# SonarQube Reviews **Vendor:** SonarSource Sàrl **Category:** [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis) **Average Rating:** 4.4/5.0 **Total Reviews:** 141 ## About SonarQube Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. Sonar is the foundation for high-performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at ServiceNow, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company. ## SonarQube Pros & Cons **What users like:** - Users value SonarQube for its **rapid detection of code quality issues** , enhancing codebase reliability and maintainability. (24 reviews) - Users appreciate the **powerful issue filtering and assignment features** of SonarQube, enhancing project management and developer focus. (20 reviews) - Users appreciate the **issue identification features** of SonarQube, enabling better prioritization and focus for developers. (19 reviews) - Users appreciate the **ease of use** of SonarQube, integrating seamlessly with CI/CD tools for automatic quality checks. (18 reviews) - Users appreciate the **easy integrations** of SonarQube with CI/CD tools, enhancing their development workflow significantly. (18 reviews) - Users value the **seamless integration** of SonarQube with CI/CD pipelines, enhancing code quality management effortlessly. (18 reviews) - Security (15 reviews) - Vulnerability Detection (15 reviews) - Code Review (12 reviews) - Integration Support (12 reviews) **What users dislike:** - Users report **software bugs** leading to false positives and RAM consumption, complicating the usability of SonarQube. (12 reviews) - Users find the **complex configuration** of SonarQube challenging, especially for beginners needing extensive knowledge to navigate. (10 reviews) - Users find **false positives** tedious in SonarQube, complicating reviews despite the tool's detailed analysis capabilities. (10 reviews) - Users find SonarQube's **complex configuration** and excessive warnings challenging, complicating their overall experience. (8 reviews) - Users find the **complex setup** of SonarQube challenging, especially for beginners navigating integrations and configurations. (8 reviews) - Users often face **integration issues** with SonarQube, particularly in connecting to GitLab and navigating its complexities. (8 reviews) - Users find SonarQube's **limited features** frustrating, particularly with restrictions on scanning and analysis capabilities. (8 reviews) - Users note that the **expensive nature** of SonarQube limits access to advanced features and complicates setup. (7 reviews) - Difficult Setup (6 reviews) - Setup Difficulty (6 reviews) ## SonarQube Reviews ### 1. Centralized Code Quality Mastery with SonarQube **Rating:** 4.0/5.0 stars **Reviewed by:** Atharva P. | Cloud BI Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** May 14, 2026 **What do you like best about SonarQube?** I really like SonarQube for its ability to continuously analyze code quality, security issues, and technical data in a centralized way. The dashboards and code quality metrics are fantastic, making it easier to identify issues early during development. The quality gates are great for preventing poor quality code from deployment. I also find the security vulnerability detection feature very important as it significantly improves application security. The technical debt tracking feature helps us maintain visibility and manage maintainability. The CICD integration and detailed dashboards enhance automated quality enforcement and make code quality monitoring easier. **What do you dislike about SonarQube?** Initial configuration rule customization can take some time, especially for large projects with multiple repositories. Some scans can also become slower for very large code bases. Also, the vulnerability insights are good, but the examples mentioned in the vulnerability details are very generic. **What problems is SonarQube solving and how is that benefiting you?** I use SonarQube to improve code quality by identifying bugs, vulnerabilities, code smells, and duplication before deployment. It reduces production issues and enforces code quality gates in CICD workflows, enhancing our overall development standards. ### 2. Robust Code Quality and Security, Needs Smoother Setup **Rating:** 4.5/5.0 stars **Reviewed by:** Om Dhar G. | Senior System Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** May 11, 2026 **What do you like best about SonarQube?** I like SonarQube for its real-time code analysis, detailed issue reporting, and security vulnerability detection. The easy integration with CI/CD pipelines like Jenkins and GitHub Actions is particularly beneficial. It helps us catch issues early in development, reduce production bugs, improve code maintainability, and save review time. The CI/CD integration automates quality checks, which boosts deployment confidence and team productivity. We switched to SonarQube because it provided better code quality analysis, stronger security checks, and smoother CI/CD integration than our previous tools. Overall, I would rate SonarQube around 8/10 because of its strong code quality analysis, security features, and CI/CD integration capabilities. **What do you dislike about SonarQube?** Some areas where SonarQube could improve are occasional false positives, high resource usage for large projects, and a slightly complex setup and configuration process for beginners. **What problems is SonarQube solving and how is that benefiting you?** I use SonarQube to analyze code quality, detect bugs and security vulnerabilities, and maintain coding standards. It helps us catch issues early, reduce production bugs, improve code maintainability, and save review time. The CI/CD integration automates checks, increasing deployment confidence and team productivity. ### 3. Reliable static code analysis that improves code quality & enforces standards for our clients **Rating:** 5.0/5.0 stars **Reviewed by:** Shrey S. | Associate Principal Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** February 17, 2026 **What do you like best about SonarQube?