Try our new research platform with insights from 80,000+ expert users

GitHub vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

GitHub
Ranking in Application Security Tools
7th
Average Rating
8.8
Reviews Sentiment
7.5
Number of Reviews
92
Ranking in other categories
Version Control (3rd)
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
113
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of December 2024, in the Application Security Tools category, the mindshare of GitHub is 0.8%, down from 0.9% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

AjayKrishna - PeerSpot reviewer
Reduces project delivery times and costs
I think one area where GitHub could improve is its search and navigation functionality within repositories. For example, we use IDEs like IntelliJ or Visual Studio Code when developing code. These IDEs allow us to easily navigate from one piece of code to another file where a method is being called. It would be really helpful if the solution could add this navigation feature. It would allow us to move from one class file to another more easily, helping us search quicker and follow the code flow completely within GitHub. This would be more convenient than having to import the code into our local IDE to look at the code flow and navigate through it. Adding this kind of IDE-like navigation within the tool would make the user experience more seamless and efficient.
Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I find GitHub very user friendly."
"Even if I'm not in the office, I can access and work on my code from anywhere with my account credentials."
"The solution provides good customization and support."
"The tool is valuable because it helps us work in a distributed environment with multiple people across different locations and time zones. We have a common repository that everyone works on, which would be tough to manage manually. GitHub helps us maintain this single source of truth. Everyone can check out their own branches, which is important for our branching strategies. We can fork, check out feature branches, work on our code, and merge back into parent branches for deployment. This is crucial when multiple people are working on the same codebase."
"The features that I have found most valuable are that it can support you for most of the road map and it can automate some tasks which works really well with collaboration with the teams. They are really interested in how they organize the history of the code itself which is good."
"GitHub has improved the productivity of my team by simplifying code merging and enabling effective branching strategies."
"This product allows us to easily collaborate on development tasks with our subcontractors, and control the workflow as the project progresses."
"The best feature is the ability to track the history of all code changes, and it's easy to use. Additionally, as it's open source, anyone can use that feature resulting in distributed development. This opens the door to collaboration with different code and developer, feature, and master branches of development."
"One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"SonarQube is admin friendly."
"It automatically scans for code, detects vulnerabilities, and generates daily reports."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"The solution's user interface is very user-friendly."
"I like that it has a better dashboard compared to Clockwork. It's also stable."
 

Cons

"While using the solution when merging two code branches the code becomes a bit messy. This should be improved in the future."
"Scalability is an area with a shortcoming, because of which it has room for improvement."
"It is difficult to merge a code or restore it to an older version."
"There is nothing that I find that needs improvement in GitHub."
"GitHub uses basic configuration, but messaging is not clear."
"From the recruiting standpoint, I would like to see email IDs and phone numbers and a brief introduction about their profile."
"The integration with Visual Studio Code could be more streamlined."
"There is a bit of a learning curve."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
 

Pricing and Cost Advice

"The licensing model for GitHub is user-based. Whenever the new developer joins we have to get a new license and register their ID. The overall price of the solution is reasonable."
"We are currently paying nothing for GitHub."
"The tool offers a free program. As you go, you can upgrade from the community version to the professional one. I believe it costs about ten dollars per person, per month."
"GitHub is an open-source product, but when using the free-to-use version, anyone can see the code we're working on."
"It is open-source. There is no license for GitHub."
"I use the free version of GitHub."
"Regarding pricing, I'd rate it eight out of ten. It's decent and not too expensive, and small businesses can also afford it. With AWS taking CodeCommit out of the market, I don't see many competitors for small companies in terms of GitHub."
"I haven't had to pay anything for GitHub, I use the free version."
"It's an open-source solution, with no additional costs."
"It's a bit expensive for us. The currency rate of the dollar is a problem but it may be fine for other countries."
"We are using the open-source community version, but there are enterprise licenses available."
"We did not purchase a license (required for C++ support), but this option was considered."
"I do not know about the pricing as I am using the community edition, which is free. But I compared the pricing with Sigma, and it is higher than SonarQube."
"I am satisfied with the pricing."
"We are using the free, unlicensed version."
"We use the free version; there are no hidden costs or licensing required."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
824,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
12%
Computer Software Company
12%
Financial Services Firm
12%
University
7%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about GitHub?
The control is the most valuable feature as developers can work on a single code.
What is your experience regarding pricing and costs for GitHub?
I'm not aware of the costs associated with GitHub. I simply appreciate its efficiency in managing code and collaborating with team members.
What needs improvement with GitHub?
I would like to see some AI functionality included in GitHub, similar to the features seen in GitLab, to enhance productivity. Additionally, offering limited free access to features like Copilot co...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

No data available
Sonar
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Dominion Enterprises, NASA, Braintree, SAP, CyberAgent
Information Not Available
Find out what your peers are saying about GitHub vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: December 2024.
824,168 professionals have used our research since 2012.