We compared SonarQube and GitLab based on our user's reviews in several parameters.
SonarQube and GitLab are both praised for their reasonable pricing, flexibility in licensing, and positive return on investment. SonarQube stands out with its comprehensive code quality features, user-friendly interface, and prompt customer support. Meanwhile, GitLab excels in robust version control, CI/CD pipelines, and collaboration tools, with users highlighting its intuitive interface and strong community support. Areas for improvement include enhancing analysis speed and user interface for SonarQube, as well as improving performance and project management features for GitLab.
Features: SonarQube stands out with features such as support for multiple languages, integration with DevOps pipelines, and accurate vulnerability detection. Meanwhile, GitLab impresses users with its robust version control capabilities, efficient CI/CD pipelines, and strong integration with other development tools.
Pricing and ROI: Regarding setup cost, SonarQube is described as straightforward and easy, with users appreciating its simplicity. On the other hand, GitLab's setup cost is also reported to be easy and straightforward, but no additional details are provided., SonarQube has been highly praised for its ability to improve code quality, detect vulnerabilities, and enhance project efficiency, resulting in cost savings and increased productivity. Similarly, GitLab has also yielded positive returns, satisfying users and proving to be a valuable investment.
Room for Improvement: SonarQube may benefit from improvements in analysis speed, user interface navigation, setup instructions, documentation clarity, occasional performance issues, and integration options. GitLab could enhance its user interface, performance, project management features, code review process, and navigation intuitiveness.
Deployment and customer support: User feedback on SonarQube indicated varying durations for implementation. Some users took 3 months for deployment and 1 week for setup, while others took 1 week for both. In contrast, user feedback on GitLab varied extensively in terms of deployment and setup durations., SonarQube's customer service is praised for its prompt and knowledgeable assistance, while GitLab is commended for consistently providing effective troubleshooting and helpful guidance. GitLab also offers detailed documentation and a strong community for collaboration and problem-solving.
The summary above is based on 84 interviews we conducted recently with SonarQube and GitLab users. To access the review's full transcripts, download our report.
"The most valuable feature of GitLab is its security."
"I have found the most valuable feature is security control. I also like the branching and cloning software."
"The most valuable features of GitLab are ease of use and highly intuitive UI and performance."
"The solution has an established roadmap that lays out its plans for upgrades over the next two to three years."
"The solution's service delivery model is fantastic."
"The most valuable feature of GitLab is its convenience. I am able to trace back most of my changes up to a far distance in time and it helps me to analyze and see the older version of the code."
"The most valuable feature of GitLab is the ability to upload scripts and make changes when needed and then reupload them. Additionally, the solution is user-friendly."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"It's enabled us to improve software quality and help us to disseminate best practices."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"It automatically scans for code, detects vulnerabilities, and generates daily reports."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"This solution has the capability to analyze source code in almost all the languages in the market."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"The stability is good."
"It has very good scalability and stability."
"Reporting could be improved."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"The solution could be faster."
"The solution should again offer an on-premises deployment option."
"The documentation could be improved to help newcomers better understand things like creating new branches."
"GitLab could add a plugin to integrate with Kubernetes stuff."
"The integration and storage capabilities could be better."
"It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful."
"SonarQube could improve its static application security testing as per the industry standard."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"I have found this solution creates more noise than competitors."
"A little bit more emphasis on security and a bit more security scanning features would be nice."
"Code security scanning could be improved."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment."
GitLab is ranked 7th in Application Security Tools with 70 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. GitLab is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, Tekton and TeamCity, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Klocwork. See our GitLab vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.