** What I like best about SonarQube is how consistently it helps me maintain code quality without relying only on manual reviews. I’ve integrated it into my Jenkins pipeline, so every build runs a scan automatically. The Quality Gate acts as a clear checkpoint, if something critical is flagged, it forces us to address it before moving forward. For Java projects, the rules are quite mature and practical. It regularly catches potential null pointer issues, unused code, and other code smells that are easy to miss during development. Over the years, it has helped me catch potential bugs early that could have impacted our production system if they had gone unnoticed. I also like the visibility it provides. Being able to track issues, technical debt, and code coverage trends over time helps me make better decisions, especially when working on older modules. It’s not just about finding problems, it helps enforce a consistent standard across the team. After using it for almost 9 years, it has become a dependable part of my development process rather than just another tool in the stack. **What do you dislike about SonarQube?** One challenge with SonarQube, especially in the Community Edition that I am using is that the initial setup and rule tuning takes time. Out of the box, some rules can feel overly strict, particularly for older or legacy Java projects. My first scan in 2017 generated a very large number of issues, which was honestly overwhelming. It required effort to decide what to prioritize and how to gradually improve the codebase instead of trying to fix everything at once. Another limitation is that some advanced features are only available in the paid editions. For example, more advanced security analysis and branch-level features would be useful, but they’re not included in Community Edition. That’s understandable from a product standpoint, but it does limit some functionality for teams that want to stay on the free version. Also, when the issue count grows large, navigating and triaging findings can sometimes feel a bit time-consuming. Overall, none of these are deal-breakers, but they do require some planning and discipline to get the most value out of the tool. **What problems is SonarQube solving and how is that benefiting you?** SonarQube helps me solve the problem of inconsistent code quality across the team. Before we had it fully integrated into my Jenkins pipeline, a lot of quality checks depended heavily on individual reviewers. That sometimes led to inconsistencies, especially with a growing team. By running automated scans on every build, I, now have a consistent baseline for code quality in our Java projects. The Quality Gate ensures that critical issues, major bugs, or high-severity vulnerabilities are addressed before code moves forward. This has reduced the risk of avoidable defects reaching production. It has also helped me manage technical debt in a more structured way. Instead of discovering problems late in testing or after release, I catch many of them during development. Over time, this has led to cleaner code, fewer production issues caused by simple oversights, and more focused code reviews. Another benefit is visibility. ### 4. Clear code analyses, strong CI/CD integration, and security checks with SonarQube **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Logistics and Supply Chain | Enterprise (> 1000 emp.) **Reviewed Date:** March 02, 2026 **What do you like best about SonarQube?** Clear and understandable code analyses. SonarQube not only shows errors but also explains why they are a problem and how to fix them. Support for clean code principles. It helps teams write maintainable and clean code in the long term. Very good integration into CI/CD pipelines. Quality gates ensure that builds only proceed if the code quality is right. Clear dashboards. You can quickly see trends, risks, and technical debt. Built-in security checks. These include SAST, security hotspots, and support for relevant standards like OWASP. **What do you dislike about SonarQube?** The analysis can be very slow for large projects, especially when many rules are activated. Some rules generate false positives, which leads to additional effort. The configuration can become complicated, especially when multiple languages or special build setups are involved. The user interface is sometimes confusing, especially with a large number of projects. Some important features are only available in the expensive enterprise editions. **What problems is SonarQube solving and how is that benefiting you?** Automatic Code Analysis SonarQube scans the code with every build and finds errors, risks, and vulnerabilities early. Clear Instructions for Resolution Each identified issue is explained, including why it is a problem and how it can be improved. Quality Gates Builds automatically fail if the code quality does not meet the defined standards. Centralized Transparency Dashboards display trends, risks, and technical debt across all projects. ### 5. Clear, Actionable Feedback and Strong Quality Gates That Improve Code Early **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** February 16, 2026 **What do you like best about SonarQube?** Clear, actionable feedback: Issues are explained with examples and remediation guidance, so developers know what to fix and how to fix it. Strong focus on Clean Code: The Quality Gate concept helps teams align around maintainability, reliability, and security as non-negotiable standards. Early detection of bugs and vulnerabilities: Catching problems during development or CI prevents costly fixes later in production. Excellent CI/CD integration: It fits naturally into pipelines (GitHub, GitLab, Azure DevOps, Jenkins), making quality checks automatic. Language and framework coverage: Supports a wide range of languages, which is ideal for heterogeneous teams. Developer-friendly dashboards: Metrics and trends are easy to understand, helping teams continuously improve instead of just “passing checks”. **What do you dislike about SonarQube?