Try our new research platform with insights from 80,000+ expert users
SonarQube Cloud (formerly SonarCloud) Logo

SonarQube Cloud (formerly SonarCloud) pros and cons

Vendor: Sonar
4.1 out of 5
Start review

Pros & Cons summary

SonarQube Cloud (formerly SonarCloud) identifies vulnerabilities and security hotspots at the developer level with ease of setup and integration, especially with YAML pipelines. It excels in reporting code quality metrics such as code duplication and test coverage. However, it needs enhanced code issue solutions for CVEs, false positive management, improved dynamic code analysis compared to Veracode, and full integration with CI/CD pipelines to boost customization and flexibility.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

SonarQube Cloud (formerly SonarCloud) excels in discovering vulnerabilities, security weak points, and hotspots, enabling code deployment with enhanced security.
It provides continuous code analysis, improving code quality and offering immediate vulnerability reports on its dashboard.
The tool features a unified dashboard view for metrics like code duplication, unit test coverage, and security hotspots.
SonarQube Cloud has recently added support for mono reports and microservices, providing detailed insight into each service.
It easily integrates into YAML pipelines for code scanning, aiding in code inspection and addressing technical debt.

CONS

SonarQube Cloud (formerly SonarCloud) has limitations in testing within containers, necessitating additional tools for comprehensive coverage.
There are ongoing issues with the scanner and handling of false positives, requiring manual intervention for corrections.
Notifications could be expanded to reach additional team members to improve collaboration and communication.
The integration into the CI/CD pipeline is incomplete, highlighting a lack of full connectivity with other tools across various development stages.
Improvements in dynamic code analysis are needed, as current capabilities are insufficient compared to competitors like Veracode.
 

SonarQube Cloud (formerly SonarCloud) Pros review quotes

reviewer1992327 - PeerSpot reviewer
Dec 11, 2023
SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs.
Read full review
Huzaifa Asif - PeerSpot reviewer
Dec 12, 2023
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
Read full review
reviewer1871532 - PeerSpot reviewer
May 29, 2022
I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is.
Read full review
Buyer's Guide
SonarQube Cloud (formerly SonarCloud)
April 2025
Free Report: SonarQube Cloud (formerly SonarCloud) Reviews and More
Learn what your peers think about SonarQube Cloud (formerly SonarCloud). Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
DOWNLOAD NOW
849,686 professionals have used our research since 2012.
SenthuranPooranananthan - PeerSpot reviewer
Apr 25, 2022
The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions.
Read full review
Diego Moreo - PeerSpot reviewer
Oct 7, 2024
The SaaS solution for checking code without execution and dealing with security issues is valuable.
Read full review
Archana Verma - PeerSpot reviewer
Feb 24, 2025
I find SonarQube Cloud to be very user-friendly with an easy-to-use interface.
Read full review
reviewer933816 - PeerSpot reviewer
Apr 18, 2025
The most valuable features of SonarQube Cloud (formerly SonarCloud) include code inspection, addressing technical debt, and identifying security vulnerabilities.
Read full review
HT
Jun 24, 2021
For what it is meant to do, it works pretty well.
Read full review
RG
Apr 9, 2025
It is the best product we use for easy integration into YAML pipelines for scanning.
Read full review
reviewer2356089 - PeerSpot reviewer
Feb 18, 2025
I find SonarQube Cloud very easy to use and simple to integrate initially.
Read full review
Show 5 more reviews (out of 15)
 

SonarQube Cloud (formerly SonarCloud) Cons review quotes

reviewer1992327 - PeerSpot reviewer
Dec 11, 2023
The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps.
Read full review
Huzaifa Asif - PeerSpot reviewer
Dec 12, 2023
There's room for improvement in the configuration process, particularly during the initial setup phase.
Read full review
reviewer1871532 - PeerSpot reviewer
May 29, 2022
CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling.
Read full review
Buyer's Guide
SonarQube Cloud (formerly SonarCloud)
April 2025
Free Report: SonarQube Cloud (formerly SonarCloud) Reviews and More
Learn what your peers think about SonarQube Cloud (formerly SonarCloud). Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
DOWNLOAD NOW
849,686 professionals have used our research since 2012.
SenthuranPooranananthan - PeerSpot reviewer
Apr 25, 2022
SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive.
Read full review
Diego Moreo - PeerSpot reviewer
Oct 7, 2024
Reporting features are missing in SonarCloud.
Read full review
Archana Verma - PeerSpot reviewer
Feb 24, 2025
The UI can be improved.
Read full review
reviewer933816 - PeerSpot reviewer
Apr 18, 2025
SonarQube Cloud needs improvements in dynamic code analysis. Static code analysis is good, but the product lacks dynamic code scanning capabilities, an area where Veracode excels.
Read full review
HT
Jun 24, 2021
I've been told by the developers that the solution is too limited. It's not testing enough within the containers.
Read full review
RG
Apr 9, 2025
I need a solution that can bring together three key areas: vulnerabilities, static scanning, and misarchitecture. Currently, to achieve our expectations, we have to use more than one product, as some products excel at scanning for vulnerabilities but are poor at checking code quality.
Read full review
reviewer2356089 - PeerSpot reviewer
Feb 18, 2025
SonarQube Cloud could improve its vulnerability detection compared to Veracode.
Read full review
Show 5 more reviews (out of 15)

