2026 Best Software Awards are here!See the list

SonarQube Reviews & Product Details

Pricing

Pricing provided by SonarQube.

Cloud - based: Free

Free

SonarQube Media

SonarQube Demo - About SonarQube
A one-pager about SonarQube.
SonarQube Demo - Application Status
A product screenshot of the application status view in SonarQube.
SonarQube Demo - Security Reports
A product screenshot of security reports in SonarQube.
SonarQube Demo - Portfolio Overview
A product screenshot of the portfolio overview in SonarQube.
Interactive Demo
Try an interactive demo created by the software seller (right here on G2).
Product Avatar Image

Have you used SonarQube before?

Answer a few questions to help the SonarQube community

SonarQube Reviews (134)

Reviews

SonarQube Reviews (134)

4.4
134 reviews

Review Summary

Generated using AI from real user reviews
Users consistently praise code quality and error detection capabilities of SonarQube, highlighting its effectiveness in identifying bugs and vulnerabilities before they reach production. The tool's seamless integration with CI/CD pipelines and user-friendly interface contribute to its popularity among developers. However, some users note that it can be resource-intensive and may produce false positives, which can complicate the user experience.

Pros & Cons

Generated from real user reviews
View All Pros and Cons
Search reviews
Filter Reviews
Clear Results
G2 reviews are authentic and verified.
SS
Associate Principal Engineer
Enterprise (> 1000 emp.)
"Reliable static code analysis that improves code quality & enforces standards for our clients"
What do you like best about SonarQube?

What I like best about SonarQube is how consistently it helps me maintain code quality without relying only on manual reviews. I’ve integrated it into my Jenkins pipeline, so every build runs a scan automatically. The Quality Gate acts as a clear checkpoint, if something critical is flagged, it forces us to address it before moving forward.

For Java projects, the rules are quite mature and practical. It regularly catches potential null pointer issues, unused code, and other code smells that are easy to miss during development. Over the years, it has helped me catch potential bugs early that could have impacted our production system if they had gone unnoticed.

I also like the visibility it provides. Being able to track issues, technical debt, and code coverage trends over time helps me make better decisions, especially when working on older modules. It’s not just about finding problems, it helps enforce a consistent standard across the team.

After using it for almost 9 years, it has become a dependable part of my development process rather than just another tool in the stack. Review collected by and hosted on G2.com.

What do you dislike about SonarQube?

One challenge with SonarQube, especially in the Community Edition that I am using is that the initial setup and rule tuning takes time. Out of the box, some rules can feel overly strict, particularly for older or legacy Java projects. My first scan in 2017 generated a very large number of issues, which was honestly overwhelming. It required effort to decide what to prioritize and how to gradually improve the codebase instead of trying to fix everything at once.

Another limitation is that some advanced features are only available in the paid editions. For example, more advanced security analysis and branch-level features would be useful, but they’re not included in Community Edition. That’s understandable from a product standpoint, but it does limit some functionality for teams that want to stay on the free version.

Also, when the issue count grows large, navigating and triaging findings can sometimes feel a bit time-consuming.

Overall, none of these are deal-breakers, but they do require some planning and discipline to get the most value out of the tool. Review collected by and hosted on G2.com.

Verified User in Financial Services
AF
Enterprise (> 1000 emp.)
"Clear, Actionable Feedback and Strong Quality Gates That Improve Code Early"
What do you like best about SonarQube?

Clear, actionable feedback: Issues are explained with examples and remediation guidance, so developers know what to fix and how to fix it.

Strong focus on Clean Code: The Quality Gate concept helps teams align around maintainability, reliability, and security as non-negotiable standards.

Early detection of bugs and vulnerabilities: Catching problems during development or CI prevents costly fixes later in production.

Excellent CI/CD integration: It fits naturally into pipelines (GitHub, GitLab, Azure DevOps, Jenkins), making quality checks automatic.

Language and framework coverage: Supports a wide range of languages, which is ideal for heterogeneous teams.

Developer-friendly dashboards: Metrics and trends are easy to understand, helping teams continuously improve instead of just “passing checks”. Review collected by and hosted on G2.com.

What do you dislike about SonarQube?

False positives and rigid rules: Some rules don’t always fit real-world or legacy codebases, requiring frequent tuning or suppressions.

Steep learning curve at the beginning: Understanding rules, Quality Gates, and how to interpret certain metrics can be challenging for new teams.

Noise in large or old projects: In legacy systems, the volume of issues can be overwhelming and may reduce perceived value if not introduced gradually. Review collected by and hosted on G2.com.

Ladislav K.
LK
Vedoucí manažer týmu
Mid-Market (51-1000 emp.)
"Simple UI, Robust Code Analysis"
What do you like best about SonarQube?

I like SonarQube's simple UI which makes navigation straightforward for me, and the report functionalities that provide clear insights into code issues. Additionally, I appreciate the good filtering of issues, which helps in easily identifying and categorizing code problems. Review collected by and hosted on G2.com.

What do you dislike about SonarQube?