** False positives and rigid rules: Some rules don’t always fit real-world or legacy codebases, requiring frequent tuning or suppressions. Steep learning curve at the beginning: Understanding rules, Quality Gates, and how to interpret certain metrics can be challenging for new teams. Noise in large or old projects: In legacy systems, the volume of issues can be overwhelming and may reduce perceived value if not introduced gradually. **What problems is SonarQube solving and how is that benefiting you?** Inconsistent code quality across teams SonarQube enforces shared standards through Quality Gates, which reduces subjective code review discussions and aligns everyone on what “good code” means. Late discovery of bugs and security issues By analyzing code early in the CI pipeline, it catches bugs, vulnerabilities, and code smells before they reach production, lowering rework and incident risk. Technical debt accumulation SonarQube makes technical debt visible and measurable, helping teams prioritize refactoring instead of letting maintainability silently degrade. Time-consuming and unfocused code reviews Automated analysis filters out low-value comments, allowing reviewers to focus on architecture, business logic, and design decisions. ### 6. Essential for Code Quality, Needs UI Improvements **Rating:** 4.5/5.0 stars **Reviewed by:** Prakhar M. | Data Analyst, Mid-Market (51-1000 emp.) **Reviewed Date:** April 27, 2026 **What do you like best about SonarQube?** I like how SonarQube gives clean actionable insights and highlights issues right in pull requests. The dashboard and quality gate are very useful. The dashboards give a quick, centralized view of code health across projects, and quality gates ensure only code meeting defined standards gets merged. The initial setup was easy thanks to the documentation. **What do you dislike about SonarQube?** It sometimes feels slow on large projects, and UI can be a bit overwhelming for new users. **What problems is SonarQube solving and how is that benefiting you?** I use SonarQube for automated code quality and security checks, integrated into our CI/CD pipeline. It catches bugs and vulnerabilities early, provides clean insights right in pull requests, and ensures code meets quality gates before merging. ### 7. Effortless Code Quality Enhancement and Security **Rating:** 5.0/5.0 stars **Reviewed by:** Do Nhat K. | Mid-Market (51-1000 emp.) **Reviewed Date:** February 23, 2026 **What do you like best about SonarQube?** I love how SonarQube helps us fix some security issues and makes the code cleaner. The script runs so fast and doesn't use much CPU and RAM, which is great. It's easy to integrate into our CI/CD, giving us a whole view of our codebase including code quality, code structure, and security. The initial setup was so simple on Jenkins, just had to install a plugin and input parameters. **What do you dislike about SonarQube?** I think now we are good, just has some issue when starting integrating but support team already helping us. **What problems is SonarQube solving and how is that benefiting you?** I use SonarQube to check code quality, fix security issues, and make code cleaner. It integrates easily with our CI/CD, giving a comprehensive view of code quality, structure, and security. ### 8. Simple UI, Robust Code Analysis **Rating:** 4.5/5.0 stars **Reviewed by:** Ladislav K. | Vedoucí manažer týmu, Mid-Market (51-1000 emp.) **Reviewed Date:** February 17, 2026 **What do you like best about SonarQube?** I like SonarQube's simple UI which makes navigation straightforward for me, and the report functionalities that provide clear insights into code issues. Additionally, I appreciate the good filtering of issues, which helps in easily identifying and categorizing code problems. **What do you dislike about SonarQube?** I find issues with connecting to a real-time developer tool which could speed up the workflow for source code analysis. The process of moving analysis to developer tools and having SonarQube as the final place for product analysis reports feels like it needs improvement. I also encountered problems when connecting to LDAP, even though the installation itself was simple. **What problems is SonarQube solving and how is that benefiting you?** I use SonarQube for source code scanning, monitoring code vulnerabilities, inconsistency, and performance troubles. It solves source code problems and improves maintainability. ### 9. Centralized Code Quality Insights with Helpful Quality Gates **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Gambling & Casinos | Mid-Market (51-1000 emp.) **Reviewed Date:** February 19, 2026 **What do you like best about SonarQube?** What I like best about SonarQube is its clear and centralized view of code quality. It makes it easy to see bugs, vulnerabilities, and code smells in one place. I also like how it integrates well with CI/CD pipelines and pull requests, which helps maintain clean code during development. The quality gates are especially useful because they enforce consistent standards across the team. **What do you dislike about SonarQube?** One thing I dislike about SonarQube is that the initial setup and configuration can be complex, especially for large projects. Sometimes the rules feel too strict or generate false positives, which requires additional time to review and adjust. The UI can also feel slow when working with big codebases. **What problems is SonarQube solving and how is that benefiting you?** SonarQube helps detect bugs, security vulnerabilities, and code smells early in the development process. It improves overall code quality and enforces consistent coding standards across the team. This benefits me by reducing technical debt, preventing issues from reaching production, and saving time during code reviews. ### 10. Excellent Quality Gates for DevOps Automation **Rating:** 4.5/5.0 stars **Reviewed by:** Sonti P. | Site Reliability Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** April 07, 2026 **What do you like best about SonarQube?