Try our new research platform with insights from 80,000+ expert users

SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

SonarQube Cloud (formerly S...
Ranking in Static Application Security Testing (SAST)
10th
Average Rating
8.2
Reviews Sentiment
6.3
Number of Reviews
11
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Number of Reviews
113
Ranking in other categories
Application Security Tools (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Static Application Security Testing (SAST) category, the mindshare of SonarQube Cloud (formerly SonarCloud) is 6.8%, up from 6.3% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 28.7%, up from 28.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Diego Moreo - PeerSpot reviewer
Oct 7, 2024
Enhanced code quality with data consolidation needs and good pipeline integration
We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…
Wang Dayong - PeerSpot reviewer
May 10, 2023
Easy to integrate and has a plug-in that supports both C and C++ languages
We use the product to review our software codes. We have integrated the product to review our new delivery code When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of SonarCloud is its overall performance."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The reports from SonarCloud are very good."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"The solution can be installed locally."
"For what it is meant to do, it works pretty well."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs."
"This has improved our organization because it has helped to find Security Vulnerabilities."
"We consider it a handy tool that helps to resolve our issues immediately."
"It provides the security that is required from a solution for financial businesses."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"It is a very good tool for analysis and security vulnerability checking."
"Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration."
 

Cons

"There's room for improvement in the configuration process, particularly during the initial setup phase."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"SonarCloud's UI needs enhancement."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"It would be helpful if notifications could go out to an extra person."
"We had some issues with the scanner."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"A better design of the interface and add some new rules."
"The product provides false reports sometimes."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"The product needs to integrate other security tools for security scanning."
"In terms of what can be improved, the areas that need more attention in the solution are its architecture and development."
"SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers."
"We did have some trouble with the LDAP integration for the console."
 

Pricing and Cost Advice

"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"While not extremely cheap, it aligns well with market standards and offers good value."
"The current pricing is quite cheap."
"I am using the free version of the solution."
"I rate the pricing a five out of ten."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"Compared to similar solutions, SonarQube was more accessible to us and had more benefits, with regards to size of the code base and supported languages. Apart from the Enterprise licensing fee, there are no additional costs."
"The developer edition is based on cost per lines of code."
"It's an open-source product."
"The free version of SonarQube does everything that we need it to."
"I requested this license for one million lines of code and they accepted this."
"On the pricing side, it's 3,000 Euros for 1 million lines of code."
"We did not purchase a license (required for C++ support), but this option was considered."
"I am satisfied with the pricing."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
5%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost.
What needs improvement with SonarCloud?
Reporting features are missing in SonarCloud. We do not have a way to consolidate data within the tool, requiring us to extract data and use Power BI for reports.
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

No data available
Sonar
 

Learn More

 

Interactive Demo

 

Overview

Find out what your peers are saying about SonarQube Cloud (formerly SonarCloud) vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.
814,528 professionals have used our research since 2012.