SonarQube Server (formerly SonarQube) Reviews

Name: SonarQube Server (formerly SonarQube)
Brand: Sonar
Rating: 4.0 (114 reviews)

Vendor: Sonar

4.0 out of 5

114 reviews
81% willing to recommend

3,339 followers

Start review

What is SonarQube Server (formerly SonarQube)?

SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.

Get the SonarQube Server (formerly SonarQube) Buyer's Guide and find out what your peers are saying about SonarQube Server (formerly SonarQube), GitLab, Snyk and more!

SonarQube Server (formerly SonarQube) is the #1 ranked solution in application security solutions, AST tools, and top Software Development Analytics solutions. PeerSpot users give SonarQube Server (formerly SonarQube) an average rating of 8.0 out of 10. SonarQube Server (formerly SonarQube) is most commonly compared to GitLab: SonarQube Server (formerly SonarQube) vs GitLab. SonarQube Server (formerly SonarQube) is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Buyer's Guide

SonarQube Server (formerly SonarQube)

April 2025

Get the report

Helped 849,686 peers since 2012

Featured SonarQube Server (formerly SonarQube) reviews

Wang Dayong

Senior Software Engineering Manager at Hill

The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Read full review

Chetan Jayatheertha

DevOps Manager at a computer software company with 5,001-10,000 employees

We would like to have more visibility and more documentation, starting with the installation. It needs to be more standardized and explain all the features. We'd also like to get an idea of the level of stability we can get for our larger-sized projects. The notifications from the channel queue can be improved including email notifications. We currently rely on getting those notifications passed onto us and that should not be the case. The customization of different languages would also be helpful. If all the above could be implemented, SonarQube would be the best vulnerability security scanning tool.

Read full review

Jayashree Acharyya

Director at PepsiCo

We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release. What we are seeing is for some of the Javascript projects SonarQube is not reading all the files. We had to manually configure it to accomplish what we wanted. However, we probably needed some documentation that we did not have that explained this process. In an upcoming release, it would be beneficial to have the ability to use multiple applications under one project, and if we want to scan one of the applications we can just switch to that application, this would be really helpful.

Read full review

SonarQube Server (formerly SonarQube) mindshare

Product category:

As of May 2025, the mindshare of SonarQube Server (formerly SonarQube) in the Application Security Tools category stands at 24.5%, down from 27.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

PeerResearch reports based on SonarQube Server (formerly SonarQube) reviews

Type	Title	Date
Category	Application Security Tools	May 1, 2025	Download
Product	Reviews, tips, and advice from real users	May 1, 2025	Download
Comparison	SonarQube Server (formerly SonarQube) vs Veracode	May 1, 2025	Download
Comparison	SonarQube Server (formerly SonarQube) vs Checkmarx One	May 1, 2025	Download
Comparison	SonarQube Server (formerly SonarQube) vs Snyk	May 1, 2025	Download

Title	Rating	Mindshare	Recommending
GitLab	4.3	2.9%	97%	82 interviews Add to research
Snyk	4.0	7.9%	100%	45 interviews Add to research

Valuable Features

SonarQube Server's most valuable features include support for multiple programming languages, customizable quality gates, integration with CI tools, and real-time code smell detection. Users praise its ability to present data visually, aiding in the identification of technical debt and security vulnerabilities. The ability to create custom rules, easy integration with tools like Jenkins, and detailed dashboards provide comprehensive insights into code quality, enhancing development workflow and ensuring code consistency across projects.

"The freemium version of SonarQube Server offers excellent value, especially compared to the high costs of Snyk."
"Some of the static code analysis capabilities are the most beneficial."
"SonarQube's unit test coverage and exhaustive information at the module, project, and overall code repo levels are quite good."

Room for Improvement

SonarQube Server requires improvements in security features, integration capabilities, and support for more languages and rules. Users find the interface and dashboard less intuitive, while the analysis often yields false positives. There's a need for enhanced reporting, integration with CI/CD pipelines, and comprehensive documentation. Performance issues arise with large codebases, and dynamic scanning is limited. Users seek better support and more efficient updates, particularly in handling vulnerabilities and maintaining security standards.

