Try our new research platform with insights from 80,000+ expert users

GitHub Code Scanning vs SonarQube Cloud (formerly SonarCloud) comparison

GitHub and Sonar are both solutions in the Static Application Security Testing (SAST) category. GitHub is ranked #22 with an average rating of 9.5, while Sonar is ranked #9 with an average rating of 8.5. GitHub holds a 0.6% mindshare in SAST, compared to Sonar’s 6.8% mindshare. Additionally, 100% of GitHub users are willing to recommend the solution, compared to 100% of Sonar users who would recommend it.
GitHub Code Scanning
Read 2 GitHub Code Scanning reviews
  • 406 Views
  • 361 Comparison Views
100% willing to recommend
SonarQube Cloud (formerly S...
Read 11 SonarQube Cloud (formerly SonarCloud) reviews
  • 10,742 Views
  • 8,628 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 30, 2024

SonarQube Cloud and GitHub Code Scanning are competitive in the code analysis market. GitHub Code Scanning offers better integration features, while users favor SonarQube Cloud's pricing and support.

Features: SonarQube Cloud provides continuous inspection, deep diagnostic tools, and supports many programming languages with integrations for CI/CD tools. GitHub Code Scanning offers seamless workflow integration with GitHub, preconfigured analysis tools, and a native experience for better insights in the GitHub ecosystem.

Ease of Deployment and Customer Service: GitHub Code Scanning has an easy deployment within GitHub, suitable for existing users, with its integrated support system. SonarQube Cloud requires a detailed setup, but offers robust customer support and comprehensive documentation for varied platform deployment.

Pricing and ROI: SonarQube Cloud offers competitive pricing, effective for large teams needing detailed codebase analysis, enhancing ROI with its detection features. GitHub Code Scanning may have higher setup costs but its integration and time-saving features support favorable ROI for GitHub-focused teams.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed GitHub Code Scanning vs. SonarQube Cloud (formerly SonarCloud) Report (Updated: October 2024).
Buyer's Guide
GitHub Code Scanning vs. SonarQube Cloud (formerly SonarCloud)
October 2024
Download the complete report
Helped 816,406 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Scalability Issues

No sentiment score available
Sentiment score
8.0
SonarQube Cloud scales effectively, supporting enterprise expansion with high user satisfaction and no major scalability issues across projects.
 

Room For Improvement

No sentiment score available
Sentiment score
2.4
SonarQube Cloud requires better testing, reporting, and documentation enhancements for improved user experience and satisfaction.
 

Valuable Features

No sentiment score available
Sentiment score
7.8
SonarQube Cloud excels in vulnerability discovery, security feedback, and integration, ideal for startups, with recent mono report enhancements.
 

Stability Issues

No sentiment score available
Sentiment score
6.8
SonarQube Cloud is stable and dependable, though it requires better documentation, integration support, and improvements for untrained users.
 

Customer Service

No sentiment score available
Sentiment score
10.0
SonarQube Cloud's customer service receives mixed reviews, highlighting prompt responses but also noting delays and technical support gaps.
 

Setup Cost

No sentiment score available
No sentiment score available
Enterprise users find SonarQube Cloud pricing reasonable, with varying opinions due to cost changes and feature inclusions in packages.
 

Categories and Ranking

GitHub Code Scanning
Ranking in Static Application Security Testing (SAST)
22nd
Average Rating
9.6
Reviews Sentiment
8.4
Number of Reviews
2
Ranking in other categories
No ranking in other categories
SonarQube Cloud (formerly S...
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Static Application Security Testing (SAST) category, the mindshare of GitHub Code Scanning is 0.6%, up from 0.1% compared to the previous year. The mindshare of SonarQube Cloud (formerly SonarCloud) is 6.8%, up from 6.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

