GitLab vs SonarCloud comparison


Comparison Buyer's Guide

Executive Summary

Categories and Ranking

Ranking in Static Application Security Testing (SAST)
Average Rating
Number of Reviews
Ranking in other categories
Application Security Tools (6th), Build Automation (1st), Release Automation (2nd), Rapid Application Development Software (10th), Software Composition Analysis (SCA) (6th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (3rd)
Ranking in Static Application Security Testing (SAST)
Average Rating
Number of Reviews
Ranking in other categories
No ranking in other categories

Mindshare comparison

As of July 2024, in the Static Application Security Testing (SAST) category, the mindshare of GitLab is 3.2%, up from 2.5% compared to the previous year. The mindshare of SonarCloud is 8.8%, up from 6.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
Unique Categories:
Application Security Tools
Build Automation
No other categories found

Featured Reviews

Mar 19, 2024
Version control history is valuable for our development workflow
We create the pipeline and push it to GitLab to initiate the process. The cloud integration is straightforward When it comes to GitLab's CI/CD integration, it significantly supports our development process by accelerating deployments. With automated pipelines, we can focus more on development…
Huzaifa Asif - PeerSpot reviewer
Dec 12, 2023
A comprehensive code quality management offering all-in-one functionality, including static code analysis, security assessments, and code optimization, while providing valuable insights for developers
There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation could use improvement in providing clearer instructions. I found myself needing to engage with support multiple times to navigate through certain aspects. Additionally, it would be beneficial if it could streamline the integration process for new features. Enhancing documentation on how to integrate these features seamlessly would go a long way in improving user experience. The introduction of an auto-commit functionality would be a valuable addition. Some other tools offer this feature, allowing for the automatic creation of pull requests to address identified issues. This functionality significantly reduces the manual effort required.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"The solution is stable."
"The scalability is good."
"We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
"The most valuable feature of GitLab is the ability to upload scripts and make changes when needed and then reupload them. Additionally, the solution is user-friendly."
"I like GitLab's security and SAS tools."
"The important feature is the entire process of versioning source code maintenance and easy deployment. It is a necessity for the CI/CD pipeline."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"The solution can be installed locally."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The most valuable feature of SonarCloud is its overall performance."
"For what it is meant to do, it works pretty well."


"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"It could have more security integrations and the ability to check the vulnerability of the code. I don't think it is a responsibility of Gitlab, but it would be nice to have more options to integrate with."
"We would like to generate document pages from the sources."
"The pricing model of GitLab is an issue for me."
"In the next release, I would like to see GitLab expand its integration capabilities to include platforms like DigitalOcean, which developers widely use for cloud infrastructure. Enhancing CI/CD automation features specifically tailored for DigitalOcean would be beneficial."
"The solution should again offer an on-premises deployment option."
"There is a need to improve or adopt AI into the ecosystem like a co-pilot, which Microsoft has done with GitHub."
"The only thing our company is really waiting on in terms of features is the development of metrics."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"We had some issues with the scanner."
"It would be helpful if notifications could go out to an extra person."
"The solution needs to improve its customization and flexibility."
"There's room for improvement in the configuration process, particularly during the initial setup phase."

Pricing and Cost Advice

"I'm not aware of the licensing costs because those were covered by the customer."
"We are currently using the open-source version."
"GitLab is cheap."
"The solution's pricing is acceptable."
"The solution is based on a licensing model that includes technical support and is paid annually."
"The initial setup cost is excellent and you can add the premium features later."
"GitLab is an open-source solution."
"It seems reasonable. Our IT team manages the licenses."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"The current pricing is quite cheap."
"I rate the pricing a five out of ten."
"While not extremely cheap, it aligns well with market standards and offers good value."
"I am using the free version of the solution."
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
792,905 professionals have used our research since 2012.

Top Industries

By visitors reading reviews
Educational Organization
Computer Software Company
Financial Services Firm
Manufacturing Company
Computer Software Company
Financial Services Firm
Manufacturing Company
Healthcare Company

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business

Questions from the Community

What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
What is your experience regarding pricing and costs for GitLab?
For small-scale usage, GitLab offers a free tier. For enterprise pricing, GitLab is more expensive than GitHub, as it's not as widely adopted. GitLab is the preferred choice for many developers des...
What needs improvement with GitLab?
I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities. Better integration and usability within the pipeline could make a significan...
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
I would rate the price an eight out of ten because it's reasonable. While not extremely cheap, it aligns well with market standards and offers good value. It's an all-inclusive package where you pa...
What needs improvement with SonarCloud?
There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation coul...



Also Known As

No data available

Learn More


Interactive Demo

Demo not available



Sample Customers

1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Find out what your peers are saying about GitLab vs. SonarCloud and other solutions. Updated: July 2024.
792,905 professionals have used our research since 2012.