Sonarqube

SonarQube enables the team to systematically deliver code that meets high-quality standards. It makes sure that the code is free from any vulnerabilities at every project phase.

Category:

Overview

Tool Description

 
What is Sonaeqube  ?

SonarQube enables the team to systematically deliver code that meets high-quality standards. It makes sure that the code is free from any vulnerabilities at every project phase.  SonarQube integrates into the developers’ CI/CD pipeline and DevOps platform to detect and help fix issues in the code while performing continuous inspection of projects.

Deployment Options

Saas
Self Manage
Features

Supports Static Application Security Testing (SAST) Self-managed.
Easy and deep integration into your enterprise environment. Supports 30+ languages, frameworks and IaC platforms.
Easy integration with CI/CD. Run as a service, on Docker, or with Kubernetes with vertical and horizontal scaling support, plus multi-threaded, server-side processing.
5,000+ coding rules. Support for Sonarlint IDE integration

Pricing

Developer
Enterprise
Data Center
From $160/yr
(100k lines of code)

SonarQube is priced per instance per year and based on your lines of code (LOC). SonarQube Developer Edition allows for unlimited users, projects and scans, while including the following features:

  • SonarLint IDE integration
  • Branch analysis
  • Pull Request decoration
  • Taint analysis
  • Detection of advanced bugs causing runtime errors & crashes
  • 25+ languages
From $21,000/yr
(1M lines of code)

SonarQube is priced per instance per year and based on your lines of code (LOC). SonarQube Enterprise Edition allows for unlimited users, projects and scans, while including the following features:

  • SonarLint IDE integration
  • Branch analysis
  • Pull Request decoration
  • Taint analysis
  • Detection of advanced bugs causing runtime errors & crashes
  • 30+ languages
  • Multiple DevOps platforms – multiple configurations for each DevOps platform
  • Parallel processing of analysis reports
  • Monorepo support for PR Decoration
  • Security engine customization
  • Security reports
  • Portfolio Management & PDF Executive Reports
  • Project PDF reports
  • Regulatory reports to record release state & quality
  • Audit trailing
  • Project transfer
  • 2 additional test/stage licenses
From $136,000/yr
(20M  LOC)

SonarQube is priced per instance per year and based on your lines of code (LOC). SonarQube Data Center Edition allows for unlimited users, projects and scans, while including the following features:

  • SonarLint IDE integration
  • Branch analysis
  • Pull Request decoration
  • Taint analysis
  • Detection of advanced bugs causing runtime errors & crashes
  • 30+ languages
  • Multiple DevOps platforms – multiple configurations for each DevOps platform
  • Parallel processing of analysis reports
  • Mono repo support for PR Decoration
  • Security engine customization
  • Security reports
  • Portfolio Management & PDF Executive Reports
  • Project PDF reports
  • Regulatory reports to record release state & quality
  • Audit trailing
  • Project transfer
  • 3 additional test/stage licenses
  • Component redundancy
  • Data resiliency
  • Horizontal scalability

Demo

Our Expertise help you in an apt tool pick. Our consultancy services can help you make the best choice.

Comparative Analysis

Tools Name
Sonarqube
​Snyk​
Veracode
Gitlab
Checkmarx
Pricing
Developer
From $160/yr
(100k lines of code)

Enterprise
From $21,000/yr
(1M lines of code)

Data Center
From $136,000/yr
(20MLOC)
Free forever
$0 per dev/month

Team
Starting at
$25 per month/product

Enterprise
Get In Touch With Us
Get In Touch With Us
Free
$0 per user month

Premium
$29 per user/month
Billed annually at $348 USD

Ultimate
Get n Touch With Us
Get In Touch With Us
Ratings
G2 – 4.5
Gartner – 4.2
Capterra – 4.6
​G2 – 4.6
​Capterra – 4.8
​Gartner – 4.6  ​
G2 – 3.7
Gartner – 4.7
Capterra – NA
Gartner – 4.3
Capterra – 4.6
G2 – 4.5
G2 – 4.2
Gartner – 4.5
Capterra – 3.9
Deployment
Cloud, SaaS, Web-Based
On-Premise – Windows
​Cloud, SaaS, Web-Based​
Cloud, SaaS, Web-Based
Cloud, SaaS, Web-Based
Cloud, SaaS, Web-Based
Support
Email/Help Desk
Yes
​No​
Yes
Yes
Yes
FAQs/Forum
Yes
​No​
Yes
Yes
Yes
Knowledge Base
No
​Yes​
Yes
Yes
Yes
Phone Support
Yes
​No​
Yes
No
Yes
24/7 (Live rep)
No
​No​
No
Yes
No
Chat
No
​Yes​
Yes
Yes
Yes
Training
In Person
No
​Yes​
No
Yes
Yes
Live Online
No
​Yes​
No
Yes
Yes
Webinars
Yes
​Yes​
No
Yes
Yes
Documentation
Yes
​Yes​
Yes
Yes
Yes
Videos
Yes
​No​
Yes
Yes
Yes
Features
Vulnerability Scanning
Yes
​Yes​
Yes
Yes
Yes
Real Time Analytics
Yes
​Yes​
Yes
Yes
Yes
Debugging
Yes
​Yes​
Yes
Yes
Yes
Dashboard
Yes
​Yes​
Yes
Yes
Yes
Integrated Development Environment
Yes
​Yes​
Yes
Yes
Yes
API
Yes
​Yes​
Yes
Yes
No
Multi-Language Scanning
Yes
​Yes​
Yes
Yes
Yes
For Developers
Yes
​Yes​
Yes
Yes
Yes
Deployment Management
Yes
​Yes​
Yes
Yes
No
Source-Code Scanning
Yes
​Yes​
No
Yes
Yes

Related products

  • Application Security Testing

    Veracode

    Veracode offers cloud-based application security tools, combining automated testing and web application scanning with expert guidance to help development teams meet speed and security requirements effortlessly.

    Rated 0 out of 5
    Read more
  • Application Security Testing

    Gitlab

    GitLab is a web-based Git repository that provides free open and private repositories, issue-following capabilities, and wikis.

    Rated 0 out of 5
    Read more
  • Application Security Testing

    Data Theorem
    Data Theorem is the leader in application security testing, we make security simple and seamless for developers through industry-defining innovation.
    Rated 0 out of 5
    Read more
  • Application Security Testing

    Checkmarx
    Checkmarx is the leader in application security testing, we make security simple and seamless for developers through industry-defining innovation.
    Rated 0 out of 5
    Read more
Scroll to Top