Home
Leave a Review
Browse
Top Categories
All Categories
Software Categories
AI Agents
Service Categories
Compare Software
Deals
My Profile
Join or Log In
G2 for Business
Close Menu

Skip to Content Skip to Navigation Skip to Navigation

Introducing G2.ai, the future of software buying.Try now

Search software

Software
AI Agents
Services
G2 for Business
Deals
- - Deutsch
  - Français
  - Português
  - Español
  - Italiano
Leave a Review
Join or Log In

Search Software and Services

Choose a language

Deutsch
Français
Português
Español
Italiano

Video thumbnails

Home
...
DevSecOps Software
Static Code Analysis Tools
SonarQube
SonarQube Features

G2 recognized SonarQube

SonarQube

By SonarSource Sàrl

4.5/5

(125)

4.5 out of 5 stars

How would you rate your experience with SonarQube?

See all 125 SonarQube reviews

Contact SonarQube

SonarQube Reviews

SonarQube Features

Administration (2)

API / Integrations: Application Programming Interface Specification for how the application communicates with other software. APIs typically enable integration of data, logic, objects, etc. with other software applications. 19 reviewers of SonarQube have provided feedback on this feature.
Extensibility: Provides the ability to extend the platform to include additional features and functionalities This feature was mentioned in 20 SonarQube reviews.

Analysis (4)

Reporting and Analytics: Based on 21 SonarQube reviews. Tools to visualize and analyze data.
Issue Tracking: As reported in 20 SonarQube reviews. Track issues as vulnerabilities are discovered. Documents activity throughout the resolution process.
Static Code Analysis: As reported in 22 SonarQube reviews. Examines application source code for security flaws without executing it.
Code Analysis: Scans application source code for security flaws without executing it. This feature was mentioned in 22 SonarQube reviews.

Testing (7)

Command-Line Tools: Allows users to access a terminal host system and input command sequences. 18 reviewers of SonarQube have provided feedback on this feature.
Manual Testing: Based on 19 SonarQube reviews. Allows users to perfrom hands-on live simulations and penetration tests.
Test Automation: Runs pre-scripted security tests without requiring manual work. This feature was mentioned in 21 SonarQube reviews.
Compliance Testing: Based on 18 SonarQube reviews. Allows users to test applications for specific compliance requirements.
Black-Box Scanning: Based on 17 SonarQube reviews. Scans functional applications externally for vulnerabilities like SQL injection or XSS.
Detection Rate: The rate at which scans accurately detect all vulnerabilities associated with the target. This feature was mentioned in 21 SonarQube reviews.
False Positives: As reported in 21 SonarQube reviews. The rate at which scans falsely indicate detection of a vulnerability when no vulnerabilitiy legitimately exists.

Management (3)

Historical Data Consolidation: As reported in 27 SonarQube reviews. Consolidate development historical data within a single solution.
Data Context: As reported in 25 SonarQube reviews. Provide insights into why trends are occurring and what issues could be related.
Testing Integration: Integrate with manual and automated testing tools to increase bottleneck and problem identification. This feature was mentioned in 27 SonarQube reviews.

Functionality (3)

Repository Integration: As reported in 31 SonarQube reviews. Integrate with one or more code repositories.
Analytics and Trends: Analyze historical data to highlight trends, statistics, and KPIs. This feature was mentioned in 30 SonarQube reviews.
Productivity Updates: As reported in 29 SonarQube reviews. Follow assigned tasks across the development team to find quick turnarounds and bottlenecks.

Bug Reporting (3)

User Reports & Feedback: Give users in-app method of reporting bugs and leaving general performance feedback. 10 reviewers of SonarQube have provided feedback on this feature.
Tester Reports & Feedback: Based on 10 SonarQube reviews. Give testers in-app method of reporting bugs and leaving general performance feedback.
Team Reports & Comments: Give team members method of reporting bugs and leaving comments on bug status. 10 reviewers of SonarQube have provided feedback on this feature.