"Any suggestions for potential improvements may include bill of materials functionality."
"Depending on the tool's configuration, sometimes you get false alarms that are unimportant to you."
"The tool needs to be more compatible with C/C++ language"

ROI

SonarQube Server enhances code quality and reduces team efforts in finding and fixing issues. Integrating with Jenkins, it improves stability and security while avoiding rework. Users note an increase in value, experiencing positive returns over time. Although quantifying the exact return is challenging, it finds vulnerabilities early, preventing potential damage. Users highlight its efficiency, supporting test-driven development and detecting flaws effectively, despite requiring improvements in its analytics engine to boost flaw detection capabilities.

Pricing

Enterprise teams find SonarQube Server's pricing favorable for its extensive features, offering several free plugins for language support. The open-source Community Edition is free, with professional editions requiring licenses costing based on code volume. Some teams appreciate the cost-effectiveness for secure code roles, while others note the higher expense compared to competitors. Despite occasional cost complaints, licensing is generally seen as reasonable. Many users transition to paid versions for additional features and support as needs grow.

"SonarQube is a cost-effective solution."
"We use the solution free of cost."
"The tool's pricing is reasonable."

Popular Use Cases

Users primarily utilize SonarQube Server for code quality, static analysis, and security testing. It integrates into CI/CD pipelines, enhancing code standards and identifying vulnerabilities. Many use it with plugins for security enhancements or to ensure clean, maintainable, and secure code in applications. It aids in reducing technical debt and supports continuous improvement by providing immediate feedback on code issues, facilitating quality control in varied development environments.

Service and Support

User experiences indicate that customer service and technical support are generally positive, with strong community forums. While a few cite delays in responses, most find the available resources sufficient for troubleshooting. Many rely on community support and documentation for the open-source version and have little direct interaction with official tech support. Enterprise users with support packages report satisfactory service, although some users find premium pricing for support packages to be limiting.

Deployment

SonarQube Server's initial setup is generally straightforward with comprehensive documentation that aids users. While some find it relatively simple, others encounter complexities in configuration and integration with additional tools. Many appreciate Docker's simplification of the process but note challenges in adapting to specific organizational needs and plugin dependencies. Experienced IT professionals find setup less daunting, but it can involve time investment for those unfamiliar. The installation typically requires basic database knowledge and some customization.

Scalability

SonarQube Server scales effectively for many organizations, handling various user numbers and lines of code. Most experience no issues, although some note resource demands, especially on physical servers. The Community Edition has limitations, but the Enterprise Edition offers more scalability options. Organizations utilize SonarQube Server in different environments, including cloud, and integrate with CI/CD pipelines. Users find it scalable for large teams and projects, though some concerns exist around processing speed on extensive codebases.

Stability

SonarQube Server exhibits strong stability, with most users reporting no major issues. Configuration is key, and some early performance concerns were resolved with proper setup. Occasional minor issues included plugin conflicts and resource allocation, yet these were not widespread. Many rate its stability highly, appreciating the current version's improvements. Reports suggest few disruptions or bugs, indicating it is reliable for daily use across diverse coding environments and good for code quality scanning.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our SonarQube Server (formerly SonarQube) Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

15%

Manufacturing Company

13%

Government

Insurance Company

Retailer

Healthcare Company

Comms Service Provider

Educational Organization

Energy/Utilities Company

University

Media Company

Construction Company

Non Profit

Real Estate/Law Firm

Legal Firm

Transportation Company

Hospitality Company

Wholesaler/Distributor

Outsourcing Company

Consumer Goods Company

Logistics Company

Aerospace/Defense Firm

Pharma/Biotech Company

Performing Arts

Recreational Facilities/Services Company

Engineering Company

Compare SonarQube Server (formerly SonarQube) with alternative products

Learn more about SonarQube Server (formerly SonarQube)

SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.

What are the key features of SonarQube Server?

Support for 20+ languages: Extensive programming language support suitable for diverse coding environments.
Custom coding rules: Allows for tailored rule sets to match specific coding standards.
Flexible quality gates: Define criteria for code acceptance at various intervals.
CI/CD integration: Seamless integration with Continuous Integration/Continuous Deployment tools.
Rich interface: User-friendly dashboard with detailed visual insights.

What benefits should users expect from SonarQube Server?

Improved code quality: Enhanced analysis contributes to fewer bugs and improved coding practices.
Security enhancements: Identifies and mitigates security vulnerabilities pre-emptively.
Maintainability: Reduces technical debt, yielding long-term development efficiency.
Customizable: Flexibility in configuration aligns with specific project needs.

Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.

SonarQube Server (formerly SonarQube) was previously known as Sonar.