Try our new research platform with insights from 80,000+ expert users

GitLab vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

GitLab
Ranking in Application Security Tools
7th
Ranking in Static Application Security Testing (SAST)
8th
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
75
Ranking in other categories
Build Automation (1st), Release Automation (2nd), Rapid Application Development Software (10th), Software Composition Analysis (SCA) (5th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (3rd)
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Software Development Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of GitLab is 3.0%, up from 2.5% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Corné den Hollander - PeerSpot reviewer
Sep 15, 2022
Powerful, mature, and easy to set up and manage
It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful. In terms of additional features, nothing comes to mind. One of the potential pitfalls is to keep adding new features and functionalities. They can just improve some of the existing features to make it high-end, top-quality. I don't have any substantial experience with agile planning. I don't know the industries GitLab is in, and I don't know why they make decisions like this, but as a customer, I would rather see them invest in improving the basic agile planning functionalities rather than adding, for example, portfolio planning features. That's because if I'm going to do portfolio planning, I probably will also need a lot of business users. I'm not sure if I want them in GitLab, I'd rather have them in Jira collaborating with me on portfolio planning. That's way better fitted for that type of work.
Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"GitLab is a solution for source code management, container registry, pipelines, testing, and deployment."
"The initial setup of GitLab is pretty simple, with no complications."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code."
"GitLab's best features are continuous integration and fast deployment."
"CI/CD and GitLab scanning are the most valuable features."
"This product is always evolving, and they listen to the customers."
"The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints."
"The most valuable features are the segregation containment and the suspension of product services."
"SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
"We advise all of our developers to have this solution in place."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"The code coverage feature is very good."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"The product has a friendly UI that is easy to use and understand."
 

Cons

"I'm new to GitLab, so I would appreciate more documentation about the code and commands."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"We do face issues in our company when we run out of disk space."
"Technologies are always changing. Nowadays, new things like serverless computing and workload management have emerged. We have noticed a few gap items for faster service delivery. For example, we do user interface testing in the latest team and automate it using some tools. Recently, we integrated a tool with user interface testing, which can simulate a multi-user environment. So, we would like to see more integration with different platforms."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"The solution should again offer an on-premises deployment option."
"It has fewer options, and its UI is not so user-friendly."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"This solution finds issues that are similar to what is found by Checkmarx, and it would be nice if the overlap could be eliminated."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
 

Pricing and Cost Advice

"In total, I believe we have more than 300 licenses spread over about 100 users, though I can't comment on the costs involved."
"GitLab is cheap."
"GitLab is highly priced for smaller teams, but it's okay if considering a user base of thousands."
"GitLab is an open-source solution."
"The solution is based on a subscription model and is reasonably priced."
"In terms of the pricing for GitLab, on a scale of one to five, with one being expensive and five being cheap, I'm rating pricing for the solution a four. It could still be cheaper because right now, my company has a small team, and sometimes it's difficult to use a paid product for a small team. You'd hope the team will grow and scale, but currently, you're paying a high license fee for a small team. I'm referring to the GitLab license that has premium features and will give you all features. This can be a problem for management to approve the high price of the license for a team this small."
"The solution is based on a licensing model that includes technical support and is paid annually."
"We are currently using the open-source version."
"I think comparing the product to competitors it should be less expensive."
"I do not know about the pricing as I am using the community edition, which is free. But I compared the pricing with Sigma, and it is higher than SonarQube."
"Get the paid version which allows the customized dashboard and provides technical support."
"The beauty of this solution is the free open-source version is capable enough in doing pretty much what an enterprise-level version can do."
"We are using the Developer Edition and the cost is based on the amount of code that is being processed."
"It's an open-source solution, with no additional costs."
"A low cost long-term solution for non-critical situations."
"SonarQube price is a little bit higher than Kiuwan's. Kiuwan also gives a little bit of flexibility in terms of pricing."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
28%
Computer Software Company
11%
Financial Services Firm
11%
Manufacturing Company
9%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
What needs improvement with GitLab?
In the next release, I would like to see GitLab expand its integration capabilities to include platforms like DigitalOcean, which developers widely use for cloud infrastructure. Enhancing CI/CD aut...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

Fuzzit
Sonar
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Information Not Available
Find out what your peers are saying about GitLab vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.