I find issues with connecting to a real-time developer tool which could speed up the workflow for source code analysis. The process of moving analysis to developer tools and having SonarQube as the final place for product analysis reports feels like it needs improvement. I also encountered problems when connecting to LDAP, even though the installation itself was simple. Review collected by and hosted on G2.com.

Verified User in Gambling & Casinos
UG
Mid-Market (51-1000 emp.)
"Centralized Code Quality Insights with Helpful Quality Gates"
What do you like best about SonarQube?

What I like best about SonarQube is its clear and centralized view of code quality. It makes it easy to see bugs, vulnerabilities, and code smells in one place. I also like how it integrates well with CI/CD pipelines and pull requests, which helps maintain clean code during development. The quality gates are especially useful because they enforce consistent standards across the team. Review collected by and hosted on G2.com.

What do you dislike about SonarQube?

One thing I dislike about SonarQube is that the initial setup and configuration can be complex, especially for large projects. Sometimes the rules feel too strict or generate false positives, which requires additional time to review and adjust. The UI can also feel slow when working with big codebases. Review collected by and hosted on G2.com.

PJ
IT Manager
Small-Business (50 or fewer emp.)
"SonarQube Quickly Flags Code Quality and Security Issues"
What do you like best about SonarQube?

I like SonarQube because it quickly flags code quality and security issues, making it easier for me to keep the codebase clean, reliable, and maintainable over time. Review collected by and hosted on G2.com.

What do you dislike about SonarQube?

I don’t like that SonarQube can sometimes feel complicated to configure, and it can also generate too many warnings that still need manual review to sort through. Review collected by and hosted on G2.com.

Nuno P.
NP
Senior DevOps Engineer
"Essential for Code Quality and Integration"
What do you like best about SonarQube?

I like SonarQube's integration with third-party tools, which makes it really convenient to use alongside other tools we have internally. It's also light to host, which is a big plus for us. The initial setup was fairly easy, with just a couple of properties to adjust, and those improved over time. Review collected by and hosted on G2.com.

What do you dislike about SonarQube?

I don't like the upgrades and Java versions decommissioning, which usually impact a lot of users using SonarQube. Review collected by and hosted on G2.com.

Aadarsha S.
AS
Tranee DevOps
Small-Business (50 or fewer emp.)
"Improving Code with SonarQube"
What do you like best about SonarQube?

SonarQube makes it easy to maintain high code quality by automatically detecting bugs, vulnerabilities, and code smells. I like how it integrates with CI/CD pipelines and provides clear, actionable insights for developers. The detailed dashboards and quality gates help enforce coding standards across teams. Review collected by and hosted on G2.com.

What do you dislike about SonarQube?

The initial setup and configuration can be a bit complex, especially for new users. It also requires tuning to avoid too many false positives. For very large projects, performance can sometimes feel slower, and the UI could be more modern and intuitive. Review collected by and hosted on G2.com.

NR
Software Developer
Small-Business (50 or fewer emp.)
"Error Detection and Quality Gates That Strengthen Stability"
What do you like best about SonarQube?

The ability to detect errors, combined with Quality Gates, is vital to our stability; it filters out defective code before it reaches production and helps mitigate serious operational risks. Review collected by and hosted on G2.com.

What do you dislike about SonarQube?

It consumes too much RAM, and it sometimes flags false positives on code patterns that are actually correct, which makes it quite tedious to use. Review collected by and hosted on G2.com.

TT
Exec of data and AI
Mid-Market (51-1000 emp.)
"Seamless CI/CD Integration with Helpful AI Capabilities"
What do you like best about SonarQube?

Integration within our existing CI/CD tooling, with AI capabilities available. Review collected by and hosted on G2.com.

What do you dislike about SonarQube?

Using the web interface, I prefer to manage everything through our existing workflow tools, so this works well for me because I don’t need to use it very often. Review collected by and hosted on G2.com.

Verified User in Manufacturing
AM
Enterprise (> 1000 emp.)
"Streamlined Reviews with Incremental Issue Detection and Easy VS Integration"
What do you like best about SonarQube?

- It takes of default branch and incrementally shows new issues avoiding us to avoid existing issues.

- We can easily integrate with VS which makes the Review process simply by avoiding overhead time Review collected by and hosted on G2.com.

What do you dislike about SonarQube?

- The interface where I can mark something, we won't fix.

- It should be inline with the language version as always it keeps telling me in latest language you can do this better, which might not be applicable for us Review collected by and hosted on G2.com.

Pricing Options

Pricing provided by SonarQube.

Cloud - based: Free

Free

Cloud - based: Team

Free Trial
Per Month

Cloud-based: Enterprise

Contact Us
Per Year
SonarQube Comparisons
Product Avatar Image
Coverity
Compare Now
Product Avatar Image
ReSharper
Compare Now
Product Avatar Image
Checkmarx
Compare Now
SonarQube Features
Reporting and Analytics
Static Code Analysis
Code Analysis
False Positives
Data Context
Testing Integration
Repository Integration
Analytics and Trends
Productivity Updates
Product Avatar Image
SonarQube