Try our new research platform with insights from 80,000+ expert users

GitHub vs SonarQube Server (formerly SonarQube) comparison

GitHub and Sonar are both solutions in the Application Security Tools category. GitHub is ranked #11 with an average rating of 8.8, while Sonar is ranked #1 with an average rating of 8.2. GitHub holds a 0.9% mindshare in AS, compared to Sonar’s 26.7% mindshare. Additionally, 100% of GitHub users are willing to recommend the solution, compared to 81% of Sonar users who would recommend it.
GitHub
Read 87 GitHub reviews
  • 2,711 Views
  • 1,099 Comparison Views
100% willing to recommend
SonarQube Server (formerly ...
Read 113 SonarQube Server (formerly SonarQube) reviews
  • 43,481 Views
  • 35,347 Comparison Views
81% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 30, 2024

SonarQube Server and GitHub compete in the software development tools category, with each offering unique features. GitHub seems to have the upper hand due to its strong collaboration and integration capabilities, while SonarQube excels in detailed code analysis.

Features: SonarQube Server offers support for over 20 programming languages and integrates with Eclipse. It allows developers to create custom coding rules and quality profiles, which aids in code quality and consistency. GitHub provides robust source code management and version control, making it essential for teams requiring seamless workflow integration and automation capabilities through GitHub Actions.

Room for Improvement: SonarQube could improve its support for mobile applications and better handle false positives. Users suggest enhancements in security scanning and integration features. GitHub would benefit from better integration with Jenkins and improved user management features, particularly around licensing options. Both products should enhance their security and offer more intuitive interfaces for non-technical users.

Ease of Deployment and Customer Service: SonarQube Server offers hybrid, on-premises, and private cloud deployment options, but relies on community forums for support for free users, with paid support commonly available. GitHub, favoring cloud deployments, is known for easy-to-follow documentation and a supportive community, although it can improve in handling licensing issues and integration complexities.

Pricing and ROI: SonarQube Server provides a free version with optional paid plugins, but enterprise features can be costly. However, it offers a good ROI through enhanced code quality and reduced defects. GitHub's pricing is more reasonable, offering a free tier along with enterprise options, making it a cost-effective choice, especially for smaller teams, and it delivers strong ROI through improved collaboration and shorter development cycles.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed GitHub vs. SonarQube Server (formerly SonarQube) Report (Updated: October 2024).
Buyer's Guide
GitHub vs. SonarQube Server (formerly SonarQube)
October 2024
Download the complete report
Helped 814,528 peers since 2012
 

Categories and Ranking

GitHub
Ranking in Application Security Tools
11th
Average Rating
8.8
Reviews Sentiment
7.7
Number of Reviews
87
Ranking in other categories
Version Control (3rd)
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of GitHub is 0.9%, up from 0.8% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

AjayKrishna - PeerSpot reviewer
Sep 11, 2024
Reduces project delivery times and costs
I think one area where GitHub could improve is its search and navigation functionality within repositories. For example, we use IDEs like IntelliJ or Visual Studio Code when developing code. These IDEs allow us to easily navigate from one piece of code to another file where a method is being called. It would be really helpful if the solution could add this navigation feature. It would allow us to move from one class file to another more easily, helping us search quicker and follow the code flow completely within GitHub. This would be more convenient than having to import the code into our local IDE to look at the code flow and navigate through it. Adding this kind of IDE-like navigation within the tool would make the user experience more seamless and efficient.
Read full review
Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the fact that it's cloud-based, and we don't have to manage an on-premises server to use it."
"Our code is secure."
"It is really simple to set up."
"The most valuable feature is the source code management. It's very helpful and it's a great product."
"The tool is valuable because it helps us work in a distributed environment with multiple people across different locations and time zones. We have a common repository that everyone works on, which would be tough to manage manually. GitHub helps us maintain this single source of truth. Everyone can check out their own branches, which is important for our branching strategies. We can fork, check out feature branches, work on our code, and merge back into parent branches for deployment. This is crucial when multiple people are working on the same codebase."
"This solution is very easy to use which I like about it. The capacity to own artifacts and share them with others is another good feature. You don't have to write all your code from scratch, you can use available templates and alter the code according to your needs."
"GitHub's source code management is top-notch. It's easy to inspect changes and visualize code and differences. Their action system is comprehensive in terms of making changes and automation."
"GitHub provides good time reduction and this is what I value the most."
More GitHub pros
"Provides local scanning for developers."
"This solution is simple to use and can be quickly deployed."
"It is a very good tool for analysis and security vulnerability checking."
"The software quality gate streamlines the product's quality."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"The solution has a plug-in that supports both C and C++ languages."
More SonarQube Server (formerly SonarQube) pros
 

Cons

"GitHub could expand the limits of the free version."
"The GUI design is poor, so I exclusively use the CLI, which is much easier to use and understand. It would be great to see the GUI updated to be more user-friendly."
"GitHub could add some more security features."
"GitHub storage is one of the main requirements and it could improve."
"GitHub could automate the setup process more, such as creating YAML files for GitHub Actions."
"There can be conflict issues when two developers work on the same file or line of code, and it would be great to see that improved, possibly with an AI solution."
"GitHub could have better integration or capability with other solutions."
"There could be some improvements related to the automation of certain processes, especially with the integration of artificial intelligence."
More GitHub cons
"Monitoring is a feature that can be improved in the next version."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"The product must improve security analysis."
"The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at."
"The solution could improve by having better-consulting services."
"The security in SonarQube could be better."
More SonarQube Server (formerly SonarQube) cons
 

