No more typing reviews! Try our Samantha, our new voice AI agent.
SonarQube Logo

SonarQube pros and cons

Vendor: SonarSource Sàrl
4.0 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

SonarQube enhances software quality by identifying security vulnerabilities, technical debt, and code anomalies across multiple languages. It offers customizable security scanning and integration with tools like Jenkins and GitLab for CI/CD pipeline enhancement. Quality Gates enforce coding standards to maintain code quality. However, upgrading is problematic, Python scans lack rules, and support is inadequate. Security scanning limitations and integration challenges with tools pose issues against competitors like Fortify.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

SonarQube improves software quality by helping teams identify security vulnerabilities, technical debt, and code anomalies in multiple programming languages.
It provides customizable security scanning that helps developers identify and rectify security weaknesses and other code issues during development.
Integration capabilities with tools like Jenkins, Bitbucket, GitLab, and Azure DevOps enhance the CI/CD pipeline, allowing for seamless integration and quality checks.
SonarQube offers powerful features that allow the setting of Quality Gates, which enforce coding standards and help maintain high-quality code by preventing insufficient code from being deployed.
It enables organizations to monitor coding standards, reduce bugs, and achieve better code coverage, contributing to faster release cycles and enhanced software stability.

CONS

Ease of upgrading SonarQube is problematic and can lead to database issues.
Python code scan lacks sufficient rules, making it ineffective.
Technical support and documentation are perceived as inadequate.
SonarQube has limitations in security scanning and faces competition from security-focused tools like Fortify.
Integrating SonarQube with other tools and performing configurations is challenging.
 

SonarQube Pros review quotes

it_user333624 - PeerSpot reviewer
it_user333624
Software Developer at a tech services company with 501-1,000 employees
Oct 28, 2015
I have fallen in love with SonarQube when I could've easily built custom rules checks.
Read full review
it_user333735 - PeerSpot reviewer
it_user333735
QA Engineer at a tech services company with 51-200 employees
Oct 28, 2015
This product helps us to determine the maturity and quality of the coding of our software customers, preventing future crashes in the software.
Read full review
it_user336438 - PeerSpot reviewer
it_user336438
Web Developer/DevOps Engineer with 501-1,000 employees
Oct 29, 2015
It is quality software, even if the plugins are often weaker than would be necessary to have a team centralize around it.
Read full review
Buyer's Guide
SonarQube
March 2026
Free Report: SonarQube Reviews and More
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
885,376 professionals have used our research since 2012.
it_user327384 - PeerSpot reviewer
it_user327384
Assistant Director Implementation Services at a financial services firm with 5,001-10,000 employees
Nov 1, 2015
The rich graphical representation of numbers which are meaningful to dev leads, managers, and top management.
Read full review
it_user344817 - PeerSpot reviewer
it_user344817
Service Line Leader at a tech services company with 10,001+ employees
Aug 25, 2017
It's enabled us to improve software quality and help us to disseminate best practices.
Read full review
it_user100635 - PeerSpot reviewer
it_user100635
Technical Authority Digital at a insurance company with 1,001-5,000 employees
Apr 23, 2016
SonarQube plays a key role in this endeavour and provides Senior Management oversight across multiple project teams and business deliveries.
Read full review
it_user347526 - PeerSpot reviewer
it_user347526
Software Engineer, Agile/Lean Evangelist, Scrum Master at a tech services company with 51-200 employees
Nov 28, 2015
We have seen a decrease of about 25% of issues from since we first started using it a few months ago, and my team code bases are getting better.
Read full review
it_user347595 - PeerSpot reviewer
it_user347595
Java Developer at a tech consulting company with 51-200 employees
Nov 28, 2015
The feature I find most valuable are Quick access to issues in the code, the ability to define your own analysis profiles, and easy integration with Jenkins.
Read full review
it_user697038 - PeerSpot reviewer
it_user697038
DevOps at a tech company with 10,001+ employees
Jul 6, 2017
We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage.
Read full review
it_user697050 - PeerSpot reviewer
it_user697050
SW Automation Team Leader at a tech services company with 201-500 employees
Jul 5, 2017
SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed).
Read full review
Show 10 more reviews (out of 131)
 

