Try our new research platform with insights from 80,000+ expert users

SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

SonarQube Cloud (formerly S...
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
113
Ranking in other categories
Application Security Tools (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of December 2024, in the Static Application Security Testing (SAST) category, the mindshare of SonarQube Cloud (formerly SonarCloud) is 7.0%, up from 6.6% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 28.7%, up from 28.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Diego Moreo - PeerSpot reviewer
Enhanced code quality with data consolidation needs and good pipeline integration
We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…
Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution can be installed locally."
"The most valuable feature of SonarCloud is its overall performance."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"The reports from SonarCloud are very good."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"The solution's user interface is very user-friendly."
"It has very good scalability and stability."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"This solution has helped with the integration and building of our CICD pipeline."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"The software quality gate streamlines the product's quality."
 

Cons

"SonarCloud's UI needs enhancement."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"Reporting features are missing in SonarCloud."
"The solution needs to improve its customization and flexibility."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"SonarQube needs to improve its ease of use, integration with third-party platforms, and scalability."
"The solution could improve by providing more advanced technologies."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"The product's user documentation can be vastly improved."
"We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."
"The pricing could be reduced a bit. It's a little expensive."
"We could use some team support, but since we are using the community version, it's not available."
 

Pricing and Cost Advice

"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"The current pricing is quite cheap."
"I rate the pricing a five out of ten."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"While not extremely cheap, it aligns well with market standards and offers good value."
"I am using the free version of the solution."
"I requested this license for one million lines of code and they accepted this."
"I use the full trial version of SonarQube."
"I think comparing the product to competitors it should be less expensive."
"We are using the community version of the solution and we plan on purchasing licenses for the upgraded version soon. There is a limitation on how many lines of code can be scanned and this is why we are going to purchase a license for an increased amount."
"We're using their free Community Edition version."
"The beauty of this solution is the free open-source version is capable enough in doing pretty much what an enterprise-level version can do."
"We are using the open-source community version, but there are enterprise licenses available."
"We are using the Developer Edition and the cost is based on the amount of code that is being processed."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
824,106 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
5%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost.
What needs improvement with SonarCloud?
Reporting features are missing in SonarCloud. We do not have a way to consolidate data within the tool, requiring us to extract data and use Power BI for reports.
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

No data available
Sonar
 

Learn More

 

Interactive Demo

 

Overview

Find out what your peers are saying about SonarQube Cloud (formerly SonarCloud) vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: December 2024.
824,106 professionals have used our research since 2012.