SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.
| Product | Market Share (%) |
|---|---|
| SonarQube Cloud (formerly SonarCloud) | 4.2% |
| SonarQube Server (formerly SonarQube) | 20.3% |
| Checkmarx One | 9.9% |
| Other | 65.6% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Static Application Security Testing (SAST) | Sep 3, 2025 | Download |
| Product | Reviews, tips, and advice from real users | Sep 3, 2025 | Download |
| Comparison | SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube) | Sep 3, 2025 | Download |
| Comparison | SonarQube Cloud (formerly SonarCloud) vs Veracode | Sep 3, 2025 | Download |
| Comparison | SonarQube Cloud (formerly SonarCloud) vs Checkmarx One | Sep 3, 2025 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| SonarQube Server (formerly SonarQube) | 4.0 | 20.3% | 81% | 116 interviewsAdd to research |
| GitLab | 4.2 | 2.4% | 97% | 86 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 3 |
| Large Enterprise | 4 |
| Company Size | Count |
|---|---|
| Small Business | 281 |
| Midsize Enterprise | 235 |
| Large Enterprise | 660 |
SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.
What are the key features of SonarQube Cloud?In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.
| Author info | Rating | Review Summary |
|---|---|---|
| Security Analyst at Dover Corporation | 4.0 | I use SonarQube Cloud daily on Microsoft Azure for security checks, finding it user-friendly with precise reports and easy CI/CD integration. It saves time, offers detailed code insights, but could improve UI and provide more elaborate solutions for CVEs. |
| CEO at a computer software company with 1-10 employees | 3.5 | I primarily use SonarQube Cloud for static code analysis because it's easy to integrate and use. However, it needs improved vulnerability detection compared to Veracode, which I find more complex but with better capabilities. I haven't calculated ROI yet. |
| Architect at sigpsc inc | 4.5 | I use SonarQube Cloud for scanning code quality and identifying vulnerabilities, noting its excellent integration into YAML pipelines. However, I find it lacks in covering vulnerabilities, static scanning, and misarchitecture comprehensively, and it caters more to larger clients. |
| Software Quality Coordinator at a retailer with 10,001+ employees | 4.0 | We use SonarCloud integrated into our pipeline to ensure code quality and detect security issues as a quality gate. While it meets our needs, it lacks reporting features. We're considering Veracode as an alternative due to increasing costs. |
| consultant at a computer software company with 1,001-5,000 employees | 4.0 | I use SonarQube Cloud for code inspection, managing technical debt, and identifying security vulnerabilities. Its integration with CI/CD tools is invaluable, though it lacks dynamic code scanning. The interface is superior, and it's a great fit for several languages and platforms. |
| DevOps Lead at CODVO | 3.5 | I use SonarQube Cloud for code analysis in CI/CD pipelines to track vulnerabilities and code quality, though it lacks features like DAST and auto-ticketing, and some useful functionalities now require a paid version. |
| Cloud Engineer | Solution Architect at Respond.io | 4.5 | SonarQube Cloud is our primary tool for static code analysis, excelling in security and code optimization. The recent support for mono reports enhances service assessments, though setup and documentation could improve. Its all-in-one capability and positive ROI are notable. |
| Senior Director of DevOps at Asset Works | 4.0 | No summary available |
