We compared SonarQube and GitLab based on our user's reviews in several parameters.
SonarQube and GitLab are both praised for their reasonable pricing, flexibility in licensing, and positive return on investment. SonarQube stands out with its comprehensive code quality features, user-friendly interface, and prompt customer support. Meanwhile, GitLab excels in robust version control, CI/CD pipelines, and collaboration tools, with users highlighting its intuitive interface and strong community support. Areas for improvement include enhancing analysis speed and user interface for SonarQube, as well as improving performance and project management features for GitLab.
Features: SonarQube stands out with features such as support for multiple languages, integration with DevOps pipelines, and accurate vulnerability detection. Meanwhile, GitLab impresses users with its robust version control capabilities, efficient CI/CD pipelines, and strong integration with other development tools.
Pricing and ROI: Regarding setup cost, SonarQube is described as straightforward and easy, with users appreciating its simplicity. On the other hand, GitLab's setup cost is also reported to be easy and straightforward, but no additional details are provided., SonarQube has been highly praised for its ability to improve code quality, detect vulnerabilities, and enhance project efficiency, resulting in cost savings and increased productivity. Similarly, GitLab has also yielded positive returns, satisfying users and proving to be a valuable investment.
Room for Improvement: SonarQube may benefit from improvements in analysis speed, user interface navigation, setup instructions, documentation clarity, occasional performance issues, and integration options. GitLab could enhance its user interface, performance, project management features, code review process, and navigation intuitiveness.
Deployment and customer support: User feedback on SonarQube indicated varying durations for implementation. Some users took 3 months for deployment and 1 week for setup, while others took 1 week for both. In contrast, user feedback on GitLab varied extensively in terms of deployment and setup durations., SonarQube's customer service is praised for its prompt and knowledgeable assistance, while GitLab is commended for consistently providing effective troubleshooting and helpful guidance. GitLab also offers detailed documentation and a strong community for collaboration and problem-solving.
The summary above is based on 84 interviews we conducted recently with SonarQube and GitLab users. To access the review's full transcripts, download our report.
"The solution makes the CI/CD pipelines easy to execute."
"Everything is easy to configure and easy to work with."
"The most valuable features of GitLab are the review, patch repo, and plans are in YAML."
"It is a speedy platform compared to the others I have used. I have also enjoyed using the platform as this solution offers a good user experience."
"The solution's service delivery model is fantastic."
"As a developer, this solution is useful as a repository holder because most of the POC projects that we have are on GitLab."
"This is a scalable solution. We had around 200 users working with it."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"Before you even compile, it can catch known vulnerability issues or patterns."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"We consider it a handy tool that helps to resolve our issues immediately."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis."
"There is a free version."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"GitLab could add a plugin to integrate with Kubernetes stuff."
"I would like to see better integration with project management tools such as Jira."
"We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment."
"Our developers have complained about the Quality Gates and the number of false positives that this product reports."
"I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."
"A better design of the interface and add some new rules."
"The solution could improve by providing more advanced technologies."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
GitLab is ranked 7th in Application Security Tools with 70 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. GitLab is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, Tekton and TeamCity, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Klocwork. See our GitLab vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.