SonarQube Cloud (formerly SonarCloud) Reviews

Name: SonarQube Cloud (formerly SonarCloud)
Brand: Sonar
Rating: 4.1 (15 reviews)

Vendor: Sonar

4.1 out of 5

15 reviews
100% willing to recommend

What is SonarQube Cloud (formerly SonarCloud)?

SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.

Get the SonarQube Cloud (formerly SonarCloud) Buyer's Guide and find out what your peers are saying about SonarQube Cloud (formerly SonarCloud), SonarQube Server (formerly SonarQube), GitLab and more!

SonarQube Cloud (formerly SonarCloud) is the #10 ranked solution in AST tools. PeerSpot users give SonarQube Cloud (formerly SonarCloud) an average rating of 8.2 out of 10. SonarQube Cloud (formerly SonarCloud) is most commonly compared to SonarQube Server (formerly SonarQube): SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube). SonarQube Cloud (formerly SonarCloud) is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.

Buyer's Guide

SonarQube Cloud (formerly SonarCloud)

April 2025

Get the report

Helped 849,963 peers since 2012

Featured SonarQube Cloud (formerly SonarCloud) reviews

Archana Verma

Security Analyst at Dover Corporation

I find SonarQube Cloud to be very user-friendly with an easy-to-use interface. It provides detailed code smell reports and insights on hotspots, which can later represent security vulnerabilities. It gives precise reports compared to Coverity and has a slightly lower number of false positives. It is integrated easily with the CI/CD pipeline, saving time and cost. It provides information on upcoming vulnerability details and loopholes that might turn into vulnerabilities.

Read full review

Diego Moreo

Software Quality Coordinator at a retailer with 10,001+ employees

We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…

Read full review

SenthuranPooranananthan

Senior Director of DevOps at Asset Works

The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions. Having SonarCloud on the cloud there is no maintenance because they patch everything. It's easy to maintain, but it may be a problem with very large organizations because of some of the false-positive and you may need to be very cautious on very large enterprises. The solution is best suited for startups and mid-size companies. It is supporting the mono and multi report and overall they're always improving. Initially, they did not support the mono report, now they started supporting the mono report approach, when is a benefit.

Read full review

SonarQube Cloud (formerly SonarCloud) mindshare

As of May 2025, the mindshare of SonarQube Cloud (formerly SonarCloud) in the Static Application Security Testing (SAST) category stands at 5.9%, down from 6.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

PeerResearch reports based on SonarQube Cloud (formerly SonarCloud) reviews

Type	Title	Date
Category	Static Application Security Testing (SAST)	May 2, 2025	Download
Product	Reviews, tips, and advice from real users	May 2, 2025	Download
Comparison	SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube)	May 2, 2025	Download
Comparison	SonarQube Cloud (formerly SonarCloud) vs Veracode	May 2, 2025	Download
Comparison	SonarQube Cloud (formerly SonarCloud) vs Checkmarx One	May 2, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	25.0%	81%	114 interviews Add to research
GitLab	4.3	2.7%	97%	82 interviews Add to research

Valuable Features

SonarQube Cloud (formerly SonarCloud) excels in identifying vulnerabilities, code smells, and technical debt. It provides a user-friendly interface with easy CI/CD integration and unified code quality metrics. The platform is well-suited for startups and mid-size enterprises, aiding in security management without maintenance hassles. Users appreciate its continuous code analysis, streamlined workflow integration, and reduced false positives. They also value recent support for mono reports and microservices, enhancing detailed service assessments.

"The most valuable features of SonarQube Cloud (formerly SonarCloud) include code inspection, addressing technical debt, and identifying security vulnerabilities."
"It is the best product we use for easy integration into YAML pipelines for scanning."
"I find SonarQube Cloud to be very user-friendly with an easy-to-use interface."

Room for Improvement

SonarQube Cloud (formerly SonarCloud) needs enhanced container testing and better false positive management. Greater customization and improved integration with CI/CD pipelines are required. The UI and configuration documentation need refinement. More detailed vulnerability detection and dynamic code analysis are essential. Auto-commit functionality and comprehensive reporting tools, similar to competitors, would be beneficial. It should also support more robust solutions for code issues and consolidate data for better usage without external tools like Power BI.

"SonarQube Cloud needs improvements in dynamic code analysis. Static code analysis is good, but the product lacks dynamic code scanning capabilities, an area where Veracode excels."
"I need a solution that can bring together three key areas: vulnerabilities, static scanning, and misarchitecture. Currently, to achieve our expectations, we have to use more than one product, as some products excel at scanning for vulnerabilities but are poor at checking code quality."
"The UI can be improved. Additionally, in future updates, I would like to see SonarQube Cloud provide more detailed solutions for fixing code issues, especially solutions related to CVEs."