** Excellent Quality Gates for DevOps automation. **What do you dislike about SonarQube?** The UI for managing complex branch configurations can be a bit overwhelming and non-intuitive. **What problems is SonarQube solving and how is that benefiting you?** Without Sonar, bugs are often found in production or UAT. SonarQube solves this by "Shifting Left"—catching issues while the code is still in the dev stage. ### 11. Streamlining Software Composition Analysis (SCA) Within the Dev Workflow **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Pharmaceuticals | Small-Business (50 or fewer emp.) **Reviewed Date:** February 23, 2026 **What do you like best about SonarQube?** It is very easy to configure and integrate with our existing CI/CD pipelines. It provides high-quality static code analysis that helps us write bug-free code consistently. The real-time feedback allows our developers to fix issues immediately before they reach production. **What do you dislike about SonarQube?** One major drawback is the lack of a built-in feature to easily export detailed analysis reports into formats like PDF or Excel. This makes it difficult to share status updates with stakeholders who don't have direct access to the SonarQube dashboard. **What problems is SonarQube solving and how is that benefiting you?** SonarQube helps us ensure our code is clean and bug-free before it ever reaches production. By using it for static code analysis, we catch security vulnerabilities and "code smells" early in the development cycle, which saves us a lot of time on manual debugging and improves our overall software reliability. ### 12. SonarQube Quickly Flags Code Quality and Security Issues **Rating:** 4.5/5.0 stars **Reviewed by:** Pankaj J. | IT, Medical Devices, Small-Business (50 or fewer emp.) **Reviewed Date:** February 20, 2026 **What do you like best about SonarQube?** I like SonarQube because it quickly flags code quality and security issues, making it easier for me to keep the codebase clean, reliable, and maintainable over time. **What do you dislike about SonarQube?** I don’t like that SonarQube can sometimes feel complicated to configure, and it can also generate too many warnings that still need manual review to sort through. **What problems is SonarQube solving and how is that benefiting you?** SonarQube helps us catch code quality and security issues early in the development process, which boosts our confidence in each release and cuts down on rework later on. ### 13. Essential for Code Quality and Integration **Rating:** 4.0/5.0 stars **Reviewed by:** Nuno P. | Senior DevOps Engineer **Reviewed Date:** February 13, 2026 **What do you like best about SonarQube?** I like SonarQube's integration with third-party tools, which makes it really convenient to use alongside other tools we have internally. It's also light to host, which is a big plus for us. The initial setup was fairly easy, with just a couple of properties to adjust, and those improved over time. **What do you dislike about SonarQube?** I don't like the upgrades and Java versions decommissioning, which usually impact a lot of users using SonarQube. **What problems is SonarQube solving and how is that benefiting you?** SonarQube ensures my code is clean, compliant, and standardized through quality gates. ### 14. Improving Code with SonarQube **Rating:** 5.0/5.0 stars **Reviewed by:** Aadarsha S. | Tranee DevOps, Small-Business (50 or fewer emp.) **Reviewed Date:** August 26, 2025 **What do you like best about SonarQube?** SonarQube makes it easy to maintain high code quality by automatically detecting bugs, vulnerabilities, and code smells. I like how it integrates with CI/CD pipelines and provides clear, actionable insights for developers. The detailed dashboards and quality gates help enforce coding standards across teams. **What do you dislike about SonarQube?** The initial setup and configuration can be a bit complex, especially for new users. It also requires tuning to avoid too many false positives. For very large projects, performance can sometimes feel slower, and the UI could be more modern and intuitive. **What problems is SonarQube solving and how is that benefiting you?** SonarQube helps us identify bugs, vulnerabilities, and code smells early in the development process. It improves code quality, ensures better security, and saves time by catching issues before they reach production. ### 15. Error Detection and Quality Gates That Strengthen Stability **Rating:** 4.0/5.0 stars **Reviewed by:** Nassima R. | Software Developer, Small-Business (50 or fewer emp.) **Reviewed Date:** January 19, 2026 **What do you like best about SonarQube?** The ability to detect errors, combined with Quality Gates, is vital to our stability; it filters out defective code before it reaches production and helps mitigate serious operational risks. **What do you dislike about SonarQube?** It consumes too much RAM, and it sometimes flags false positives on code patterns that are actually correct, which makes it quite tedious to use. **What problems is SonarQube solving and how is that benefiting you?** It has proven to be safe and consistent. Plus, it tells you exactly how long it will take to fix the mess in your repository. ### 16. SonaQube gets the job done with its approach to organizing new and former findings. **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** February 27, 2026 **What do you like best about SonarQube?** I really like how SonarQube separates new code from older code. It helps me prioritize the newest findings first, especially since older findings aren’t always as critical in some cases. **What do you dislike about SonarQube?** I wish there were more ways to group users and teams, and then automatically send them reports that include vulnerability details. I wish you can tweak false positives at a more granular level allowing you more options to exclude some findings but not the whole category. **What problems is SonarQube solving and how is that benefiting you?