Bug Monitoring (3)

Analytics: Provide reproducible, insightful info surrounding bug and crash scenarios. This feature was mentioned in 10 SonarQube reviews.
Bug History: Track history of bug status by application version, date, etc. This feature was mentioned in 10 SonarQube reviews.
Data Retention: Store bug tracking data for an appropriate and useful amount of time. This feature was mentioned in 10 SonarQube reviews.

Functionality - Software Composition Analysis (3)

Language Support: Supports a useful and wide variety of programming languages.
Integration: Integrates seamlessly with the build environment and development tools like repositories, package managers, etc.
Transparency: Grants comprehensive user-friendly insight into all open source components.

Effectiveness - Software Composition Analysis (3)

Remediation Suggestions: Provides relevant and helpful suggestions for vulnerability remediation upon detection.
Continuous Monitoring: Monitors open source components proactively and continuously.
Thorough Detection: Comprehensively identifies all open source version updates, vulnerabilities, and compliance issues.

Documentation (3)

Feedback: Based on 35 SonarQube reviews. Provides thorough, actionable feedback regarding security vulnerabilities, or allows collaborators to do the same.
Prioritization: Prioritizes detected vulnerabilities by potential risk, or allows collaborators to do the same. This feature was mentioned in 35 SonarQube reviews.
Remediation Suggestions: Based on 36 SonarQube reviews. Provides suggestions for remediating vulnerable code, or allows collaborators to do the same.

Security (3)

False Positives: As reported in 33 SonarQube reviews. Does not falsely indicate vulnerable code when no vulnerabilitiy legitimately exists.
Custom Compliance: Allows users to set custom code standards to meet specific compliances. 32 reviewers of SonarQube have provided feedback on this feature.
Agility: Detects vulnerabilities at a rate suitable to maintain security, or allows collaborators to do the same. 33 reviewers of SonarQube have provided feedback on this feature.

Risk management - Application Security Posture Management (ASPM) (4)

Vulnerability Management: Identifies, tracks, and remediates vulnerabilities
Risk Assessment and Prioritization: Assesses and prioritizes risks based on application context
Compliance Management: Ensures compliance with industry standards and regulations
Policy Enforcement: Ensures mechanisms are in place for enforcing security policies across applications

Integration and efficiency - Application Security Posture Management (ASPM) (2)

Integration with Development Tools: Integrates with existing development and DevOps tools
Automation and Efficiency: Automates security tasks to improve efficiency

Reporting and Analytics - Application Security Posture Management (ASPM) (3)

Trend Analysis: Includes tools for analyzing trends in security incidents and vulnerabilities over time
Risk Scoring: Assigns scores to vulnerabilities based on their potential impact, helping prioritize remediation efforts
Customizable Dashboards: Provides customizable dashboards that present real-time data on vulnerabilities, risks, and compliance status

Functionality - Software Bill of Materials (SBOM) (3)

Format Support: Supports relevant SBOM formats such as cycloneDX and SPDX.
Annotations: Provides robust, industry standard SBOM annotation functionality.
Attestation: Generates thorough evidence of compliance including component relationships, licenses, and more.

Management - Software Bill of Materials (SBOM) (3)

Monitoring: Automatically and continuously monitors components to alert users of noncompliant elements.
Dashboards: Presents a transparent and easy to use dashboard for performing SBOM management.
User Provisioning: Includes controls for role-based access permissions.

AI Compliance (3)

Regulatory Reporting: Generates reports to demonstrate AI compliance with local and international frameworks.
Automated Compliance: Helps AI systems to comply with the regulations.
Audit Trails: Maintains detailed logs of activities and changes to AI models.

Risk Management & Monitoring (2)

AI Risk Management: Evaluates legal, operational and ethical risks posed by AI systems.
Real-time Monitoring: Monitors AI models for anomalies continuously.

AI Lifecycle Management (1)

Lifecycle Automation: Automates retraining, version updates and decomissioning when the models are outdated.

Access Control and Security (1)

Pole-based Access Control (RBAC): Restricts access to AI models and sensitive data to authorized users.

