SonarQube Server (formerly SonarQube) Reviews

Name: SonarQube Server (formerly SonarQube)
Brand: Sonar
Rating: 4.0 (116 reviews)

Vendor: Sonar

4.0 out of 5

116 reviews
81% willing to recommend

What is SonarQube Server (formerly SonarQube)?

SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.

Get the SonarQube Server (formerly SonarQube) Buyer's Guide and find out what your peers are saying about SonarQube Server (formerly SonarQube), GitLab, Snyk and more!

SonarQube Server (formerly SonarQube) is the #1 ranked solution in application security solutions, AST tools, and top Software Development Analytics solutions. PeerSpot users give SonarQube Server (formerly SonarQube) an average rating of 8.0 out of 10. SonarQube Server (formerly SonarQube) is most commonly compared to GitLab: SonarQube Server (formerly SonarQube) vs GitLab. SonarQube Server (formerly SonarQube) is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Buyer's Guide

SonarQube Server (formerly SonarQube)

June 2025

Get the report

Helped 861,390 peers since 2012

Featured SonarQube Server (formerly SonarQube) reviews

Sthembiso Zondi

Head of Software Engineering at ronaldmariah@gmail.com

The features of SonarQube Server (formerly SonarQube) that I find most useful are the suggestions received from reviewing the code. When they review the code, they provide suggestions on how to fix it, and we find those very useful from a development perspective. We use SonarQube Server's (formerly SonarQube) centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve. We use that for organizational improvement purposes. The ability to tailor metrics tracking in SonarQube Server (formerly SonarQube) has been beneficial to my team. There are team-specific dashboards which are related to specific repositories they utilize, and we have that aggregative dashboard that shows the whole organization's performance. We can drill down per specific repository, which makes it easier for the team to improve specific things.

Read full review

Devid William

Application Security Coordinator at Banco Votorantim

I work on vulnerability management. I use the security features in SonarQube. I also use Veracode. I use both solutions to verify each other’s results We see the security issues in our solutions with the help of the product. It helps us improve the solutions. There are many options and examples…

Read full review

Jaile Sebes

Senior Software Architect at Siemens Industry

I integrate SonarQube into my CI/CD pipeline by running it during the build process for static code analysis. Once the analysis is complete, the results are sent to the dashboard for easy monitoring and tracking of code quality. Using SonarQube for security vulnerability detection offers several benefits such as comprehensive security rule coverage and integration with the dashboard for easy monitoring. Additionally, SonarQube provides features like password handling, eliminating the need for separate tools and enhancing overall code security. SonarQube handles false positives during code analysis by allowing teams to review and exclude them, especially in long-term projects where patterns are familiar. While false positives may occur, experienced teams can easily identify and manage them, ensuring accurate analysis results. For software development, especially in Java-based environments, I highly recommend using SonarQube due to its effectiveness in ensuring code quality and minimizing potential issues. While there are free tools available, SonarQube's comprehensive support for various languages and its benefits make it a valuable choice for developers. Overall, I would rate SonarQube as an eight out of ten.

Read full review

SonarQube Server (formerly SonarQube) mindshare

Product category:

As of July 2025, the mindshare of SonarQube Server (formerly SonarQube) in the Application Security Tools category stands at 22.7%, down from 26.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

PeerResearch reports based on SonarQube Server (formerly SonarQube) reviews

Type	Title	Date
Category	Application Security Tools	Jul 11, 2025	Download
Product	Reviews, tips, and advice from real users	Jul 11, 2025	Download
Comparison	SonarQube Server (formerly SonarQube) vs Veracode	Jul 11, 2025	Download
Comparison	SonarQube Server (formerly SonarQube) vs Checkmarx One	Jul 11, 2025	Download
Comparison	SonarQube Server (formerly SonarQube) vs GitHub Advanced Security	Jul 11, 2025	Download

Title	Rating	Mindshare	Recommending
GitLab	4.2	2.7%	97%	85 interviews Add to research
Snyk	4.0	7.5%	100%	48 interviews Add to research

Valuable Features

SonarQube Server's key features include seamless pipeline integration, customizable quality gates, comprehensive code analysis, support for over 20 languages, and a user-friendly interface. It identifies vulnerabilities and technical debt, offers real-time feedback, and allows easy integration with tools like Jenkins. The platform’s quality gates and dashboards streamline code quality management, improving reliability and consistency across projects. Comprehensive community support and constant updates enhance its functionality.

"SonarQube Server (formerly SonarQube) is very stable."
"Overall, I would rate SonarQube Server (formerly SonarQube) as a 9 out of 10."
"The freemium version of SonarQube Server offers excellent value, especially compared to the high costs of Snyk."

Room for Improvement

SonarQube Server (formerly SonarQube) faces challenges in improving security scanning, particularly for dynamic testing and deeper vulnerability analysis. Users find the interface and integration with third-party tools lacking and complicated. Performance issues arise with large codebases, and the static analysis has accuracy problems, often reporting false positives. The installation process is complex, support is limited, and reports are difficult to generate or interpret. Improvements in automation, user-friendliness, and timely updates are needed.

