SonarQube Server and SonarQube Cloud compete in the software development category, focusing on code quality and analysis. SonarQube Cloud has the upper hand for smaller to midsize companies due to its ease of maintenance and managed solution, while SonarQube Server offers more flexibility and customization options for larger enterprises.
Features: SonarQube Server includes customizable dashboards, open-source flexibility, and personalized code quality checks. SonarQube Cloud offers seamless integration capabilities, managed services, and easy maintenance, which are particularly beneficial for smaller organizations.
Room for Improvement: SonarQube Server requires enhancements in UI design, language support, and performance with large projects. Expanding security features and improving JIRA integration are also needed. SonarQube Cloud users seek better documentation, enhanced dynamic code scanning, and greater customization options.
Ease of Deployment and Customer Service: SonarQube Server offers hybrid, on-premises, and private cloud deployment options, suited to larger organizations with varied infrastructures. SonarQube Cloud emphasizes simplicity in public cloud deployments, suitable for companies preferring minimal maintenance. SonarQube Server users rely on community support, while SonarQube Cloud users sometimes face challenges with support engagement but have available community resources.
Pricing and ROI: SonarQube Server is cost-effective due to its open-source model, providing significant ROI with minimal costs for enterprises managing infrastructure. SonarQube Cloud is reasonably priced per lines of code but might be less affordable for small firms. Both solutions deliver value by enhancing code quality and operational efficiencies.
It is easily integrable with the CI/CD pipeline and supports multiple projects with its extensive plugin options.
The product is designed for bigger clients, while smaller companies are often put aside.
I have seen a return on the investment from SonarQube Server (formerly SonarQube) because the value it adds relates to static code analysis and vulnerability assessments needed for our FDA approval process.
We see productivity increasing based on the fact that the code review is mostly automated, allowing the developer to fix the code themselves before assigning it to someone else to review, thus receiving that ROI.
It's more about maintaining standards and being able to prevent issues before they occur.
The customer service and support for SonarQube Cloud are responsive and helpful.
Integrating it into different solutions is straightforward.
The community support is quite effective.
I would rate the technical support for SonarQube Server (formerly SonarQube) as a 10 because we have not faced any specific issues that required us to contact tech support, which is a very rare case.
They showed us where we can actually get those granular level reporting extracted for Excel, which was a quick guide.
There are limitations, and it seems to have fewer capabilities than Veracode.
It has been used in multiple projects and performs well.
SonarQube Cloud is a scalable product, and I rate its scalability at seven out of ten.
I find SonarQube Server (formerly SonarQube) very scalable because we're able to create a new repository and integrate all the tools on that project and it just works.
I would rate the scalability of SonarQube Server as a 10 because we can configure the server to scan multiple projects based on the number of lines.
From my team's feedback, it is almost an eight out of ten.
It is a quite stable solution.
I think SonarQube Server (formerly SonarQube) is stable, and we did not face any problems unless there was a power outage or if the LAN cable was plugged out.
I need a solution that can bring together three key areas: vulnerabilities, static scanning, and misarchitecture.
I would like to see SonarQube Cloud provide more detailed solutions for fixing code issues, especially solutions related to CVEs.
Static code analysis is good, but the product lacks dynamic code scanning capabilities, an area where Veracode excels.
If I fix some vulnerabilities today, they reappear in the next scan, and there will be completely different issues that need to be fixed.
Instead of grouping, I would prefer to scan the code as part of development and then generate a report on a daily basis among different units or projects, which is currently complicated.
As soon as I see that they've got a new feature that integrates AI that is not as generative as other GenAI platforms that actually generate the code and help developers develop faster, I believe that capability is lacking.
SonarQube Cloud is roughly equivalent in cost to Veracode, maybe a little cheaper.
From my experience, SonarQube Cloud (formerly SonarCloud) is very expensive for small companies.
We used the open-source version of SonarQube Cloud for its minimum features and did not license its extensive capabilities.
They always offer around a two-year contract, but we always take a one-year contract because it's expensive.
I would rate the pricing for SonarQube Server (formerly SonarQube) as an 8, where 1 is very cheap and 10 is very expensive, because Coverity is very expensive, and while SonarQube is not cheap, it is still less expensive than Coverity.
The freemium version of SonarQube Server offers excellent value, especially compared to the high costs of Snyk.
It is integrated easily with the CI/CD pipeline, saving time and cost.
The most valuable features of SonarQube Cloud (formerly SonarCloud) include code inspection, addressing technical debt, and identifying security vulnerabilities.
I find SonarQube Cloud very easy to use and simple to integrate initially.
The most valuable features in SonarQube Server are static code analysis, code review, and unit test coverage, with heavy usage of all three.
Some of the static code analysis capabilities are the most beneficial.
We use SonarQube Server's centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve.
| Product | Market Share (%) |
|---|---|
| SonarQube Server (formerly SonarQube) | 20.3% |
| SonarQube Cloud (formerly SonarCloud) | 4.2% |
| Other | 75.5% |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 3 |
| Large Enterprise | 4 |
| Company Size | Count |
|---|---|
| Small Business | 32 |
| Midsize Enterprise | 21 |
| Large Enterprise | 75 |
SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.
SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.
What are the key features of SonarQube Cloud?In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.
SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.
SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.
What are the key features of SonarQube Server?Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
