AI. As soon as I see that they've got a new feature that integrates AI that is not as generative as other GenAI platforms that actually generate the code and help developers develop faster, I believe that capability is lacking."
  • "I see a problem with SonarQube Server (formerly SonarQube) because the vulnerability assessment is continuous; if I fix some vulnerabilities today, they reappear in the next scan, and there will be completely different issues that need to be fixed."
  • "Any suggestions for potential improvements may include bill of materials functionality."

ROI

Users of SonarQube Server (formerly SonarQube) see an ROI by preventing rework and enhancing security and quality. Though hard to quantify, its benefits include the automation of code evaluation and detection of vulnerabilities, reducing effort in bug fixing. These improvements boost productivity and DevOps processes. Despite potential for growth, users find value in its application over time, with observed improvements in coding quality and measurable gains in coding efforts and project stability.

Pricing

SonarQube Server offers a freemium model, providing substantial open-source functionalities at no cost, making it appealing for organizations with smaller budgets. Enterprise options, including the Developer and Enterprise editions, incur costs based on lines of code, with some users reporting annual fees. Many users find the pricing reasonable, especially compared to competitors, though some perceive it as high. Additional costs typically involve hosting infrastructure and optional commercial plugins for enhanced features. Satisfied users often cite cost-effectiveness in larger deployments.
  • "SonarQube is a cost-effective solution."
  • "We use the solution free of cost."
  • "The tool's pricing is reasonable."

Popular Use Cases

SonarQube Server (formerly SonarQube) is primarily used for static code analysis, ensuring code quality, security, and compliance with coding standards. It is integrated into the CI/CD pipeline to detect vulnerabilities and enforce quality gates. Organizations utilize it for security testing, identifying bugs, and managing technical debt across diverse programming languages, deploying it both on-premise and in cloud environments. Developers receive immediate feedback to address issues and enhance software quality.

Service and Support

SonarQube Server's customer service is generally satisfactory, with active community support, especially online forums. Many rely on the extensive, accessible documentation. Official technical support is not always utilized or praised due to significant community resources. Paid support exists but is often unnecessary for many, who handle issues internally. Some users find responses can be slow, and support availability is limited in terms of hours. Overall, community contributions significantly aid user experience.

Deployment

Most experiences with SonarQube Server (formerly SonarQube) initial setup were straightforward, aided by good documentation and ease of installation. Many found it simple to deploy and configure, though some mentioned complexity in customizing or integrating with other tools. While some encountered challenges adapting the setup to their organizational needs, many users appreciated the standard quality profiles. Challenges were more prominent when dealing with large-scale deployments or specific technical integrations such as with Apache Maven or Kubernetes.

Scalability

Many users report that SonarQube Server (formerly SonarQube) scales effectively, accommodating multiple projects and users without significant issues. Some experience increased resource usage with upgrades, while others note challenges with very large codebases or limitations in the Community Edition. Businesses leverage SonarQube Server across various teams and integrate it with CI/CD pipelines, benefiting from its capability to handle thousands of projects and support extensive user bases.

Stability

SonarQube Server (formerly SonarQube) is highly stable, with minimal issues reported. Some configurations affect performance, especially with database locations and diverse code sizes. Stability concerns include rare plugin-induced glitches and occasional server restarts. Users employing Java benefit more, whereas C++ requires adjustments. Resource constraints may occur during simultaneous deployments, likely due to system resources rather than inherent flaws. With ongoing use, stability ranks between 7 to 10 out of 10 for most users.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our SonarQube Server (formerly SonarQube) Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business27
Midsize Enterprise17
Large Enterprise55
By reviewers
By visitors reading reviews
Company SizeCount
Small Business1641
Midsize Enterprise1204
Large Enterprise5631
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Manufacturing Company
13%
Government
6%
Insurance Company
4%
Retailer
4%
Comms Service Provider
4%
Healthcare Company
4%
Educational Organization
3%
University
3%
Energy/Utilities Company
3%
Media Company
2%
Non Profit
2%
Construction Company
2%
Real Estate/Law Firm
2%
Legal Firm
2%
Consumer Goods Company
2%
Outsourcing Company
2%
Transportation Company
1%
Aerospace/Defense Firm
1%
Performing Arts
1%
Hospitality Company
1%
Wholesaler/Distributor
1%
Pharma/Biotech Company
1%
Recreational Facilities/Services Company
1%
Logistics Company
1%
Engineering Company
1%

Compare SonarQube Server (formerly SonarQube) with alternative products

Go!

Learn more about SonarQube Server (formerly SonarQube)

SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.

What are the key features of SonarQube Server?
  • Support for 20+ languages: Extensive programming language support suitable for diverse coding environments.
  • Custom coding rules: Allows for tailored rule sets to match specific coding standards.
  • Flexible quality gates: Define criteria for code acceptance at various intervals.
  • CI/CD integration: Seamless integration with Continuous Integration/Continuous Deployment tools.
  • Rich interface: User-friendly dashboard with detailed visual insights.
What benefits should users expect from SonarQube Server?
  • Improved code quality: Enhanced analysis contributes to fewer bugs and improved coding practices.
  • Security enhancements: Identifies and mitigates security vulnerabilities pre-emptively.
  • Maintainability: Reduces technical debt, yielding long-term development efficiency.
  • Customizable: Flexibility in configuration aligns with specific project needs.

Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.

SonarQube Server (formerly SonarQube) was previously known as Sonar.

Product Demo

Play interactive demo

Related questions

  • 740
Is SonarQube the best tool for static analysis?
  • 73
Which gives you more for your money - SonarQube or Veracode?
  • 39
What Is The Biggest Difference Between Fortify on Demand And SonarQube?
  • 70
What is the biggest difference between Checkmarx and SonarQube?
  • 124
Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
  • 237
How does SonarQube instance relate to the license?
  • 195
Which software is ideal for code quality and security?
  • 127
What is the difference between Coverity and SonarQube?
  • 47
What is the biggest difference between Coverity and SonarQube?
  • 779
How would you decide between Coverity and Sonarqube?

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Software Development Analytics

Popular Comparisons

Popular Comparisons
GitLab vs SonarQube Server (formerly SonarQube) Logo
GitLab vs SonarQube Server (formerly SonarQube)
Snyk vs SonarQube Server (formerly SonarQube) Logo
Snyk vs SonarQube Server (formerly SonarQube)
Checkmarx One vs SonarQube Server (formerly SonarQube) Logo
Checkmarx One vs SonarQube Server (formerly SonarQube)
Veracode vs SonarQube Server (formerly SonarQube) Logo
Veracode vs SonarQube Server (formerly SonarQube)
Coverity vs SonarQube Server (formerly SonarQube) Logo
Coverity vs SonarQube Server (formerly SonarQube)
Mend.io vs SonarQube Server (formerly SonarQube) Logo
Mend.io vs SonarQube Server (formerly SonarQube)
CrowdStrike Falcon Cloud Security vs SonarQube Server (formerly SonarQube) Logo
CrowdStrike Falcon Cloud Security vs SonarQube Server (formerly SonarQube)
GitHub Advanced Security vs SonarQube Server (formerly SonarQube) Logo
GitHub Advanced Security vs SonarQube Server (formerly SonarQube)
OpenText Core Application Security vs SonarQube Server (formerly SonarQube) Logo
OpenText Core Application Security vs SonarQube Server (formerly SonarQube)
OWASP Zap vs SonarQube Server (formerly SonarQube) Logo
OWASP Zap vs SonarQube Server (formerly SonarQube)
SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube) Logo
SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube)
Acunetix vs SonarQube Server (formerly SonarQube) Logo
Acunetix vs SonarQube Server (formerly SonarQube)
Sonatype Lifecycle vs SonarQube Server (formerly SonarQube) Logo
Sonatype Lifecycle vs SonarQube Server (formerly SonarQube)
HCL AppScan vs SonarQube Server (formerly SonarQube) Logo
HCL AppScan vs SonarQube Server (formerly SonarQube)
PortSwigger Burp Suite Professional vs SonarQube Server (formerly SonarQube) Logo
PortSwigger Burp Suite Professional vs SonarQube Server (formerly SonarQube)
See all alternatives
 
SonarQube Server (formerly SonarQube) Reviews Summary
Author infoRatingReview Summary
Sr Software Engineering Supervisor at Mozarc Medical4.5I use SonarQube Server for static code analysis to detect build vulnerabilities, valuing its rule control despite ongoing scanning issues. Transitioning from Coverity, I see ROI due to its FDA approval, essential for our reports.
Head of Software Engineering at ronaldmariah@gmail.com4.5I use SonarQube Server for static code analysis to enhance code quality and manage technical debt. Its valuable features include code suggestions and customizable metric tracking, though it could improve by integrating AI. It replaced AppScan, offering better functionality.
Senior Manager Product Engineering at GlobalLogic4.5My company uses SonarQube for static code analysis and unit test coverage. While it provides comprehensive insights, it can sometimes trigger false alarms. Its integration helps identify bugs in the testing phase, though improvements with AI could be beneficial.
Distinguish Engineer at Gtmhub4.5I use SonarQube Server for static code analysis in our Jenkins CI builds, primarily on Golang projects. It effectively identifies code issues and improvements. Although satisfied, potential enhancements could include bill of materials functionality. We switched from Snyk for cost efficiency.
Consultant at Green method4.0I use SonarQube for static code analysis due to its structured and native integration, especially compared to tools like GitHub Advanced Security. While its flaw detection is effective, enhancing the analytics engine would significantly improve analysis and reporting capabilities.
Senior Manager, Security Engineering at ESS4.0I use SonarQube Server primarily for security vulnerabilities and static code analysis. It is admin-friendly but lacks developer-centric features and needs an improved SonarLint plugin. Compared to Snyk and Coverity, SonarQube is preferable for being open-source.
Tools manager at Harmony international4.0At our company, we use SonarQube to scan Dot.Net and Java sources, supporting various languages and offering an open-source model. However, improvements are needed for C/C++ compatibility and potential AI integration like GitHub Copilot.
Application Security Coordinator at Banco Votorantim4.0I work in vulnerability management and use SonarQube and Veracode for security verification. SonarQube offers valuable features for fixing issues, but needs better security analysis and software composition analysis. Despite this, it provides ROI by preventing rework.