** Using as a SAST scanner. It allows us to have this level of coverage. ### 17. Seamless CI/CD Integration with Helpful AI Capabilities **Rating:** 4.0/5.0 stars **Reviewed by:** Tyler T. | Exec of data and AI, Mid-Market (51-1000 emp.) **Reviewed Date:** February 12, 2026 **What do you like best about SonarQube?** Integration within our existing CI/CD tooling, with AI capabilities available. **What do you dislike about SonarQube?** Using the web interface, I prefer to manage everything through our existing workflow tools, so this works well for me because I don’t need to use it very often. **What problems is SonarQube solving and how is that benefiting you?** I review code, including AI-generated code, to make sure it meets the required standards. ### 18. A great actionnable tool for developers **Rating:** 4.5/5.0 stars **Reviewed by:** Arnaud T. | Head of Architecture, Mid-Market (51-1000 emp.) **Reviewed Date:** April 16, 2025 **What do you like best about SonarQube?** SonarCloud is very easy to set up, and integrates nicely into your development platform. It supports a large number of languages, rules, and can be configured to fit your needs. Teams use it on a daily basis without needing to think of it. It is also very intuitive and robust, so you will hardly need technical support ; if you need to, the community website is the way to go for quick answers. **What do you dislike about SonarQube?** The 2024 changes in pricing and product organization led to some hard discussions on pricing internally. The pricing is fair, but the price hike was hard to swallow by the management. **What problems is SonarQube solving and how is that benefiting you?** Using SonarCloud, we are able to take actions on security, bugs, and overall quality issues before the code reaches the main branch. The quality gates concept allows to focus on new code, by improving it. Upon time, this focus on touched code on a daily basis vastly improves the overall code base quality. ### 19. SonarQube: Great for Code Quality, but Community Edition Upgrades Are Frustrating **Rating:** 4.5/5.0 stars **Reviewed by:** Diego M. | IT & Security Lead, Mid-Market (51-1000 emp.) **Reviewed Date:** October 14, 2025 **What do you like best about SonarQube?** I like how easy it is to spot issues before they hit production. SonarQube gives clear feedback and keeps our codebase clean and secure. **What do you dislike about SonarQube?** The community edition is pretty difficult to upgrade. All the available documentation is vague. **What problems is SonarQube solving and how is that benefiting you?** It brings visibility into code quality across teams and helps us maintain high standards. We’ve reduced rework and improved delivery speed. ### 20. The best code testing platform for your web development and apps **Rating:** 5.0/5.0 stars **Reviewed by:** Rene M. | Solution Architect, Outsourcing/Offshoring, Mid-Market (51-1000 emp.) **Reviewed Date:** October 08, 2025 **What do you like best about SonarQube?** I love that it is really easy to use, it can be integrated with GitHub, and it can review a wide array of code languages **What do you dislike about SonarQube?** It can be overwhelming when you get your first review **What problems is SonarQube solving and how is that benefiting you?** It allows me to find security holes and bugs in my code easily. ### 21. Outstanding Code Quality Sets It Apart **Rating:** 5.0/5.0 stars **Reviewed by:** Richy A. | Director of technology, Mid-Market (51-1000 emp.) **Reviewed Date:** October 22, 2025 **What do you like best about SonarQube?** Code quality and potential errors in code flows **What do you dislike about SonarQube?** The inability to link issues reported in sonar to tickets in Gitlab **What problems is SonarQube solving and how is that benefiting you?** Code quality and potential security holes ### 22. Clean and fast performance **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Hospitality | Mid-Market (51-1000 emp.) **Reviewed Date:** May 07, 2025 **What do you like best about SonarQube?** High quality , good response time are all involved in giving a high speed performance. **What do you dislike about SonarQube?** SonarCube works without glitches . Nothing to dislike. **What problems is SonarQube solving and how is that benefiting you?** It helps speed up our process and development. ### 23. Intuitive Dashboard for SAST and Seamless Integration with Azure DevOps pipeline by SonarQube **Rating:** 5.0/5.0 stars **Reviewed by:** Gourav S. | Technical Architect, Enterprise (> 1000 emp.) **Reviewed Date:** July 04, 2025 **What do you like best about SonarQube?** SonarQube is a very easy-to-use and effective tool for code coverage analysis and SAST. It integrates seamlessly with Azure DevOps pipelines. The intuitive Dashboard provides easy access to analysis reports with multiple filters. **What do you dislike about SonarQube?** Seemed that getting a quotation takes time. **What problems is SonarQube solving and how is that benefiting you?** Using SonarLint IDE plugin, developers get instant information about vulnerabilities. SonarQube helps us to restrict the developers to merge code into target releases where the Quality Gate is passed - making sure that no vulnerable code gets into the target branch. Also, SonarQube scan at CI build level ensures that the build happens using secure code only. ### 24. Seems to have potential in a near future **Rating:** 4.0/5.0 stars **Reviewed by:** Danilo M. | SRE & Platform Manager, Mid-Market (51-1000 emp.) **Reviewed Date:** July 16, 2025 **What do you like best about SonarQube?** It's was fast and easier to implement and get things done, the IDE plugin works very well and is easy to understand the rules. **What do you dislike about SonarQube?** I struggling to understand metrics and how AI Code features can really help the business. **What problems is SonarQube solving and how is that benefiting you?