SonarQube Cons review quotes

it_user333624 - PeerSpot reviewer
it_user333624
Software Developer at a tech services company with 501-1,000 employees
Oct 28, 2015
Predefined rules/overriding rules caused some issues.
Read full review
it_user333735 - PeerSpot reviewer
it_user333735
QA Engineer at a tech services company with 51-200 employees
Oct 28, 2015
The worst about this tool I think is the upgrade method, and it's really easy to wreck the database when upgrading.
Read full review
it_user336438 - PeerSpot reviewer
it_user336438
Web Developer/DevOps Engineer with 501-1,000 employees
Oct 29, 2015
The Python code scan has so few rules that it is meaningless.
Read full review
Buyer's Guide
SonarQube
March 2026
Free Report: SonarQube Reviews and More
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
885,376 professionals have used our research since 2012.
it_user327384 - PeerSpot reviewer
it_user327384
Assistant Director Implementation Services at a financial services firm with 5,001-10,000 employees
Nov 1, 2015
Executing sonar analysis on a big chunk of code with an Oracle database does take up a lot of time.
Read full review
it_user344817 - PeerSpot reviewer
it_user344817
Service Line Leader at a tech services company with 10,001+ employees
Aug 25, 2017
A better design of the interface and add some new rules.
Read full review
it_user100635 - PeerSpot reviewer
it_user100635
Technical Authority Digital at a insurance company with 1,001-5,000 employees
Apr 23, 2016
Response to queries directly to SonarSource haven't always been particularly successful, but the community forum is pretty good.
Read full review
it_user347526 - PeerSpot reviewer
it_user347526
Software Engineer, Agile/Lean Evangelist, Scrum Master at a tech services company with 51-200 employees
Nov 28, 2015
The only thing I don't like is that they removed the design libraries and dependencies-checking features from v5.2.
Read full review
it_user347595 - PeerSpot reviewer
it_user347595
Java Developer at a tech consulting company with 51-200 employees
Nov 28, 2015
Product is good, but the API documentation is poor, when it exists at all.
Read full review
it_user697038 - PeerSpot reviewer
it_user697038
DevOps at a tech company with 10,001+ employees
Jul 6, 2017
We had some issues where the Quality Gate check sometimes gets stuck and it is unclear.
Read full review
it_user697050 - PeerSpot reviewer
it_user697050
SW Automation Team Leader at a tech services company with 201-500 employees
Jul 5, 2017
There is need for support for the additional languages and ease of use in adding new rules for detecting issues.
Read full review
Show 10 more reviews (out of 131)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Software Development Analytics

Popular Comparisons

Popular Comparisons
Snyk vs SonarQube Logo
Snyk vs SonarQube
Checkmarx One vs SonarQube Logo
Checkmarx One vs SonarQube
GitLab vs SonarQube Logo
GitLab vs SonarQube
Veracode vs SonarQube Logo
Veracode vs SonarQube
CrowdStrike Falcon Cloud Security vs SonarQube Logo
CrowdStrike Falcon Cloud Security vs SonarQube
Coverity Static vs SonarQube Logo
Coverity Static vs SonarQube
GitHub Advanced Security vs SonarQube Logo
GitHub Advanced Security vs SonarQube
Acunetix vs SonarQube Logo
Acunetix vs SonarQube
Mend.io vs SonarQube Logo
Mend.io vs SonarQube
OpenText Core Application Security vs SonarQube Logo
OpenText Core Application Security vs SonarQube
Sonatype Lifecycle vs SonarQube Logo
Sonatype Lifecycle vs SonarQube
OWASP Zap vs SonarQube Logo
OWASP Zap vs SonarQube
PortSwigger Burp Suite Professional vs SonarQube Logo
PortSwigger Burp Suite Professional vs SonarQube
GitGuardian Platform vs SonarQube Logo
GitGuardian Platform vs SonarQube
HackerOne vs SonarQube Logo
HackerOne vs SonarQube
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Software Development Analytics

Popular Comparisons

Popular Comparisons
Snyk vs SonarQube Logo
Snyk vs SonarQube
Checkmarx One vs SonarQube Logo
Checkmarx One vs SonarQube
GitLab vs SonarQube Logo
GitLab vs SonarQube
Veracode vs SonarQube Logo
Veracode vs SonarQube
CrowdStrike Falcon Cloud Security vs SonarQube Logo
CrowdStrike Falcon Cloud Security vs SonarQube
Coverity Static vs SonarQube Logo
Coverity Static vs SonarQube
GitHub Advanced Security vs SonarQube Logo
GitHub Advanced Security vs SonarQube
Acunetix vs SonarQube Logo
Acunetix vs SonarQube
Mend.io vs SonarQube Logo
Mend.io vs SonarQube
OpenText Core Application Security vs SonarQube Logo
OpenText Core Application Security vs SonarQube
Sonatype Lifecycle vs SonarQube Logo
Sonatype Lifecycle vs SonarQube
OWASP Zap vs SonarQube Logo
OWASP Zap vs SonarQube
PortSwigger Burp Suite Professional vs SonarQube Logo
PortSwigger Burp Suite Professional vs SonarQube
GitGuardian Platform vs SonarQube Logo
GitGuardian Platform vs SonarQube
HackerOne vs SonarQube Logo
HackerOne vs SonarQube
See all alternatives
Related questions
  • 340
Is SonarQube the best tool for static analysis?
  • 61
Which gives you more for your money - SonarQube or Veracode?
  • 40
What Is The Biggest Difference Between Fortify on Demand And SonarQube?
  • 56
What is the biggest difference between Checkmarx and SonarQube?
  • 101
Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
  • 64
How does SonarQube instance relate to the license?
  • 208
Which software is ideal for code quality and security?
  • 149
What is the difference between Coverity and SonarQube?
  • 39
What is the biggest difference between Coverity and SonarQube?
  • 389
How would you decide between Coverity and Sonarqube?