VishalSingh - PeerSpot reviewer
Traverses the entire network, scanning every system to determine which ports are open
You can use the tool locally on your system or in the cloud. I rate it a nine out of ten. It's a very good tool for people who want to start using GitHubCode Scanning, especially for software development or team collaboration. GitHubCode Scanning allows teams to collaborate by uploading files to repositories. For example, if someone is developing an application, they can host the code on GitHub Code Scanning. Other developers can then download the code for testing purposes. If bugs are found, fixes can be applied using the GitHub Code Scanningrepository, and everyone on the team can see the changes. Software developers often use GitHub Code Scanning for version control, and it's essential for CI/CD pipelines to work.
Read full review
Diego Moreo - PeerSpot reviewer
Enhanced code quality with data consolidation needs and good pipeline integration
We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…
Read full review
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
816,406 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Insurance Company
7%
Transportation Company
7%
Computer Software Company
19%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about GitHub Code Scanning?
We use GitHub Code Scanning mostly for source code management.
See all answers
What is your experience regarding pricing and costs for GitHub Code Scanning?
The minimum pricing for the tool is five dollars a month.
See all answers
What needs improvement with GitHub Code Scanning?
GitHub Code Scanning should add more templates.
See all answers
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
See all answers
What is your experience regarding pricing and costs for SonarCloud?
Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost.
See all answers
What needs improvement with SonarCloud?
Reporting features are missing in SonarCloud. We do not have a way to consolidate data within the tool, requiring us to extract data and use Power BI for reports.
See all answers
 

Comparisons

SonarQube Server (formerly SonarQube) vs GitHub Code Scanning Logo
SonarQube Server (formerly SonarQube) vs GitHub Code Scanning
Compared 29% of the time
Coverity vs GitHub Code Scanning Logo
Coverity vs GitHub Code Scanning
Compared 26% of the time
Polaris Software Integrity Platform vs GitHub Code Scanning Logo
Polaris Software Integrity Platform vs GitHub Code Scanning
Compared 9% of the time
Aikido Security vs GitHub Code Scanning Logo
Aikido Security vs GitHub Code Scanning
Compared 7% of the time
Veracode vs GitHub Code Scanning Logo
Veracode vs GitHub Code Scanning
Compared 5% of the time
More GitHub Code Scanning Competitors
SonarQube Server (formerly SonarQube) vs SonarQube Cloud (formerly SonarCloud) Logo
SonarQube Server (formerly SonarQube) vs SonarQube Cloud (formerly SonarCloud)
Compared 73% of the time
Veracode vs SonarQube Cloud (formerly SonarCloud) Logo
Veracode vs SonarQube Cloud (formerly SonarCloud)
Compared 8% of the time
Checkmarx One vs SonarQube Cloud (formerly SonarCloud) Logo
Checkmarx One vs SonarQube Cloud (formerly SonarCloud)
Compared 4% of the time
GitLab vs SonarQube Cloud (formerly SonarCloud) Logo
GitLab vs SonarQube Cloud (formerly SonarCloud)
Compared 4% of the time
OWASP Zap vs SonarQube Cloud (formerly SonarCloud) Logo
OWASP Zap vs SonarQube Cloud (formerly SonarCloud)
Compared 2% of the time
More SonarQube Cloud (formerly SonarCloud) Competitors
 

Product Reports

Buyer's Guide
Static Application Security Testing (SAST)
October 2024
GitHub Code Scanning reportDownload GitHub Code Scanning product report
Buyer's Guide
SonarQube Cloud (formerly SonarCloud)
October 2024
SonarQube Cloud (formerly SonarCloud) reportDownload SonarQube Cloud (formerly SonarCloud) product report
 

Learn More

GitHub
Sonar
 

Interactive Demo

Demo not available
GitHub
Sonar
 

Overview

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.

SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.

SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.

What are the key features of SonarQube Cloud?
  • Vulnerability Detection: Identifies potential security threats within code.
  • Security Hotspots: Highlights sections of the code that require closer inspection.
  • Feedback on Feature Branches: Enables early detection and resolution of quality issues.
  • No Maintenance: Ensures focus remains on development rather than tool upkeep.
  • Mono and Multi-Reports: Offers diverse insights into code quality.
What benefits should users look for?
  • Integration Ease: Seamlessly connects with popular development platforms.
  • Continuous Code Analysis: Provides consistent feedback to improve code standards.
  • Unified Quality View: Dashboard offers a comprehensive look at code metrics.
  • Security Insights: Detailed information on vulnerabilities and their impact.

In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.

Buyer's Guide
GitHub Code Scanning vs. SonarQube Cloud (formerly SonarCloud)
October 2024
Free Report: GitHub Code Scanning vs. SonarQube Cloud (formerly SonarCloud)
Find out what your peers are saying about GitHub Code Scanning vs. SonarQube Cloud (formerly SonarCloud) and other solutions. Updated: October 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
See our GitHub Code Scanning vs. SonarQube Cloud (formerly SonarCloud) report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.