• Home
  • SonarCloud vs. SonarQube

SonarCloud vs SonarQube comparison

Cancel
You must select at least 2 products to compare!
Sonar Logo

SonarCloud

Read 10 SonarCloud reviews
10,008 views|7,371 comparisons
100% willing to recommend
Sonar Logo

SonarQube

Read 108 SonarQube reviews
53,436 views|42,331 comparisons
80% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
SonarCloud vs. SonarQube
March 2024
Executive Summary
Updated on Mar 20, 2023

We performed a comparison between SonarCloud and SonarQube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Based on the reviews, both SonarCloud and SonarQube appear to have relatively straightforward deployment processes, although some minor issues were reported with the initial setup of each platform.
  • Features: SonarCloud is best for startups and mid-size companies, discovering vulnerabilities, security weak points, and feedback on feature branches. SonarQube detects code quality during development, code standard rules, and covers top OWASP vulnerabilities, with easy DevOps pipeline configuration. Its dynamic testing and automation could be improved.
  • Pricing: SonarCloud pricing is based on the number of users, services, and lines of code. SonarQube offers a free open source version and a yearly subscription for the enterprise version.
  • Service and Support: SonarCloud has community support, but not technical support. SonarQube offers online resources and support at an additional cost.

Comparison Result: Based on the parameters we compared, SonarQube comes out ahead of SonarCloud. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that SonarCloud lacks technical support.

To learn more, read our detailed SonarCloud vs. SonarQube Report (Updated: March 2024).
Download the complete report
768,578 professionals have used our research since 2012.
Featured Review
Huzaifa Asif
A comprehensive code quality management offering all-in-one functionality, including static code analysis, security...
Through SonarCloud, we gain insights, especially in a microservices environment with product-based products. It provides valuable guidance in... Read more →
Devid William
An affordable and stable solution that has a variety of features that enable users to improve their products
We see the security issues in our solutions with the help of the product. It helps us improve the solutions.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs.""The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules.""The solution can be installed locally.""Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots.""For what it is meant to do, it works pretty well.""The reports from SonarCloud are very good.""The most valuable feature of SonarCloud is its overall performance.""I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."

More SonarCloud Pros →

"The product itself has a friendly UI.""We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard.""SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications.""This solution has the capability to analyze source code in almost all the languages in the market.""It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go.""The solution's user interface is very user-friendly.""I like that it helps us maintain our work quality and code security.""My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it."

More SonarQube Pros →

Cons
"We had some issues with the scanner.""It would be helpful if notifications could go out to an extra person.""SonarCloud's UI needs enhancement.""The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit.""The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps.""I've been told by the developers that the solution is too limited. It's not testing enough within the containers.""There's room for improvement in the configuration process, particularly during the initial setup phase.""The solution needs to improve its customization and flexibility."

More SonarCloud Cons →

"The product must improve security analysis.""I am not very pleased with the technical debt computation.""The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations.""We did have some trouble with the LDAP integration for the console.""The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment.""The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities.""The handling of the contents of Docker container images could be better.""A better design of the interface and add some new rules."

More SonarQube Cons →

Pricing and Cost Advice
  • "The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
  • "The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
  • "I am using the free version of the solution."
  • "I rate the pricing a five out of ten."
  • "While not extremely cheap, it aligns well with market standards and offers good value."
  • "The current pricing is quite cheap."

    • More SonarCloud Pricing and Cost Advice →

  • "This is open source."
  • "We did not purchase a license (required for C++ support), but this option was considered."
  • "Get the paid version which allows the customized dashboard and provides technical support."
  • "People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it."
  • "This product is open source and very convenient."
  • "The licence is standard open source licensing"
  • "The price point on SonarQube is good."
  • "Some of the plugins that were previously free are not free now."

