SonarQube Server Reviews in 2025

Audience

Companies searching for a solution to manage and empower their dev teams

About SonarQube Server

SonarQube Server is a self-managed solution for continuous code quality inspection that helps development teams identify and fix bugs, vulnerabilities, and code smells in real-time. It provides automated static code analysis for a variety of programming languages, ensuring the highest quality and security standards are maintained throughout the development lifecycle. SonarQube Server integrates seamlessly with existing CI/CD pipelines, offering flexibility for on-premise or cloud-based deployment. With advanced reporting features, it helps teams manage technical debt, track improvements, and enforce coding standards. SonarQube Server is ideal for organizations seeking full control over their code quality and security without compromising on performance.

Other Popular Alternatives & Related Software

GitLab

(14 Ratings)

GitLab is a complete DevOps platform. With GitLab, you get a complete CI/CD toolchain out-of-the-box. One interface. One conversation. One permission model. GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate. GitLab helps teams accelerate software delivery from weeks to minutes, reduce development costs, and reduce the risk of application vulnerabilities while increasing developer productivity. Source code management enables coordination, sharing and collaboration across the entire software development team. Track and merge branches, audit changes and enable concurrent work, to accelerate software delivery. Review code, discuss changes, share knowledge, and identify defects in code among distributed teams via asynchronous review and commenting. Automate, track and report code reviews.

Learn more

GitGuardian

(32 Ratings)

GitGuardian is an end-to-end NHI security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards. With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and NHI Governance. This dual approach enables the detection of compromised secrets across your dev environments while also managing non human identities and their secrets lifecycle. The platform supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense. Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF and Bouygues Telecom for robust secrets protection.

Learn more

ConnectWise Cybersecurity Management

(3 Ratings)

Define and Deliver Comprehensive Cybersecurity Services. Security threats continue to grow, and your clients are most likely at risk. Small- to medium-sized businesses (SMBs) are targeted by 64% of all cyberattacks, and 62% of them admit lacking in-house expertise to deal with security issues. Now technology solution providers (TSPs) are a prime target. Enter ConnectWise Cybersecurity Management (formerly ConnectWise Fortify) — the advanced cybersecurity solution you need to deliver the managed detection and response protection your clients require. Whether you’re talking to prospects or clients, we provide you with the right insights and data to support your cybersecurity conversation. From client-facing reports to technical guidance, we reduce the noise by guiding you through what’s really needed to demonstrate the value of enhanced strategy.

Learn more

Gemini Code Assist

(1 Rating)

Increase software development and delivery velocity using generative AI assistance, with enterprise security and privacy protection. Gemini Code Assist completes your code as you write, and generates whole code blocks or functions on demand. Code assistance is available in many popular IDEs, such as Visual Studio Code, JetBrains IDEs (IntelliJ, PyCharm, GoLand, WebStorm, and more), Cloud Workstations, Cloud Shell Editor, and supports 20+ programming languages, including Java, JavaScript, Python, C, C++, Go, PHP, and SQL. Through a natural language chat interface, you can quickly chat with Gemini Code Assist to get answers to your coding questions, or receive guidance on coding best practices. Chat is available in all supported IDEs. Enterprises can customize Gemini Code Assist using their organization’s private codebases and knowledge sources so that Gemini Code Assist can offer more tailored assistance. Gemini Code Assist enables large-scale changes to entire codebases.

Learn more

Integrations

See Integrations

Ratings/Reviews - 2 User Reviews

Overall 5.0 / 5

ease 5.0 / 5

features 5.0 / 5

design 5.0 / 5

support 5.0 / 5

More Reviews Write a Review

Videos and Screen Captures

Other Useful Business Software

MongoDB Atlas runs apps anywhere

Deploy in 115+ regions with the modern database for every enterprise.

MongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.

Start Free

Product Details

Platforms Supported

Cloud

Training

Documentation

Compare This Software

JFrog Artifactory

The Industry Standard Universal Binary Repository Manager. Supports all major package types (over 27 and growing) such as Maven, npm, Python, NuGet, Gradle, Go, and Helm including Kubernetes and Docker as well as integration with leading CI servers and DevOps tools that you already...

Compare
Checkmarx

The Checkmarx Software Security Platform provides a centralized foundation for operating your suite of software security solutions for Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), Software Composition Analysis (SCA), and application security...

Compare
Coverity Static Analysis

Coverity Static Analysis is a comprehensive code scanning solution that enables developers and security teams to deliver high-quality software in compliance with security, functional safety, and industry standards. It effectively uncovers complex defects across extensive codebases, identifying...

Compare
OpenText Static Application Security Testing

OpenText Static Application Security Testing (SAST) identifies and remediates security vulnerabilities in source code early in the software development lifecycle. It supports extensive language coverage and integrates seamlessly with popular CI/CD tools such as Jenkins, Azure DevOps, Jira, and...

Compare
SonarQube Cloud

Maximize your throughput and only release clean code SonarQube Cloud (formerly SonarCloud) automatically analyzes branches and decorates pull requests. Catch tricky bugs to prevent undefined behavior from impacting end-users. Fix vulnerabilities that compromise your app, and learn AppSec along...

