SonarQube Cloud (formerly SonarCloud) Reviews

Name: SonarQube Cloud (formerly SonarCloud)
Brand: Sonar
Rating: 4 (11 reviews)

Vendor: Sonar

4.1 out of 5

11 reviews
100% willing to recommend

What is SonarQube Cloud (formerly SonarCloud)?

SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.

Get the SonarQube Cloud (formerly SonarCloud) Buyer's Guide and find out what your peers are saying about SonarQube Cloud (formerly SonarCloud), SonarQube Server (formerly SonarQube), Veracode and more!

SonarQube Cloud (formerly SonarCloud) is the #10 ranked solution in AST tools. PeerSpot users give SonarQube Cloud (formerly SonarCloud) an average rating of 8.2 out of 10. Based on the analysis of the 11 most recent SonarQube Cloud (formerly SonarCloud) reviews, the overall sentiment is positive, with a sentiment score of 6.3. (Among the highest in the category). SonarQube Cloud (formerly SonarCloud) is most commonly compared to SonarQube Server (formerly SonarQube): SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube). SonarQube Cloud (formerly SonarCloud) is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.

Buyer's Guide

SonarQube Cloud (formerly SonarCloud)

October 2024

Get the report

Helped 814,528 peers since 2012

Featured reviews

Diego Moreo

Software Quality Coordinator at a retailer with 10,001+ employees

We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…

Read full review

SenthuranPooranananthan

Senior Director of DevOps at Asset Works

The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions. Having SonarCloud on the cloud there is no maintenance because they patch everything. It's easy to maintain, but it may be a problem with very large organizations because of some of the false-positive and you may need to be very cautious on very large enterprises. The solution is best suited for startups and mid-size companies. It is supporting the mono and multi report and overall they're always improving. Initially, they did not support the mono report, now they started supporting the mono report approach, when is a benefit.

Read full review

Huzaifa Asif

Cloud Engineer | Solution Architect at Respond.io

There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation could use improvement in providing clearer instructions. I found myself needing to engage with support multiple times to navigate through certain aspects. Additionally, it would be beneficial if it could streamline the integration process for new features. Enhancing documentation on how to integrate these features seamlessly would go a long way in improving user experience. The introduction of an auto-commit functionality would be a valuable addition. Some other tools offer this feature, allowing for the automatic creation of pull requests to address identified issues. This functionality significantly reduces the manual effort required.

Read full review

SonarQube Cloud (formerly SonarCloud) mindshare

As of November 2024, the mindshare of SonarQube Cloud (formerly SonarCloud) in the Static Application Security Testing (SAST) category stands at 6.8%, up from 6.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Key learnings from peers

Last updated Oct 30, 2024

Valuable Features

SonarQube Cloud's key features are its effective analysis of vulnerabilities, security issues, and code quality, seamless cloud maintenance, continuous code monitoring, and improved code quality through real-time feedback. Users appreciate its compatibility with multiple reports, user-friendly interface, and integration with version control. Though noted for having integration challenges within certain CI/CD pipelines, recent support for mono reports and microservices adds value. It’s ideal for small to mid-sized companies due to its affordability and efficiency.

"The SaaS solution for checking code without execution and dealing with security issues is valuable."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."

Room for Improvement

SonarQube Cloud (formerly SonarCloud) users report a need for enhanced testing capabilities within containers and improved false positive handling. They seek better customization, flexibility, and UI enhancements. Many suggest improved integration within CI/CD pipelines and more robust reporting capabilities. Users find the setup process challenging and request better documentation guidance. An alert system for third parties and auto-commit functionality for addressing issues are desired features. Lack of integrated reporting leads users to rely on external tools like Power BI.

"Reporting features are missing in SonarCloud."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"There's room for improvement in the configuration process, particularly during the initial setup phase."