** Control the number of security and quality issues ### 25. Helpful Code Suggestions, Though Sometimes Misses the Mark **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.) **Reviewed Date:** October 23, 2025 **What do you like best about SonarQube?** SonarQube gives code suggestions that are secure and give ideas how it can be written in a better way **What do you dislike about SonarQube?** The suggestions are not always relevant for the code. **What problems is SonarQube solving and how is that benefiting you?** We use it in our SecDevOps way of working to comply with ISO27001 ### 26. QA on code **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Insurance | Mid-Market (51-1000 emp.) **Reviewed Date:** July 03, 2025 **What do you like best about SonarQube?** That helps developers maintain high code quality standards **What do you dislike about SonarQube?** I don't dislike nothing in particular . **What problems is SonarQube solving and how is that benefiting you?** Code quality and compliance on our coding standards ### 27. Effective Code Quality Management with SonarQube **Rating:** 4.0/5.0 stars **Reviewed by:** Kevin B. | Senior DevOps Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** June 27, 2024 **What do you like best about SonarQube?** What I love about SonarQube is how it digs deep into my code and finds hidden issues which are not as obvious when writing the code, especially bugs and security problems, across different programming languages. It hooks up smoothly with my CI/CD pipelines, which means I can keep an eye on code quality at every step. The reports it generates are super detailed and really help the team see where we can improve. Plus, you can customize the rules and use tons of plugins to make it work just how you need it. **What do you dislike about SonarQube?** The one thing that I dislike is how much it can slow things down when you're working with big projects. The scans can take a while, which sometimes messes with our workflow, and we cannot use parallel analysis as we are on the Developer license since the Enterprise is too costly for us. Also, setting it up and getting everything configured right can be a bit of a headache and takes some time. **What problems is SonarQube solving and how is that benefiting you?** SonarQube is a lifesaver for keeping our code clean, secure, and easy to maintain. It’s always on the lookout, catching bugs, code smells, and security issues early in the game. This means our codebase stays solid and we don’t end up with a pile of technical debt. For me and the team, it’s been a game-changer. We get automatic code reviews and detailed feedback that helps us catch issues before they cause any real trouble. The insights we get from the quality metrics push us to keep improving our code. Integrating SonarQube into our CI/CD pipelines has really smoothed out our quality checks, making sure we keep high standards from start to finish. All in all, it’s made our software better and we feel way more confident in what we deliver. ### 28. Easy but powerful enough **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** December 13, 2024 **What do you like best about SonarQube?** SonarCloud is easy to use and integrates seamlessly into existing projects and nearly all CI/CD pipelines. We integrated almost all of our codebases and used it along with the Sonar cloud extension, which made it more powerful. **What do you dislike about SonarQube?** The downside with sonar is that it requires us to make at least one change in a file to get it scanned. Because of this, sometimes, issues slip into production. **What problems is SonarQube solving and how is that benefiting you?** Linting issues in the code Security vulnerabilities in the code It helped us in identifying the issues while development itself and if anything misses Sonar's CICD Integration will take care of this. ### 29. A Tool one can rely for large scale applications **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** October 03, 2024 **What do you like best about SonarQube?** SonarLint is an incredibly customizable, open-source tool that integrates seamlessly with a variety of IDEs and coding platforms, such as Spring Tools Suite and IntelliJ IDEA. Its flexibility and user-friendly nature are what stand out the most to me. **What do you dislike about SonarQube?** While highly customizable and user-friendly, SonarLint can occasionally be unclear. For instance, it sometimes flags ignorable issues like auto-wiring errors in Spring Boot projects. Additionally, it lacks the ability to assess and improve code complexity. **What problems is SonarQube solving and how is that benefiting you?** SonarLint helps by cutting down the time spent on code reviews and improving code readability. It has made our code more production-ready and less cumbersome, while also identifying potential error-prone areas and giving real-time feedback to developers during coding. This version maintains the core points while making the language flow more smoothly. ### 30. How our team uses SonarQube **Rating:** 5.0/5.0 stars **Reviewed by:** Stanley S. | Embedded Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** April 24, 2024 **What do you like best about SonarQube?** Our development process is helped alot by SonarQube as it will detect some bugs such as running out of memory, or simple error that we might not see at the first time. Our team is happy to use the product. **What do you dislike about SonarQube?** Getting it to start is a long process. We are having some trouble trying to understand how sonarqube judges our code. As our team is using it for the embedded environment, some suggestions (such as atomic implementations etc) are not really applicable to us. At first we were frustated as it always suggested that our code is wrong, but now we can find a way to silence it. **What problems is SonarQube solving and how is that benefiting you?** It can be integrated easily (after we understand) to our Gitlab server. We can have the analysis out of the box immediately when we are pushing the commits. ### 31. Comprehensive Code Quality Tool **Rating:** 4.0/5.0 stars **Reviewed by:** Rekha S. | Software Developer, Computer Software, Mid-Market (51-1000 emp.) **Reviewed Date:** May 30, 2024 **What do you like best about SonarQube?