    • More SonarQube Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    768,578 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about SonarCloud?
    Top Answer:Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
    Read all 9 answers   →
    What is your experience regarding pricing and costs for SonarCloud?
    Top Answer:I would rate the price an eight out of ten because it's reasonable. While not extremely cheap, it aligns well with market standards and offers good value. It's an all-inclusive package where you pay a… more »
    Read all 7 answers   →
    What needs improvement with SonarCloud?
    Top Answer:There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation could… more »
    Read all 9 answers   →
    Is SonarQube the best tool for static analysis?
    Top Answer:I am not very familiar with SonarQube and their solutions, so I can not answer But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have  a look… more »
    Read all 10 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Ranking
    10th
    out of 67 in Application Security Testing (AST)
    Views
    10,008
    Comparisons
    7,371
    Reviews
    8
    Average Words per Review
    524
    Rating
    8.4
    1st
    out of 67 in Application Security Testing (AST)
    Views
    53,436
    Comparisons
    42,331
    Reviews
    19
    Average Words per Review
    391
    Rating
    8.0
    Comparisons
    Veracode logo
    Veracode vs. SonarCloud
    Compared 7% of the time.
    Checkmarx One logo
    Checkmarx One vs. SonarCloud
    Compared 5% of the time.
    OWASP Zap logo
    OWASP Zap vs. SonarCloud
    Compared 3% of the time.
    GitLab logo
    GitLab vs. SonarCloud
    Compared 3% of the time.
    Coverity logo
    Coverity vs. SonarCloud
    Compared 2% of the time.
    More SonarCloud Competitors   →
    Checkmarx One logo
    Checkmarx One vs. SonarQube
    Compared 21% of the time.
    Coverity logo
    Coverity vs. SonarQube
    Compared 11% of the time.
    Veracode logo
    Veracode vs. SonarQube
    Compared 10% of the time.
    Snyk logo
    Snyk vs. SonarQube
    Compared 7% of the time.
    Sonatype Lifecycle logo
    Sonatype Lifecycle vs. SonarQube
    Compared 5% of the time.
    More SonarQube Competitors   →
    Also Known As
    Sonar
    Learn More
    Sonar
    Sonar
    Interactive Demo
    Sonar
    Watch a demo
    Sonar
    Watch a demo
    Overview

    SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security analysis as a service. SonarCloud integrates seamlessly with popular version control and CI/CD platforms such as GitHub, Bitbucket, and Azure DevOps. It provides static code analysis to identify and help remediate issues such as bugs and security vulnerabilities. SonarCloud enables developers to receive immediate feedback on their code within their development environment, facilitating the maintenance of high-quality code standards, and promoting a culture of continuous improvement in software development projects. It helps produce software that is secure, reliable, and maintainable. SonarCloud is free for open-source projects and is offered as a paid subscription for private projects, priced per lines of code.

    SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of your release pipeline, displaying pass/fail results for new code based on quality profiles you customize to your company standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production.

    At its core, SonarQube includes a static code analyzer that identifies bugs, security vulnerabilities, hidden secrets, and code smells. The platform guides you through issue resolution, fostering a culture of continuous improvement. SonarQube’s comprehensive reporting is a valuable tool for dev teams to monitor their codebase's overall health and quality across multiple projects in their portfolio. With SonarQube, you can achieve a state of Clean Code, leading to secure, reliable, and maintainable software.

    Sonar is the only solution combining the power of industry-leading software quality analysis with static application security testing (SAST) and real-time coding guidance in the IDE (with SonarLint) to meet the DevOps and DevSecOps demand of putting agility, automation, and security in the hands of developers. Further accelerate DevOps continuous integration by helping developers find and fix issues in code before the software testing stage, reducing the churn of finding, fixing, rebuilding, and retesting your app.

    With over 5,000 Clean Code rules, SonarQube analyzes 30+ of the most popular programming languages, including dozens of frameworks, the top DevOps platforms (GitLab, GitHub, Azure DevOps, and Bitbucket, and more), and the leading infrastructure as code (IaC) platforms.

    SonarQube is the most trusted static code analyzer used by over 7 million developers and 400,000 organizations globally to clean over half a trillion lines of code.

    Sample Customers
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm9%
    Manufacturing Company8%
    Healthcare Company5%
    REVIEWERS
    Computer Software Company30%
    Financial Services Firm21%
    Comms Service Provider7%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company15%
    Manufacturing Company11%
    Government6%
    Company Size
    REVIEWERS
    Small Business56%
    Midsize Enterprise33%
    Large Enterprise11%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise19%
    Large Enterprise58%
    REVIEWERS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise71%
    Buyer's Guide
    SonarCloud vs. SonarQube
    March 2024
    Free Report: SonarCloud vs. SonarQube
    Find out what your peers are saying about SonarCloud vs. SonarQube and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,578 professionals have used our research since 2012.

    SonarCloud is ranked 10th in Application Security Testing (AST) with 10 reviews while SonarQube is ranked 1st in Application Security Testing (AST) with 108 reviews. SonarCloud is rated 8.4, while SonarQube is rated 8.0. The top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". SonarCloud is most compared with Veracode, Checkmarx One, OWASP Zap, GitLab and Coverity, whereas SonarQube is most compared with Checkmarx One, Coverity, Veracode, Snyk and Sonatype Lifecycle. See our SonarCloud vs. SonarQube report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.