• Home
  • SonarCloud vs. SonarQube

SonarCloud vs SonarQube comparison

Cancel
You must select at least 2 products to compare!
Sonar Logo

SonarCloud

Read 10 SonarCloud reviews
10,008 views|7,371 comparisons
100% willing to recommend
Sonar Logo

SonarQube

Read 108 SonarQube reviews
53,436 views|42,331 comparisons
80% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
SonarCloud vs. SonarQube
March 2024
Executive Summary
Updated on Mar 20, 2023

We performed a comparison between SonarCloud and SonarQube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Based on the reviews, both SonarCloud and SonarQube appear to have relatively straightforward deployment processes, although some minor issues were reported with the initial setup of each platform.
  • Features: SonarCloud is best for startups and mid-size companies, discovering vulnerabilities, security weak points, and feedback on feature branches. SonarQube detects code quality during development, code standard rules, and covers top OWASP vulnerabilities, with easy DevOps pipeline configuration. Its dynamic testing and automation could be improved.
  • Pricing: SonarCloud pricing is based on the number of users, services, and lines of code. SonarQube offers a free open source version and a yearly subscription for the enterprise version.
  • Service and Support: SonarCloud has community support, but not technical support. SonarQube offers online resources and support at an additional cost.

Comparison Result: Based on the parameters we compared, SonarQube comes out ahead of SonarCloud. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that SonarCloud lacks technical support.

To learn more, read our detailed SonarCloud vs. SonarQube Report (Updated: March 2024).
Download the complete report
768,857 professionals have used our research since 2012.
Featured Review
Huzaifa Asif
A comprehensive code quality management offering all-in-one functionality, including static code analysis, security...
Through SonarCloud, we gain insights, especially in a microservices environment with product-based products. It provides valuable guidance in... Read more →
BudiSetiawan
This solution is simple to use and can be quickly deployed
The solution has helped us to find flaws in the Syntax and comply with requirements.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules.""The solution can be installed locally.""The most valuable feature of SonarCloud is its overall performance.""For what it is meant to do, it works pretty well.""I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is.""Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.""SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs.""The reports from SonarCloud are very good."

More SonarCloud Pros →

"We advise all of our developers to have this solution in place.""It is a very good tool for analysis despite its limitations.""We consider it a handy tool that helps to resolve our issues immediately.""We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part.""It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition.""The overall quality of the indicator is good.""Code Convention: Using the tool to implement some sort of coding convention is really useful and ensures that the code is consistent no matter how many contributors.""We have worked with the support from SonarQube and we have had good experiences."

More SonarQube Pros →

Cons
"We had some issues with the scanner.""I've been told by the developers that the solution is too limited. It's not testing enough within the containers.""The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit.""SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive.""SonarCloud's UI needs enhancement.""CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling.""It would be helpful if notifications could go out to an extra person.""The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."

More SonarCloud Cons →

"We did have some trouble with the LDAP integration for the console.""SonarQube could improve its static application security testing as per the industry standard.""From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not.""It would be better if SonarQube provided a good UI for external configuration.""The reporting can be improved.""The solution could improve by having better-consulting services.""Currently requires multiple tools, lacking one overall tool.""SonarQube is not development-centric like Snyk."

More SonarQube Cons →

Pricing and Cost Advice
  • "The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
  • "The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
  • "I am using the free version of the solution."
  • "I rate the pricing a five out of ten."
  • "While not extremely cheap, it aligns well with market standards and offers good value."
  • "The current pricing is quite cheap."

    • More SonarCloud Pricing and Cost Advice →

  • "This is open source."
  • "We did not purchase a license (required for C++ support), but this option was considered."
  • "Get the paid version which allows the customized dashboard and provides technical support."
  • "People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it."
  • "This product is open source and very convenient."
  • "The licence is standard open source licensing"
  • "The price point on SonarQube is good."
  • "Some of the plugins that were previously free are not free now."

