We compared SonarQube and GitLab based on our user's reviews in several parameters.
SonarQube and GitLab are both praised for their reasonable pricing, flexibility in licensing, and positive return on investment. SonarQube stands out with its comprehensive code quality features, user-friendly interface, and prompt customer support. Meanwhile, GitLab excels in robust version control, CI/CD pipelines, and collaboration tools, with users highlighting its intuitive interface and strong community support. Areas for improvement include enhancing analysis speed and user interface for SonarQube, as well as improving performance and project management features for GitLab.
Features: SonarQube stands out with features such as support for multiple languages, integration with DevOps pipelines, and accurate vulnerability detection. Meanwhile, GitLab impresses users with its robust version control capabilities, efficient CI/CD pipelines, and strong integration with other development tools.
Pricing and ROI: Regarding setup cost, SonarQube is described as straightforward and easy, with users appreciating its simplicity. On the other hand, GitLab's setup cost is also reported to be easy and straightforward, but no additional details are provided., SonarQube has been highly praised for its ability to improve code quality, detect vulnerabilities, and enhance project efficiency, resulting in cost savings and increased productivity. Similarly, GitLab has also yielded positive returns, satisfying users and proving to be a valuable investment.
Room for Improvement: SonarQube may benefit from improvements in analysis speed, user interface navigation, setup instructions, documentation clarity, occasional performance issues, and integration options. GitLab could enhance its user interface, performance, project management features, code review process, and navigation intuitiveness.
Deployment and customer support: User feedback on SonarQube indicated varying durations for implementation. Some users took 3 months for deployment and 1 week for setup, while others took 1 week for both. In contrast, user feedback on GitLab varied extensively in terms of deployment and setup durations., SonarQube's customer service is praised for its prompt and knowledgeable assistance, while GitLab is commended for consistently providing effective troubleshooting and helpful guidance. GitLab also offers detailed documentation and a strong community for collaboration and problem-solving.
The summary above is based on 84 interviews we conducted recently with SonarQube and GitLab users. To access the review's full transcripts, download our report.
"The code merging capability is something that we use very frequently."
"Of all available products, it was the easiest to use and easy to install."
"The most valuable feature of GitLab is its security."
"The solution makes the CI/CD pipelines easy to execute."
"As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"The solution is stable."
"It scales well."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"This solution has the capability to analyze source code in almost all the languages in the market."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"All the features of the solution are quite good."
"When deploying the solution on cloud and the CI/CD pipeline, we have to define the steps and it becomes confusing."
"GitLab could improve by having more plugins and better user-friendliness."
"The documentation could be improved to help newcomers better understand things like creating new branches."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"It would be really good if they integrated more features in application security."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"The solution should again offer an on-premises deployment option."
"I would like configuration of a YML file to be done via UI rather than a code file."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
"The pricing could be reduced a bit. It's a little expensive."
"I find it is light on the security side."
"SonarQube needs to improve its ease of use, integration with third-party platforms, and scalability."
"This solution finds issues that are similar to what is found by Checkmarx, and it would be nice if the overlap could be eliminated."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
GitLab is ranked 7th in Application Security Tools with 70 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. GitLab is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, Tekton and TeamCity, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Klocwork. See our GitLab vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.