Try our new research platform with insights from 80,000+ expert users

GitHub vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

GitHub
Ranking in Application Security Tools
11th
Average Rating
8.8
Reviews Sentiment
7.7
Number of Reviews
87
Ranking in other categories
Version Control (3rd)
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of GitHub is 0.9%, up from 0.8% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

AjayKrishna - PeerSpot reviewer
Sep 11, 2024
Reduces project delivery times and costs
I think one area where GitHub could improve is its search and navigation functionality within repositories. For example, we use IDEs like IntelliJ or Visual Studio Code when developing code. These IDEs allow us to easily navigate from one piece of code to another file where a method is being called. It would be really helpful if the solution could add this navigation feature. It would allow us to move from one class file to another more easily, helping us search quicker and follow the code flow completely within GitHub. This would be more convenient than having to import the code into our local IDE to look at the code flow and navigate through it. Adding this kind of IDE-like navigation within the tool would make the user experience more seamless and efficient.
Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the fact that it's cloud-based, and we don't have to manage an on-premises server to use it."
"Our code is secure."
"It is really simple to set up."
"The most valuable feature is the source code management. It's very helpful and it's a great product."
"The tool is valuable because it helps us work in a distributed environment with multiple people across different locations and time zones. We have a common repository that everyone works on, which would be tough to manage manually. GitHub helps us maintain this single source of truth. Everyone can check out their own branches, which is important for our branching strategies. We can fork, check out feature branches, work on our code, and merge back into parent branches for deployment. This is crucial when multiple people are working on the same codebase."
"This solution is very easy to use which I like about it. The capacity to own artifacts and share them with others is another good feature. You don't have to write all your code from scratch, you can use available templates and alter the code according to your needs."
"GitHub's source code management is top-notch. It's easy to inspect changes and visualize code and differences. Their action system is comprehensive in terms of making changes and automation."
"GitHub provides good time reduction and this is what I value the most."
"Provides local scanning for developers."
"This solution is simple to use and can be quickly deployed."
"It is a very good tool for analysis and security vulnerability checking."
"The software quality gate streamlines the product's quality."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"The solution has a plug-in that supports both C and C++ languages."
 

Cons

"GitHub could expand the limits of the free version."
"The GUI design is poor, so I exclusively use the CLI, which is much easier to use and understand. It would be great to see the GUI updated to be more user-friendly."
"GitHub could add some more security features."
"GitHub storage is one of the main requirements and it could improve."
"GitHub could automate the setup process more, such as creating YAML files for GitHub Actions."
"There can be conflict issues when two developers work on the same file or line of code, and it would be great to see that improved, possibly with an AI solution."
"GitHub could have better integration or capability with other solutions."
"There could be some improvements related to the automation of certain processes, especially with the integration of artificial intelligence."
"Monitoring is a feature that can be improved in the next version."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"The product must improve security analysis."
"The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at."
"The solution could improve by having better-consulting services."
"The security in SonarQube could be better."
 

Pricing and Cost Advice

"My company purchased it. Before, we used to receive the free version, but then they purchased some of the features."
"There are no licensing fees for the features that we use."
"The price of this solution is reasonable."
"It’s an open-source solution."
"We pay a subscription-based yearly licensing fee for the solution."
"We are currently paying nothing for GitHub."
"The tool offers a free program. As you go, you can upgrade from the community version to the professional one. I believe it costs about ten dollars per person, per month."
"Regarding pricing, I'd rate it eight out of ten. It's decent and not too expensive, and small businesses can also afford it. With AWS taking CodeCommit out of the market, I don't see many competitors for small companies in terms of GitHub."
"SonarQube price is a little bit higher than Kiuwan's. Kiuwan also gives a little bit of flexibility in terms of pricing."
"I think comparing the product to competitors it should be less expensive."
"We're using their free Community Edition version."
"The development license cost is reasonable, and we've had no concerns about SonarQube when it comes to cost."
"We're using an older version because it is the open-source flavor of it and we can continue using it at no cost. We're not paying any licensing at all, which was another factor in choosing this route so that we can learn and grow with it and not be committed to licenses and other similar things. If we choose to get something else, we have to relearn, but we don't have to relicense. Basically, we're paying no license costs."
"I requested this license for one million lines of code and they accepted this."
"I am satisfied with the pricing."
"We are using the free, unlicensed version."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Manufacturing Company
13%
Financial Services Firm
11%
Government
7%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about GitHub?
The control is the most valuable feature as developers can work on a single code.
What is your experience regarding pricing and costs for GitHub?
I do not know about the pricing because I do not pay anything. It's free for me.
What needs improvement with GitHub?
The solution is really good. I cannot think of improvement needs.
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

No data available
Sonar
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Dominion Enterprises, NASA, Braintree, SAP, CyberAgent
Information Not Available
Find out what your peers are saying about GitHub vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.