Compare
Veracode

Veracode offers a holistic, scalable way to manage security risk across your entire application portfolio. We are the only solution that can provide visibility into application status across all testing types, including SAST, DAST, SCA, and manual penetration testing, in one centralized view.

Compare
Visual Expert

Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking...

Compare
Codacy

Codacy is an automated code review tool that helps identify issues through static code analysis, allowing engineering teams to save time in code reviews and tackle technical debt. Codacy integrates seamlessly into existing workflows on your Git provider, and also with Slack, JIRA, or using...

Compare
bugScout

Platform for detecting security vulnerabilities and analyzing code quality of applications. bugScout was born in 2010, with the objective of promoting global application security through audit and DevOps processes. Our purpose is to promote a culture of safe development and thus provide...

Compare
Symbiotic Security

Symbiotic Security puts code security in your flow, not in your way, with AI-powered, developer-centric solutions. By embedding real-time vulnerability detection, contextual remediation, and just-in-time training directly into the IDE teams accelerate development cycles and increase code...

Compare
Astronuts

Astronuts is an AI-powered code review platform designed to streamline the development process by automating code reviews and bug fixes. Developers can initiate code analysis with a simple command, receiving line-by-line smart comments and auto-fix suggestions. The platform offers features such...

Compare

Recommended Software

Parasoft

Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and...

See Software
ConnectWise Cybersecurity Management

Define and Deliver Comprehensive Cybersecurity Services. Security threats continue to grow, and your clients are most likely at risk. Small- to medium-sized businesses (SMBs) are targeted by 64% of all cyberattacks, and 62% of them admit lacking in-house expertise to deal with security issues....

See Software
Kiuwan Code Security

Kiuwan is an end-to-end application security platform that integrates seamlessly into your development process. Our toolset includes Static Application Security Testing (SAST), Software Composition Analysis (SCA), Software Governance and Code Quality, empowering your team to quickly identify...

See Software
Visual Expert

Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking...

See Software
Codacy

Codacy is an automated code review tool that helps identify issues through static code analysis, allowing engineering teams to save time in code reviews and tackle technical debt. Codacy integrates seamlessly into existing workflows on your Git provider, and also with Slack, JIRA, or using...

See Software
bugScout

Platform for detecting security vulnerabilities and analyzing code quality of applications. bugScout was born in 2010, with the objective of promoting global application security through audit and DevOps processes. Our purpose is to promote a culture of safe development and thus provide...

See Software

SonarQube Server Frequently Asked Questions

Q: What kinds of users and organization types does SonarQube Server work with?

Q: What languages does SonarQube Server support in their product?

Q: What other applications or services does SonarQube Server integrate with?

Q: What type of training does SonarQube Server provide?

SonarQube Server Product Features

AI Code Review

Application Security

Open Source Component Monitoring

Source Code Analysis

Training Resources

Vulnerability Detection

Analytics / Reporting

Third-Party Tools Integration

Vulnerability Remediation

Multiple Programming Language Support

Provides Recommendations

Standard Security/Industry Libraries

Vulnerability Management

SonarQube Server Verified User Reviews

Write a Review

Aman V.

Technical Lead

Used the software for: 2+ Years

Frequency of Use: Weekly

User Role: User

Company Size: 20,000 or More

Design

Ease

Features

Pricing

Support

Probability You Would Recommend?

1 2 3 4 5 6 7 8 9 10

"Industry standard code quality tool"
Posted 2022-04-01

Pros: Great User Interface / Dashboard.
Different tiers of bugs - helps identify and fix only the critical issues.
Suggestions to fix the issue.
Jenkins integration.
Also available as SaaS offering.
Also shows security defects.

Cons: The only con i can think of is expensive license which is not optimal for personal projects (unless open source). There is a free trial though.

Overall: SonarQube is used across the industry as the go-to solution for code review. It has an impressive interface which provides all the information - issue, the code where it occurred and the optimal solution suggestion; at one place.
Read More...
Daniel M.

Security Architect

Used the software for: Less than 6 months

Frequency of Use: Daily

User Role: User

Company Size: 500 - 999

Design

Ease

Features

Pricing

Support

Probability You Would Recommend?

1 2 3 4 5 6 7 8 9 10

"Excellent Product"
Posted 2019-04-01

Pros: - Accurate results and no bullshit findings
- Very fast analysis
- Handy configuration features for analysis customization
- Nice interface
- Plenty integration options

Cons: - It has its price but its worth every penny. Similar vendors are more expensive with significantly less value.

Overall: I integrated SonarQube into my SDLC and it reliably detects and blocks security issues
Read More...

Previous
You're on page 1
Next

SonarQube Server

SonarSource

Audience

Go to About page

About SonarQube Server

Integrations

Ratings/Reviews - 2 User Reviews

Company Information

Videos and Screen Captures

Product Details

SonarQube Server Frequently Asked Questions

SonarQube Server Product Features

AI Code Review

Application Security

Code Review

Software Development Analytics

Software Development Life Cycle (SDLC)

Static Application Security Testing (SAST)

Static Code Analysis

SonarQube Server Additional Categories

DevSecOps

Manual Testing

Test Coverage

SonarQube Server Verified User Reviews

"Industry standard code quality tool"

"Excellent Product"