** SonarQube has a great way of examining code quality as a whole. It has the capability of discovering mistakes, threats, as well as unfavorable practices found in different programming languages to maintain superior coding norms. It generates detailed dashboards and reports which give specific views allowing for developing incrementally in addition to keeping code clean and gracious throughout its life span. **What do you dislike about SonarQube?** SonarQube's complicated setup and configuration process remains trail and discouraging being time consuming for newbies. In addition one may also suffer from performance degradation caused by big code bases as well as when they discover that some extra skills need payment before using them; hence would be so costly particularly among little groups or small enterprises. **What problems is SonarQube solving and how is that benefiting you?** SonarQube focuses on addressing the critical issue of keeping code desirable and secure thereby automating code reviews, identifying potential issues earlier on and ensuring conformity to coding standards. Instead of taking a reactive approach, it helps reduce technical debts, fosters software reliability, simplifies development as it eventually saves on time and resources. ### 32. Easy to use, modular and helpful in improving software quality. **Rating:** 5.0/5.0 stars **Reviewed by:** Murtadha Bazli T. | Senior Embedded System Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** April 24, 2024 **What do you like best about SonarQube?** I use SonarQube mainly for analyzing C, C++ and Python programming languages, and that's why I need a SonarQube developer license. The $160 I spent for a year is really worth it. Think of SonarQube as your peer review, friend and supervisor for your software development. Analyzing C/C++ is really easy and not tied to an IDE. I simply host SonarQube in Docker, build my software with build-wrapper and analyze it with Sonar-scanner. The analysis results then appear in the SonarQube dashboard. I use SonarQube both at work and at home for my personal project. Due to the affordable price and ease of use, I have been loyal to SonarQube for 3 years now. Sonar also has responsive customer support, and I mainly contact them to get a new license due to an issue with my Docker image. The response consistently within 1-2 days, and I always communicate via email. No website to report or form to fill out, which for me is convenience. **What do you dislike about SonarQube?** I develop embedded software that adheres to MISRA C/C++, and SonarQube does have some MISRA rules, but not all of them are implemented. I really love to see SonarQube being able to adopt all these rules. A few times I have found alternatives to SonarQube for this reason, but since other tools are expensive, tied to an IDE and the learning curve is unknown (unlike SonarQube, we only need 3 steps to analyze the code), I keep coming back to SonarQube. **What problems is SonarQube solving and how is that benefiting you?** SonarQube became my main platform for consolidating unit test results, code coverage and static code analysis. SonarQube Dashboard becomes my benchmark for software development maturity. Other static code analyzers can also report errors, but unlike SonarQube, it shows very nice examples of compliant and non-compliant code. This has helped me a lot throughout my software development career. ### 33. Sonarqube is a great tool to help devs raise the quality of legacy code and new greenfield code **Rating:** 5.0/5.0 stars **Reviewed by:** Alan R. | R&D Manager, Mid-Market (51-1000 emp.) **Reviewed Date:** April 24, 2024 **What do you like best about SonarQube?** Identification of coding issues across whole codebases, while providing a manageable way to gradually improve the code quality over time by enforcing that new code is of good quality. Developers can be gently guided to better practices without having to solve thousands of code smells all at once. We can refactor code as we work in different areas without introducing new risk of regressions. Easy to setup and manage and pretty hands off. It integrates well with Azure DevOps and our pull request and CI workflows. **What do you dislike about SonarQube?** Some churn recently in how Sonarqube manages quality gates and what the bar is. We have a number of limitations in our analysis, particularly in collecting code coverage information. **What problems is SonarQube solving and how is that benefiting you?** Sonarqube provides a level of security review to our code changes. Sonarqube helps developers maintain a high quality bar in the code they write, provides neutral guidance and learning without code reviewers having to nitpick every commit. Developers are guided to improve the code they touch, gradually helping improve the quality of older legacy codebases without making large changes and introducing regression risk. ### 34. Effective static analysis for bugs and vulnerabilities **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** April 24, 2024 **What do you like best about SonarQube?** Being able to filter issues and assign them to different team members allows each developer to focus on high-priority issues. SonarQube allows you to enable to disable specific rules, and to set the severity of each rule. This further help to prioritize the issues needing attention. When a developer determines that a particular issue should NOT result in a code change, they can mark that issue as "won't fix" and enter an explanation. This helps provide detailed reports. SonarQube also provides clear, high-level overviews of the status of your software projects (for managers), along with reports (for customers). This helps take much of the communication burden off of the development team. **What do you dislike about SonarQube?