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs SonarQube Cloud (formerly SonarCloud) Logo
SonarQube Server (formerly SonarQube) vs SonarQube Cloud (formerly SonarCloud)
GitLab vs SonarQube Cloud (formerly SonarCloud) Logo
GitLab vs SonarQube Cloud (formerly SonarCloud)
Checkmarx One vs SonarQube Cloud (formerly SonarCloud) Logo
Checkmarx One vs SonarQube Cloud (formerly SonarCloud)
Veracode vs SonarQube Cloud (formerly SonarCloud) Logo
Veracode vs SonarQube Cloud (formerly SonarCloud)
Coverity vs SonarQube Cloud (formerly SonarCloud) Logo
Coverity vs SonarQube Cloud (formerly SonarCloud)
OWASP Zap vs SonarQube Cloud (formerly SonarCloud) Logo
OWASP Zap vs SonarQube Cloud (formerly SonarCloud)
Fortify on Demand vs SonarQube Cloud (formerly SonarCloud) Logo
Fortify on Demand vs SonarQube Cloud (formerly SonarCloud)
HCL AppScan vs SonarQube Cloud (formerly SonarCloud) Logo
HCL AppScan vs SonarQube Cloud (formerly SonarCloud)
PortSwigger Burp Suite Professional vs SonarQube Cloud (formerly SonarCloud) Logo
PortSwigger Burp Suite Professional vs SonarQube Cloud (formerly SonarCloud)
Qualys Web Application Scanning vs SonarQube Cloud (formerly SonarCloud) Logo
Qualys Web Application Scanning vs SonarQube Cloud (formerly SonarCloud)
Klocwork vs SonarQube Cloud (formerly SonarCloud) Logo
Klocwork vs SonarQube Cloud (formerly SonarCloud)
Invicti vs SonarQube Cloud (formerly SonarCloud) Logo
Invicti vs SonarQube Cloud (formerly SonarCloud)
Semgrep vs SonarQube Cloud (formerly SonarCloud) Logo
Semgrep vs SonarQube Cloud (formerly SonarCloud)
Kiuwan vs SonarQube Cloud (formerly SonarCloud) Logo
Kiuwan vs SonarQube Cloud (formerly SonarCloud)
Cycode vs SonarQube Cloud (formerly SonarCloud) Logo
Cycode vs SonarQube Cloud (formerly SonarCloud)
See all alternatives

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs SonarQube Cloud (formerly SonarCloud) Logo
SonarQube Server (formerly SonarQube) vs SonarQube Cloud (formerly SonarCloud)
GitLab vs SonarQube Cloud (formerly SonarCloud) Logo
GitLab vs SonarQube Cloud (formerly SonarCloud)
Checkmarx One vs SonarQube Cloud (formerly SonarCloud) Logo
Checkmarx One vs SonarQube Cloud (formerly SonarCloud)
Veracode vs SonarQube Cloud (formerly SonarCloud) Logo
Veracode vs SonarQube Cloud (formerly SonarCloud)
Coverity vs SonarQube Cloud (formerly SonarCloud) Logo
Coverity vs SonarQube Cloud (formerly SonarCloud)
OWASP Zap vs SonarQube Cloud (formerly SonarCloud) Logo
OWASP Zap vs SonarQube Cloud (formerly SonarCloud)
Fortify on Demand vs SonarQube Cloud (formerly SonarCloud) Logo
Fortify on Demand vs SonarQube Cloud (formerly SonarCloud)
HCL AppScan vs SonarQube Cloud (formerly SonarCloud) Logo
HCL AppScan vs SonarQube Cloud (formerly SonarCloud)
PortSwigger Burp Suite Professional vs SonarQube Cloud (formerly SonarCloud) Logo
PortSwigger Burp Suite Professional vs SonarQube Cloud (formerly SonarCloud)
Qualys Web Application Scanning vs SonarQube Cloud (formerly SonarCloud) Logo
Qualys Web Application Scanning vs SonarQube Cloud (formerly SonarCloud)
Klocwork vs SonarQube Cloud (formerly SonarCloud) Logo
Klocwork vs SonarQube Cloud (formerly SonarCloud)
Invicti vs SonarQube Cloud (formerly SonarCloud) Logo
Invicti vs SonarQube Cloud (formerly SonarCloud)
Semgrep vs SonarQube Cloud (formerly SonarCloud) Logo
Semgrep vs SonarQube Cloud (formerly SonarCloud)
Kiuwan vs SonarQube Cloud (formerly SonarCloud) Logo
Kiuwan vs SonarQube Cloud (formerly SonarCloud)
Cycode vs SonarQube Cloud (formerly SonarCloud) Logo
Cycode vs SonarQube Cloud (formerly SonarCloud)
See all alternatives
Related questions
  • 14
What Application Security Solution Do You Use That Is DevOps Friendly?
  • 65
Which is the most comprehensive open source Web Security Testing tool?
  • 131
What is the best Application Security Testing platform?
  • 7
When evaluating Application Security Testing, what aspect do you think is the most important to look for?
  • 55
SAST vs. DAST: Which is better for application security testing?
  • 68
What tools do you rely on for building a DevSecOps pipeline?
  • 39
What does the Log4j/Log4Shell vulnerability mean for your company?
  • 53
Checkmarx or Veracode. Which should we choose?
  • 69
What are your recommended automated penetration testing tools?
  • 40
What are the OWASP top 10 in 2020?