SonarCloud Reviews

Name: SonarCloud
Brand: Sonar
Rating: 4 (6 reviews)

Vendor: Sonar

4.2 out of 5

6 reviews

What is SonarCloud?UNIXBusinessApplication
Price:

SonarCloud is the leading online service to catch Bugs and Security Vulnerabilities in your Pull Requests and throughout your code repositories. Totally free for open-source projects (paid plan for private projects), SonarCloud pairs with existing cloud-based CI/CD workflows, and provides clear resolution guidance for any Code Quality or Code Security issue it detects. With more than 1 billion lines of code analyzed every week, SonarCloud empowers development teams of all sizes to write cleaner and safer code, across 24 programming languages.

Get the Application Security Testing (AST) Buyer's Guide and find out what your peers are saying about SonarCloud, SonarQube, Veracode and more!

Buyer's Guide

Application Security Testing (AST)

August 2023

Get the category report

Helped 735,226 peers since 2012

Featured reviews

SenthuranPooranananthan

Senior Director of DevOps at Asset Works

Apr 25, 2022

The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions. Having SonarCloud on the cloud there is no maintenance because they patch everything. It's easy to maintain, but it may be a problem with very large organizations because of some of the false-positive and you may need to be very cautious on very large enterprises. The solution is best suited for startups and mid-size companies. It is supporting the mono and multi report and overall they're always improving. Initially, they did not support the mono report, now they started supporting the mono report approach, when is a benefit.

Read full review

Rashedul Khan

Senior Software Engineer at Cimsolutions

Mar 10, 2023

What is our primary use case We are using SonarCloud for static analysis. We must utilize this tool for code analysis prior to deployment. For instance, it is necessary to check for bugs or inconsistencies in the code and rectify them. SonarCloud can assist in this regard by providing…

Read full review

GHASSAN ODETALLAH

Head of Quality Engineers/Automation Architect at a tech company with 201-500 employees

Jan 17, 2022

What is our primary use case We use SonarCloud tools for all our 20 repositories and we are connecting the SonarCloud, from the Bitbucket pipeline. What is most valuable? The reports from SonarCloud are very good. What needs improvement? We had some issues with the scanner. For how…

Read full review

Pricing

"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"I am using the free version of the solution."

Valuable Features

"For what it is meant to do, it works pretty well."
"The reports from SonarCloud are very good."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."

Room For Improvement

"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"We had some issues with the scanner."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."

Pricing

"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"I am using the free version of the solution."

Valuable Features

"For what it is meant to do, it works pretty well."
"The reports from SonarCloud are very good."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."

Room For Improvement

"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"We had some issues with the scanner."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Application Security Testing (AST) Buyer's Guide for additional reliable information.

Learn more about SonarCloud

SonarCloud is the #10 ranked solution in AST tools. PeerSpot users give SonarCloud an average rating of 8.4 out of 10. SonarCloud is most commonly compared to SonarQube: SonarCloud vs SonarQube. SonarCloud is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.