ROI

SonarQube Cloud (formerly SonarCloud) provides a positive return by aiding developers in identifying issues and enhancing their understanding of code. Although measuring ROI is challenging, some observe cost and time savings through seamless integration with CI/CD pipelines and support for multiple projects. Larger clients benefit significantly, particularly in addressing technical debt and coding standards, while smaller companies may feel overlooked. Some users note that initial low costs made ROI calculation less pressing.

Pricing

Enterprise buyers generally encounter mixed experiences with SonarQube Cloud's pricing. Some find it reasonable and cost-effective compared to competitors, typically charging around 4,000 USD annually per million lines of code. However, costs rise with increased lines and user needs, sometimes making it costly for those with significant codebases or smaller budgets. Some users utilize free or open-source options for minimal features, often foregoing extensive licensed capabilities to manage expenses. Overall, perception varies based on specific requirements and usage.

"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"The current pricing is quite cheap."
"While not extremely cheap, it aligns well with market standards and offers good value."

Popular Use Cases

SonarQube Cloud (formerly SonarCloud) is primarily used for static code analysis and application security testing across multiple repositories. Organizations leverage its capabilities to integrate with CI/CD pipelines, performing security, vulnerability checks, and identifying code duplication, code smells, and technical debt. It facilitates code quality inspections at the pull request level, acting as a quality gate before deployment, ensuring high-quality code and compliance with coding standards, contributing to continuous code improvement and security.

Service and Support

SonarQube Cloud customer service is often seen as responsive and helpful, with efforts to resolve issues quickly. While some users find community support strong, technical support is sometimes lacking, with delayed proactive communication. Integration is generally straightforward but documentation needs improvement. Many suggest enhancing the open-source community and platform-specific instructions to boost satisfaction. Several found interactions positive or did not need support, rating experiences between six and ten out of ten.

Deployment

SonarQube Cloud's initial setup is generally straightforward, with some implementations completed quickly. However, some challenges arise, particularly during framework installation and setup by less experienced teams. Incorporating an auto-commit function could enhance the process further. While one team found it quick and simple, taking approximately 10 minutes, another team required more time, involving three to four DevOps engineers over a month or two. Users find it easier compared to Veracode.

Scalability

SonarQube Cloud (formerly SonarCloud) exhibits adaptability with scaling for varying needs. Users from numerous backgrounds report expansion plans, highlighting decent functionality and reliability. Feedback scores it between seven to ten out of ten for capacity handling. Challenges arise, like scanning line limits, but many face no significant issues. Flexibility allows multiple projects and users, though some express concerns compared to platforms like Veracode. Scalability potential evolves with increased user demands.

Stability

SonarQube Cloud (formerly SonarCloud) is highly stable according to various users. Many rate its stability between eight to ten out of ten, highlighting its reliable performance. While praised for its consistency, some note challenges with user experience and integration, particularly for non-trained users. Documentation and support require improvement to aid seamless integration, specifically with CI/CD pipelines. Users request more active community support and better onboarding processes to enhance overall usability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our SonarQube Cloud (formerly SonarCloud) Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

18%

Financial Services Firm

10%

Manufacturing Company

10%

Insurance Company

Retailer

Healthcare Company

Comms Service Provider

Government

Construction Company

University

Media Company

Educational Organization

Energy/Utilities Company

Non Profit

Real Estate/Law Firm

Hospitality Company

Outsourcing Company

Pharma/Biotech Company

Legal Firm

Wholesaler/Distributor

Logistics Company

Recreational Facilities/Services Company

Performing Arts

Transportation Company

Wellness & Fitness Company

Engineering Company

Consumer Goods Company

Compare SonarQube Cloud (formerly SonarCloud) with alternative products

Learn more about SonarQube Cloud (formerly SonarCloud)

SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.

What are the key features of SonarQube Cloud?

Vulnerability Detection: Identifies potential security threats within code.
Security Hotspots: Highlights sections of the code that require closer inspection.
Feedback on Feature Branches: Enables early detection and resolution of quality issues.
No Maintenance: Ensures focus remains on development rather than tool upkeep.
Mono and Multi-Reports: Offers diverse insights into code quality.

What benefits should users look for?

Integration Ease: Seamlessly connects with popular development platforms.
Continuous Code Analysis: Provides consistent feedback to improve code standards.
Unified Quality View: Dashboard offers a comprehensive look at code metrics.
Security Insights: Detailed information on vulnerabilities and their impact.

In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.