    • More SonarQube Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    768,857 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about SonarCloud?
    Top Answer:Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
    Read all 9 answers   →
    What is your experience regarding pricing and costs for SonarCloud?
    Top Answer:I would rate the price an eight out of ten because it's reasonable. While not extremely cheap, it aligns well with market standards and offers good value. It's an all-inclusive package where you pay a… more »
    Read all 7 answers   →
    What needs improvement with SonarCloud?
    Top Answer:There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation could… more »
    Read all 9 answers   →
    Is SonarQube the best tool for static analysis?
    Top Answer:I am not very familiar with SonarQube and their solutions, so I can not answer But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have  a look… more »
    Read all 10 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Ranking
    10th
    out of 67 in Application Security Testing (AST)
    Views
    10,008
    Comparisons
    7,371
    Reviews
    8
    Average Words per Review
    524
    Rating
    8.4
    1st
    out of 67 in Application Security Testing (AST)
    Views
    53,436
    Comparisons
    42,331
    Reviews
    19
    Average Words per Review
    391
    Rating
    8.0
    Comparisons
    Veracode logo
    Veracode vs. SonarCloud
    Compared 7% of the time.
    Checkmarx One logo
    Checkmarx One vs. SonarCloud
    Compared 5% of the time.
    OWASP Zap logo
    OWASP Zap vs. SonarCloud
    Compared 3% of the time.
    GitLab logo
    GitLab vs. SonarCloud
    Compared 3% of the time.
    Coverity logo
    Coverity vs. SonarCloud
    Compared 2% of the time.
    More SonarCloud Competitors   →
    Checkmarx One logo
    Checkmarx One vs. SonarQube
    Compared 21% of the time.
    Coverity logo
    Coverity vs. SonarQube
    Compared 11% of the time.
    Veracode logo
    Veracode vs. SonarQube
    Compared 10% of the time.
    Snyk logo
    Snyk vs. SonarQube
    Compared 7% of the time.
    Sonatype Lifecycle logo
    Sonatype Lifecycle vs. SonarQube
    Compared 5% of the time.
    More SonarQube Competitors   →
    Also Known As
    Sonar
    Learn More
    Sonar
    Sonar
    Interactive Demo
    Sonar
    Watch a demo
    Sonar
    Watch a demo
    Overview

    SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security analysis as a service. SonarCloud integrates seamlessly with popular version control and CI/CD platforms such as GitHub, Bitbucket, and Azure DevOps. It provides static code analysis to identify and help remediate issues such as bugs and security vulnerabilities. SonarCloud enables developers to receive immediate feedback on their code within their development environment, facilitating the maintenance of high-quality code standards, and promoting a culture of continuous improvement in software development projects. It helps produce software that is secure, reliable, and maintainable. SonarCloud is free for open-source projects and is offered as a paid subscription for private projects, priced per lines of code.

    SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of your release pipeline, displaying pass/fail results for new code based on quality profiles you customize to your company standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production.

    At its core, SonarQube includes a static code analyzer that identifies bugs, security vulnerabilities, hidden secrets, and code smells. The platform guides you through issue resolution, fostering a culture of continuous improvement. SonarQube’s comprehensive reporting is a valuable tool for dev teams to monitor their codebase's overall health and quality across multiple projects in their portfolio. With SonarQube, you can achieve a state of Clean Code, leading to secure, reliable, and maintainable software.

    Sonar is the only solution combining the power of industry-leading software quality analysis with static application security testing (SAST) and real-time coding guidance in the IDE (with SonarLint) to meet the DevOps and DevSecOps demand of putting agility, automation, and security in the hands of developers. Further accelerate DevOps continuous integration by helping developers find and fix issues in code before the software testing stage, reducing the churn of finding, fixing, rebuilding, and retesting your app.

    With over 5,000 Clean Code rules, SonarQube analyzes 30+ of the most popular programming languages, including dozens of frameworks, the top DevOps platforms (GitLab, GitHub, Azure DevOps, and Bitbucket, and more), and the leading infrastructure as code (IaC) platforms.

    SonarQube is the most trusted static code analyzer used by over 7 million developers and 400,000 organizations globally to clean over half a trillion lines of code.

    Sample Customers
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm9%
    Manufacturing Company9%
    Healthcare Company5%
    REVIEWERS
    Computer Software Company30%
    Financial Services Firm21%
    Comms Service Provider7%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Financial Services Firm17%
    Computer Software Company15%
    Manufacturing Company11%
    Government6%
    Company Size
    REVIEWERS
    Small Business56%
    Midsize Enterprise33%
    Large Enterprise11%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise19%
    Large Enterprise58%
    REVIEWERS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise71%
    Buyer's Guide
    SonarCloud vs. SonarQube
    March 2024
    Free Report: SonarCloud vs. SonarQube
    Find out what your peers are saying about SonarCloud vs. SonarQube and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,857 professionals have used our research since 2012.

    SonarCloud is ranked 10th in Application Security Testing (AST) with 10 reviews while SonarQube is ranked 1st in Application Security Testing (AST) with 108 reviews. SonarCloud is rated 8.4, while SonarQube is rated 8.0. The top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". SonarCloud is most compared with Veracode, Checkmarx One, OWASP Zap, GitLab and Coverity, whereas SonarQube is most compared with Checkmarx One, Coverity, Veracode, Snyk and Sonatype Lifecycle. See our SonarCloud vs. SonarQube report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.