SonarQube Server and GitHub are two prominent tools in the code quality and version control category. Each has its own strengths, with SonarQube specializing in static code analysis and GitHub offering superior collaboration and integration features.
Features: SonarQube Server is known for its comprehensive code analysis, including support for over 20 programming languages, integration with CI servers, and custom coding rules. GitHub offers seamless collaboration through pull requests, branch management, and a robust marketplace for extensions and automations. Its integration with CI/CD pipelines enhances its capabilities in workflow management.
Room for Improvement: SonarQube Server could benefit from a more user-friendly interface, simplified third-party tool integration, and faster analysis times. Improving language support and security features would enhance its competitiveness. GitHub's search and navigation within repositories could be refined, and its integration with other development tools and conflict resolution features during merges could be improved. Optimizing its support for large files would also enhance performance.
Ease of Deployment and Customer Service: SonarQube Server is typically deployed on-premises, offering greater control but potentially more complex deployment. Customer service relies on community support and documentation. GitHub, primarily cloud-based, offers ease of access and scalability, with structured support benefiting from its extensive community resources as a Microsoft service.
Pricing and ROI: SonarQube Server provides an open-source version, but premium features and plugins require investment, potentially costly for large codebases. GitHub offers free basic features, with paid versions at reasonable prices. Both tools show significant ROI in improving code quality and streamlining workflows, though GitHub's collaboration features notably reduce project delivery times.
I have seen a return on the investment from SonarQube Server (formerly SonarQube) because the value it adds relates to static code analysis and vulnerability assessments needed for our FDA approval process.
We see productivity increasing based on the fact that the code review is mostly automated, allowing the developer to fix the code themselves before assigning it to someone else to review, thus receiving that ROI.
It's more about maintaining standards and being able to prevent issues before they occur.
The technical support from GitHub is generally good, and they communicate effectively.
Some forums help you get answers faster since you just type in your concern and see resolutions from other engineers.
I have not used GitHub's technical support extensively because there are many resources and a robust knowledge base available due to the large user community.
The community support is quite effective.
I would rate the technical support for SonarQube Server (formerly SonarQube) as a 10 because we have not faced any specific issues that required us to contact tech support, which is a very rare case.
They showed us where we can actually get those granular level reporting extracted for Excel, which was a quick guide.
We have never had a problem with scalability, so I would rate it at least eight to nine.
GitHub is more scalable than on-prem solutions, allowing for cloud-based scaling which is beneficial for processing large workloads efficiently.
I would rate the scalability of SonarQube Server as a 10 because we can configure the server to scan multiple projects based on the number of lines.
I find SonarQube Server (formerly SonarQube) very scalable because we're able to create a new repository and integrate all the tools on that project and it just works.
If a skilled developer uses it, it is ten out of ten for stability.
It provides a reliable environment for code management.
GitHub is mostly stable, but there can be occasional hiccups.
I think SonarQube Server (formerly SonarQube) is stable, and we did not face any problems unless there was a power outage or if the LAN cable was plugged out.
When working with the CI/CD pipeline and somebody is writing the workflow file, it would be best to include the AI feature so if they write incorrect code, it will notify me about it in the same dashboard, eliminating the need to use third-party tools to review the file.
One area for improvement in GitHub could be integration with other tools, such as test management or project management tools.
I would like to see some AI functionality included in GitHub, similar to the features seen in GitLab, to enhance productivity.
If I fix some vulnerabilities today, they reappear in the next scan, and there will be completely different issues that need to be fixed.
As soon as I see that they've got a new feature that integrates AI that is not as generative as other GenAI platforms that actually generate the code and help developers develop faster, I believe that capability is lacking.
Instead of grouping, I would prefer to scan the code as part of development and then generate a report on a daily basis among different units or projects, which is currently complicated.
Normally, GitHub is not expensive, but it would be welcome if it reduces costs for developing countries.
The pricing of GitHub is reasonable, with the cost being around seven dollars per user per month for private repositories.
The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs.
I would rate the pricing for SonarQube Server (formerly SonarQube) as an 8, where 1 is very cheap and 10 is very expensive, because Coverity is very expensive, and while SonarQube is not cheap, it is still less expensive than Coverity.
They always offer around a two-year contract, but we always take a one-year contract because it's expensive.
The freemium version of SonarQube Server offers excellent value, especially compared to the high costs of Snyk.
The pull request facility for code review.
GitHub Actions allow for creating multiple jobs that run in different stages such as build, test, and deploy, which enable better visibility and control over the deployment pipeline.
For branching, it works well, especially in an agile environment.
Some of the static code analysis capabilities are the most beneficial.
The most valuable features of SonarQube Server (formerly SonarQube) for us include having control of the rules, enabling and disabling them.
We use SonarQube Server's centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve.
| Product | Market Share (%) |
|---|---|
| SonarQube Server (formerly SonarQube) | 20.8% |
| GitHub | 0.9% |
| Other | 78.3% |
| Company Size | Count |
|---|---|
| Small Business | 42 |
| Midsize Enterprise | 12 |
| Large Enterprise | 48 |
| Company Size | Count |
|---|---|
| Small Business | 32 |
| Midsize Enterprise | 21 |
| Large Enterprise | 75 |
SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.
SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.
What are the key features of SonarQube Server?Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