"I think SonarQube Server (formerly SonarQube) should improve by integrating a new feature that includes AI. As soon as I see that they've got a new feature that integrates AI that is not as generative as other GenAI platforms that actually generate the code and help developers develop faster, I believe that capability is lacking."
"I see a problem with SonarQube Server (formerly SonarQube) because the vulnerability assessment is continuous; if I fix some vulnerabilities today, they reappear in the next scan, and there will be completely different issues that need to be fixed."
"Any suggestions for potential improvements may include bill of materials functionality."

ROI

Users of SonarQube Server (formerly SonarQube) see an ROI by preventing rework and enhancing security and quality. Though hard to quantify, its benefits include the automation of code evaluation and detection of vulnerabilities, reducing effort in bug fixing. These improvements boost productivity and DevOps processes. Despite potential for growth, users find value in its application over time, with observed improvements in coding quality and measurable gains in coding efforts and project stability.

Pricing

SonarQube Server offers a freemium model, providing substantial open-source functionalities at no cost, making it appealing for organizations with smaller budgets. Enterprise options, including the Developer and Enterprise editions, incur costs based on lines of code, with some users reporting annual fees. Many users find the pricing reasonable, especially compared to competitors, though some perceive it as high. Additional costs typically involve hosting infrastructure and optional commercial plugins for enhanced features. Satisfied users often cite cost-effectiveness in larger deployments.

"SonarQube is a cost-effective solution."
"We use the solution free of cost."
"The tool's pricing is reasonable."

Popular Use Cases

SonarQube Server (formerly SonarQube) is primarily used for static code analysis, ensuring code quality, security, and compliance with coding standards. It is integrated into the CI/CD pipeline to detect vulnerabilities and enforce quality gates. Organizations utilize it for security testing, identifying bugs, and managing technical debt across diverse programming languages, deploying it both on-premise and in cloud environments. Developers receive immediate feedback to address issues and enhance software quality.

Service and Support

SonarQube Server's customer service is generally satisfactory, with active community support, especially online forums. Many rely on the extensive, accessible documentation. Official technical support is not always utilized or praised due to significant community resources. Paid support exists but is often unnecessary for many, who handle issues internally. Some users find responses can be slow, and support availability is limited in terms of hours. Overall, community contributions significantly aid user experience.

Deployment

Most experiences with SonarQube Server (formerly SonarQube) initial setup were straightforward, aided by good documentation and ease of installation. Many found it simple to deploy and configure, though some mentioned complexity in customizing or integrating with other tools. While some encountered challenges adapting the setup to their organizational needs, many users appreciated the standard quality profiles. Challenges were more prominent when dealing with large-scale deployments or specific technical integrations such as with Apache Maven or Kubernetes.

Scalability

Many users report that SonarQube Server (formerly SonarQube) scales effectively, accommodating multiple projects and users without significant issues. Some experience increased resource usage with upgrades, while others note challenges with very large codebases or limitations in the Community Edition. Businesses leverage SonarQube Server across various teams and integrate it with CI/CD pipelines, benefiting from its capability to handle thousands of projects and support extensive user bases.

Stability

SonarQube Server (formerly SonarQube) is highly stable, with minimal issues reported. Some configurations affect performance, especially with database locations and diverse code sizes. Stability concerns include rare plugin-induced glitches and occasional server restarts. Users employing Java benefit more, whereas C++ requires adjustments. Resource constraints may occur during simultaneous deployments, likely due to system resources rather than inherent flaws. With ongoing use, stability ranks between 7 to 10 out of 10 for most users.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our SonarQube Server (formerly SonarQube) Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

15%

Manufacturing Company

13%

Government

Insurance Company

Retailer

Healthcare Company

Comms Service Provider

Educational Organization

Energy/Utilities Company

University

Media Company

Non Profit

Construction Company

Real Estate/Law Firm

Legal Firm

Transportation Company

Hospitality Company

Outsourcing Company

Consumer Goods Company

Aerospace/Defense Firm

Performing Arts

Wholesaler/Distributor

Pharma/Biotech Company

Recreational Facilities/Services Company

Logistics Company

Engineering Company

Compare SonarQube Server (formerly SonarQube) with alternative products

Learn more about SonarQube Server (formerly SonarQube)

SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.

What are the key features of SonarQube Server?

Support for 20+ languages: Extensive programming language support suitable for diverse coding environments.
Custom coding rules: Allows for tailored rule sets to match specific coding standards.
Flexible quality gates: Define criteria for code acceptance at various intervals.
CI/CD integration: Seamless integration with Continuous Integration/Continuous Deployment tools.
Rich interface: User-friendly dashboard with detailed visual insights.

What benefits should users expect from SonarQube Server?

Improved code quality: Enhanced analysis contributes to fewer bugs and improved coding practices.
Security enhancements: Identifies and mitigates security vulnerabilities pre-emptively.
Maintainability: Reduces technical debt, yielding long-term development efficiency.
Customizable: Flexibility in configuration aligns with specific project needs.

Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.

SonarQube Server (formerly SonarQube) was previously known as Sonar.