ROI

Pricing

SonarQube Cloud's pricing is generally perceived as reasonable but varies significantly depending on the number of lines of code. Many users find it cost-effective, especially compared to competitors. However, some feel it can be expensive, particularly for larger codebases. Pricing is structured based on lines of code, with specific fees for packages, such as approximately $4,000 per million lines annually. Some users note options for community and on-premise versions, with differing costs and benefits.

"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"The current pricing is quite cheap."
"While not extremely cheap, it aligns well with market standards and offers good value."

Popular Use Cases

Organizations utilize SonarQube Cloud (formerly SonarCloud) primarily for static code analysis. It is used across multiple repositories, integrated with CI/CD pipelines, and enables detection of vulnerabilities, bugs, and inconsistencies at the pull request level. SonarQube Cloud assists in clean code maintenance, addressing code duplication, and optimizing security testing processes. Teams standardize its use for application security, ensuring high-quality code through iterative scanning in development cycles, and serving as a quality gate for production.

Service and Support

Customers mention mixed feedback regarding SonarQube Cloud's support. Some report prompt communication and proactive engagement, while others find a lack of timely responses. Community support is available, lacking technical backing, with some suggesting improvements in integration and open-source community engagement. Ratings vary, with some users wanting more proactive support, documentation, and integration management. While some find the support effective and quick, others suggest that more robust technical resources could enhance user satisfaction.

Deployment

SonarQube Cloud's initial setup varies in complexity. Some find it straightforward and quick, completing it in about 10 minutes, while others encounter challenges. Implementation can be difficult for less experienced engineers, requiring significant manual effort, with one group taking one to two months. Some suggest adding an auto-commit feature to reduce complexity. Many are content with the ease of setup, though opinions differ based on individual experiences.

Scalability

SonarQube Cloud (formerly SonarCloud) exhibits high scalability, handling expanding user bases effectively across various organizations. Users appreciate its capability to scale with project needs, though billing is influenced by scanned lines. Many rate its scalability highly, with some noting tens to hundreds of users without encountering issues. Companies generally find it suitable for larger teams and multiple applications, facilitating independent scanning of numerous services.

Stability

SonarQube Cloud (formerly SonarCloud) is generally stable, with users rating its stability highly. It provides good feedback on code, but some features need improvement for a better user experience. The integration process is a bit complex for untrained users, requiring better documentation. Users have experienced some challenges with GitLab CI/CD pipeline automation and build time optimization. An instance of downtime was reported, but stability is otherwise reliable. Improvements in onboarding and community engagement are suggested.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our SonarQube Cloud (formerly SonarCloud) Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

19%

Financial Services Firm

10%

Manufacturing Company

Insurance Company

Healthcare Company

Retailer

Construction Company

Educational Organization

Government

University

Energy/Utilities Company

Comms Service Provider

Media Company

Hospitality Company

Outsourcing Company

Non Profit

Real Estate/Law Firm

Logistics Company

Wholesaler/Distributor

Legal Firm

Recreational Facilities/Services Company

Pharma/Biotech Company

Performing Arts

Transportation Company

Marketing Services Firm

Wellness & Fitness Company

Compare SonarQube Cloud (formerly SonarCloud) with alternative products

Learn more about SonarQube Cloud (formerly SonarCloud)

SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.

What are the key features of SonarQube Cloud?

Vulnerability Detection: Identifies potential security threats within code.
Security Hotspots: Highlights sections of the code that require closer inspection.
Feedback on Feature Branches: Enables early detection and resolution of quality issues.
No Maintenance: Ensures focus remains on development rather than tool upkeep.
Mono and Multi-Reports: Offers diverse insights into code quality.

What benefits should users look for?

Integration Ease: Seamlessly connects with popular development platforms.
Continuous Code Analysis: Provides consistent feedback to improve code standards.
Unified Quality View: Dashboard offers a comprehensive look at code metrics.
Security Insights: Detailed information on vulnerabilities and their impact.

In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.