Collaboration and Communication (1)

Model Sharing and Reuse: Helps sharing AI models and best practices.

Agentic AI - Bug Tracking (3)

Adaptive Learning: Improves performance based on feedback and experience
Natural Language Interaction: Engages in human-like conversation for task delegation
Proactive Assistance: Anticipates needs and offers suggestions without prompting

Agentic AI - Static Code Analysis (3)

Adaptive Learning: Improves performance based on feedback and experience
Natural Language Interaction: Engages in human-like conversation for task delegation
Proactive Assistance: Anticipates needs and offers suggestions without prompting

Agentic AI - Static Application Security Testing (SAST) (1)

Autonomous Task Execution: Capability to perform complex tasks without constant human input

Agentic AI - AI Governance Tools (7)

Autonomous Task Execution: Capability to perform complex tasks without constant human input
Multi-step Planning: Ability to break down and plan multi-step processes
Cross-system Integration: Works across multiple software systems or databases
Adaptive Learning: Improves performance based on feedback and experience
Natural Language Interaction: Engages in human-like conversation for task delegation
Proactive Assistance: Anticipates needs and offers suggestions without prompting
Decision Making: Makes informed choices based on available data and objectives

Agentic AI - Application Security Posture Management (ASPM) (2)

Autonomous Task Execution: Capability to perform complex tasks without constant human input
Multi-step Planning: Ability to break down and plan multi-step processes

Performance - AI AppSec Assistants (3)

Remediation: Automatically remediates or suggests remediation that meets internal and external code security best practices.
Real-time Vulnerability Detection: Automatically detects all security flaws in code as it's being written.
Accuracy: Does not flag false positives.

Integration - AI AppSec Assistants (3)

Stack Integration: Integrates with existing security tools to fully contextualize remediation suggestions.
Workflow Integration: Seamlessly integrates into developers' existing workflows and environments to provide code security assistance.
Codebase Contextual Awareness: Considers the entire codebase to detect existing and emerging security flaws.

Top-Rated Alternatives

GitHub

GitLab

Semgrep

View All Alternatives

SonarQube Comparisons

Coverity

4.2/5

(55)

ReSharper

4.5/5

(85)

Checkmarx

4.2/5

(36)

Categories on G2

Software Composition Analysis

Static Application Security Testing (SAST)

Secure Code Review

Software Development Analytics Tools

Static Code Analysis

AI Governance Tools

AI AppSec Assistants

Software Bill of Materials (SBOM)

Application Security Posture Management (ASPM)

Explore More

Best bug tracking software with detailed analytics

Best knowledge base software for IT companies

What vendor offers the most scalable listing management solution?

Expert reviews on international payroll software

Leading third-party risk management software

Pros and Cons Details

Best bug tracking software with detailed analytics

Best knowledge base software for IT companies

What vendor offers the most scalable listing management solution?

Expert reviews on international payroll software

Leading third-party risk management software

Pros and Cons Details

SonarQube

4.5/5

(125)

G2 Deals
TechBlend
Learning Hub
Software Reviews
Add Your Product/Service
Research Hub
Research Agenda
Compare Software
Technology Glossary
Best Software Companies
Seller Info
AI/LLM Information Page

AI Chatbots Software
CRM Software
Project Management Software
Expense Management Software
Video Conferencing Software
Online Backup Software
E-Commerce Platforms
Accounting Software
ERP Systems
Marketing Automation Software
All Categories

About
Customer Support portal
G2 Gives
Careers
Teams
News
Contact
G2
100 S Wacker Dr
STE 600
Chicago, IL 60606

Community Guidelines
G2 Scoring Methodologies
Terms of Use
Privacy Policy
Your Privacy Choices
Legal
Trust & Security
Cookie Preferences

© 2026 G2.com, Inc. All rights reserved

Hunting for software insights?

With over 3 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.

Already have an account? Log in

Already have an account? Log in

or continue with

LinkedIn

Google

Google

By proceeding, you agree to our Terms of Use and Privacy Policy