Pricing and Cost Advice

"My company purchased it. Before, we used to receive the free version, but then they purchased some of the features."
"There are no licensing fees for the features that we use."
"The price of this solution is reasonable."
"It’s an open-source solution."
"We pay a subscription-based yearly licensing fee for the solution."
"We are currently paying nothing for GitHub."
"The tool offers a free program. As you go, you can upgrade from the community version to the professional one. I believe it costs about ten dollars per person, per month."
"Regarding pricing, I'd rate it eight out of ten. It's decent and not too expensive, and small businesses can also afford it. With AWS taking CodeCommit out of the market, I don't see many competitors for small companies in terms of GitHub."
More GitHub pricing and cost advice
"SonarQube price is a little bit higher than Kiuwan's. Kiuwan also gives a little bit of flexibility in terms of pricing."
"I think comparing the product to competitors it should be less expensive."
"We're using their free Community Edition version."
"The development license cost is reasonable, and we've had no concerns about SonarQube when it comes to cost."
"We're using an older version because it is the open-source flavor of it and we can continue using it at no cost. We're not paying any licensing at all, which was another factor in choosing this route so that we can learn and grow with it and not be committed to licenses and other similar things. If we choose to get something else, we have to relearn, but we don't have to relicense. Basically, we're paying no license costs."
"I requested this license for one million lines of code and they accepted this."
"I am satisfied with the pricing."
"We are using the free, unlicensed version."
More SonarQube Server (formerly SonarQube) pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Manufacturing Company
13%
Financial Services Firm
11%
Government
7%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about GitHub?
The control is the most valuable feature as developers can work on a single code.
See all answers
What is your experience regarding pricing and costs for GitHub?
I do not know about the pricing because I do not pay anything. It's free for me.
See all answers
What needs improvement with GitHub?
The solution is really good. I cannot think of improvement needs.
See all answers
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
See all answers
 

Comparisons

Snyk vs GitHub Logo
Snyk vs GitHub
Compared 19% of the time
Fortify on Demand vs GitHub Logo
Fortify on Demand vs GitHub
Compared 16% of the time
AWS CodeCommit vs GitHub Logo
AWS CodeCommit vs GitHub
Compared 13% of the time
Bitbucket vs GitHub Logo
Bitbucket vs GitHub
Compared 10% of the time
Mend.io vs GitHub Logo
Mend.io vs GitHub
Compared 3% of the time
More GitHub Competitors
Checkmarx One vs SonarQube Server (formerly SonarQube) Logo
Checkmarx One vs SonarQube Server (formerly SonarQube)
Compared 17% of the time
Coverity vs SonarQube Server (formerly SonarQube) Logo
Coverity vs SonarQube Server (formerly SonarQube)
Compared 12% of the time
SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube) Logo
SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube)
Compared 12% of the time
GitHub Advanced Security vs SonarQube Server (formerly SonarQube) Logo
GitHub Advanced Security vs SonarQube Server (formerly SonarQube)
Compared 9% of the time
Veracode vs SonarQube Server (formerly SonarQube) Logo
Veracode vs SonarQube Server (formerly SonarQube)
Compared 9% of the time
More SonarQube Server (formerly SonarQube) Competitors
 

Product Reports

Buyer's Guide
GitHub
October 2024
GitHub reportDownload GitHub product report
Buyer's Guide
SonarQube Server (formerly SonarQube)
October 2024
SonarQube Server (formerly SonarQube) reportDownload SonarQube Server (formerly SonarQube) product report
 

Also Known As

No data available
Sonar
 

Learn More

GitHub
Sonar
 

Interactive Demo

Demo not available
GitHub
Sonar
 

Overview

GitHub is a web-based Git repository hosting service. It offers all of the distributed revision control and source code management (SCM) functionality of Git as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a Web-based graphical interface and desktop as well as mobile integration. It also provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.

SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.

SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.

What are the key features of SonarQube Server?
  • Support for 20+ languages: Extensive programming language support suitable for diverse coding environments.
  • Custom coding rules: Allows for tailored rule sets to match specific coding standards.
  • Flexible quality gates: Define criteria for code acceptance at various intervals.
  • CI/CD integration: Seamless integration with Continuous Integration/Continuous Deployment tools.
  • Rich interface: User-friendly dashboard with detailed visual insights.
What benefits should users expect from SonarQube Server?
  • Improved code quality: Enhanced analysis contributes to fewer bugs and improved coding practices.
  • Security enhancements: Identifies and mitigates security vulnerabilities pre-emptively.
  • Maintainability: Reduces technical debt, yielding long-term development efficiency.
  • Customizable: Flexibility in configuration aligns with specific project needs.

Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.

 

Sample Customers

Dominion Enterprises, NASA, Braintree, SAP, CyberAgent
Information Not Available
Buyer's Guide
GitHub vs. SonarQube Server (formerly SonarQube)
October 2024
Free Report: GitHub vs. SonarQube Server (formerly SonarQube)
Find out what your peers are saying about GitHub vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.
DOWNLOAD NOW
814,528 professionals have used our research since 2012.
See our GitHub vs. SonarQube Server (formerly SonarQube) report.
See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.