No more typing reviews! Try our Samantha, our new voice AI agent.

CodeSonar vs SonarQube comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CodeSonar
Ranking in Application Security Tools
34th
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
7
Ranking in other categories
Static Code Analysis (10th)
SonarQube
Ranking in Application Security Tools
1st
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
135
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of July 2026, in the Application Security Tools category, the mindshare of CodeSonar is 1.1%, down from 1.5% compared to the previous year. The mindshare of SonarQube is 12.4%, down from 23.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
SonarQube12.4%
CodeSonar1.1%
Other86.5%
Application Security Tools
 

Featured Reviews

Mathieu ALBRESPY - PeerSpot reviewer
Intigration Developer at ez-Wheel
Nice interface, quick to deploy, and easy to expand
This is the first time I've used this kind of software. It was the only one we could apply to analyze with MISRA rules. At my new company, I tried to use Klocwork. I tried to use it, just once so I cannot compare it exactly with CodeSonar. I also have a plugin for my Visual Studio and I try to make it work. It's not easy, however, I don't think that we have this kind of functionality with CodeSonar. It can do some incremental analysis. However, since this feature is also available on CodeSonar, it would be a good idea to have a plugin on Visual Studio just to have a quick analysis.
Sathyamurthi Natarajan - PeerSpot reviewer
IT Officer (Solution Architect) at World Bank
We maintain high code standards with effective static code analysis and integration
SonarQube Server (formerly SonarQube) could be improved on the reporting front. Instead of grouping, I would prefer to scan the code as part of development and then generate a report on a daily basis among different units or projects, which is currently complicated. We need to change it to more of a portfolio report, where configuring or setting up things on the portfolio requires tagging at the ADO level.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is very stable and we have used it for a long time with no issues."
"There is nice functionality for code surfing and browsing."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"The tool is very good for detecting memory leaks."
"CodeSonar’s most valuable feature is finding security threats."
"CodeSonar has helped our organization because it detects dead and nonusable parts of code to create a more optimized code."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"My advice to others is this solution is one of the best in the free market in the industry and it is a good one to use."
"Stability has never been a problem."
"We previously used Codacy, but we switched to SonarCloud because of their good reputation and we compared reports from both of them and SonarCloud seems to be more accurate."
"The overall quality of the indicator is good."
"The SaaS solution for checking code without execution and dealing with security issues is valuable."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
 

Cons

"The scanning tool for core architecture could be improved."
"It was expensive."
"The MISRA guidelines were not appropriately reported and there were some flags or errors."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"There could be a shared licensing model for the users."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"It was difficult for us to apply a rule, especially to a part of the code, and not apply it to the rest of the code."
"If you don't have any experience with the configuration or how to configure the files, it can be complicated."
"However, time and time again, some issues become annoying, since they are actually not issues."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"Improvements could be made in terms of security. I would like to see dynamic code analysis in the next version of the software."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product with additional cost, also gives the benefit of a single pane of glass view, although we still need WhiteSource Bolt for third-party library scanning."
 

Pricing and Cost Advice

"The application’s pricing is high compared to other tools."
"Pricing is a bit costly."
"The solution's price depends on the number of licenses needed and the source code for the project."
"Our organization purchased a license to use the solution."
"My guess is that we have a yearly subscription. We use it quite extensively, so a monthly license wouldn't make sense. Yearly subscriptions are usually cheaper. In addition to the standard licensing fee, there is just the cost of running the hardware where it is hosted."
"We're using an older version because it is the open-source flavor of it and we can continue using it at no cost. We're not paying any licensing at all, which was another factor in choosing this route so that we can learn and grow with it and not be committed to licenses and other similar things. If we choose to get something else, we have to relearn, but we don't have to relicense. Basically, we're paying no license costs."
"The price of the solution could be reduced."
"The tool's pricing is reasonable."
"There is both a free and licensed version. The free version has limitations on development languages and support."
"We are using the Community edition of SonarQube."
"We are using the open-source version, which is available free of cost."
"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
903,067 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
24%
Computer Software Company
8%
Financial Services Firm
7%
University
7%
Financial Services Firm
14%
Manufacturing Company
13%
Computer Software Company
12%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise1
Large Enterprise2
By reviewers
Company SizeCount
Small Business43
Midsize Enterprise24
Large Enterprise79
 

Questions from the Community

Ask a question
Earn 20 points
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Comparisons

 

Also Known As

No data available
Sonar, SonarQube Cloud
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY
Snowflake, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.
Find out what your peers are saying about CodeSonar vs. SonarQube and other solutions. Updated: June 2026.
903,067 professionals have used our research since 2012.