We performed a comparison between SonarCloud and SonarQube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, SonarQube comes out ahead of SonarCloud. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that SonarCloud lacks technical support.
"The most valuable feature of SonarCloud is its overall performance."
"The reports from SonarCloud are very good."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"The solution can be installed locally."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"For what it is meant to do, it works pretty well."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"We consider it a handy tool that helps to resolve our issues immediately."
"SonarQube is useful for controlling all of our Azure task tracking and scanning."
"We are using the Community edition. So, we don't have to incur any licensing costs. This is the best part."
"The SonarQube dashboard looks great."
"It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition."
"The most valuable features are the segregation containment and the suspension of product services."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"SonarCloud's UI needs enhancement."
"We had some issues with the scanner."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"It would be helpful if notifications could go out to an extra person."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"The product must improve security analysis."
"Our developers have complained about the Quality Gates and the number of false positives that this product reports."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"There are limitations to the free version that limit development options as far as languages."
"SonarQube needs to improve its ease of use, integration with third-party platforms, and scalability."
SonarCloud is ranked 10th in Application Security Testing (AST) with 10 reviews while SonarQube is ranked 1st in Application Security Testing (AST) with 110 reviews. SonarCloud is rated 8.4, while SonarQube is rated 8.0. The top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". SonarCloud is most compared with Veracode, Checkmarx One, OWASP Zap, GitLab and Coverity, whereas SonarQube is most compared with Checkmarx One, Coverity, Veracode, Snyk and GitHub Advanced Security. See our SonarCloud vs. SonarQube report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.