** Like any static analysis tool, there are occasional false-positives. And depending on your code, there may be issues flagged as "problems" which are really just stylistic differences or deviations from best practices. But it is fairly easy to mitigate these issues. False-positives need to be reviewed, but the detailed analysis provided by SonarQube (including traces through earlier statements showing how the issue was identified) help with the review. As for issues that are merely stylistic differences, these can be given a lower severity rating or even eliminated by customizing the underlying rules. **What problems is SonarQube solving and how is that benefiting you?** Identifies code quality issues. Helps us improve the reliability of our applications and reduce our technical support burden. Also helps us mature the code base, which makes subsequent development faster and easier. Identifies code security issues. Helps us head off vulnerability crises and the need to develop hotfixes. Reports the status of unresolved issues and unit test code coverage per project. Helps us track technical debt. Reports the status of each project or application (set of projects) for consumption by customers. Meets requirements imposed by some customers, allowing certain sales to go through that would otherwise be blocked. ### 35. Best performance/cost SAST tooling **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Hospital & Health Care | Mid-Market (51-1000 emp.) **Reviewed Date:** April 18, 2024 **What do you like best about SonarQube?** - We are using a self hosted SonarQube server - hosting and upgrading our instance is a relatively painless process. The online documentation is clear and easy to follow - The SonarQube scanner integrated easily into our existing Bitbucket and Cloud Build CI/CDs - When comparing the findings with other SAST tooling, out-of-the-box SonarQube analysis had a low false positive rate, yet found extensive legitimate security/code quality issues - Very happy with the speed of analysis, completes in only a few minutes on large repos (an order of magnitude faster than certain other SAST services) - Surprised that language support is actually slightly better than documented - we were able to sucessfully analyze projects with older versions of .NET framework (4.5 and 4.0) than indicated in the documenation - The triage and review process is easy for individual teams to execute on a regular basis - The WEB API is well documented and enabled automating steps around user maintenance - Bitbucket OAuth worked seamlesses to onboard users - Installing additional plugins is also easy - we use Dependency-Check to add SCA to projects - Bug fixes and features added to each new release are well documented, I appreciate being able to review all changes on the sonarsource atlassian page (and not just rely on the high-level marketing notes) **What do you dislike about SonarQube?** - While SonarQube is a SAST tool, better support for SCA would be beneficial. The Dependency-Check plugn does not integrate well into the existing triage/remediation process. - Other tooling does a better job of proving a high level overview of users and their productivity, ie. # of assigned open issues by engineer, # of fixed issues by engineer, etc. **What problems is SonarQube solving and how is that benefiting you?** SonarQube enables us to perform code and security analysis and comply with our internal security procedures, with clear visibilty into the process via it's clean dashboards. SonarQube's bug and code smell detection has also reduced our technical debt and improved overall codebae quality. ### 36. Essential for clean code **Rating:** 4.5/5.0 stars **Reviewed by:** Mukesh K. R. | Cyber Security Analyst and Senior Developer, Information Technology and Services, Small-Business (50 or fewer emp.) **Reviewed Date:** May 03, 2024 **What do you like best about SonarQube?** Simple deployment. Very easy installing is practiced particularly on Kubernetes using YAML formats. Moreover, integration with GitHub by means of GitHub actions is fluent because it enables developers to conduct their scans, therefore, receiving their notifications once they complete them. On the other side when it comes to flexibility, SonarQube is unmatched. It offers so much when you want to configure it letting you even prevent vulnerability detection until pull request merges are halted for example while at the same time providing a good way of looking at detected exploitation points - such as their exact location that has been pointed out about them. **What do you dislike about SonarQube?** This tool is exclusively for Static Application Security Testing , other tools provides integrating Dynamic (DAST) and Static (SAST). **What problems is SonarQube solving and how is that benefiting you?** Improve compliance and risk management, reduce the cost of management while enhancing the business process results. ### 37. Sonarqube is a great tool for monitoring codebases. **Rating:** 4.0/5.0 stars **Reviewed by:** Ethan B. | Small-Business (50 or fewer emp.) **Reviewed Date:** April 18, 2024 **What do you like best about SonarQube?** Quick, easy way to see major issues with code, duplications, security issues, etc. Easy to setup and maintain. Support has been very quick and helpful when I have needed them. **What do you dislike about SonarQube?** While it supports a decent ammount of prgoramming languages, it definitely doesn't support all of them. Specifically Dart projects in Flutter which we use for mobile app developement (though apparently there are plans to add it in the future). **What problems is SonarQube solving and how is that benefiting you?** It helps us to make sure we are not duplicating code, using depricated libraries and methodes, and helps to identify any security issues. ### 38. SonarQube has Improved our Tech Debt! **Rating:** 5.0/5.0 stars **Reviewed by:** Kelli K. | Senior Software Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** April 24, 2024 **What do you like best about SonarQube?** We have implemented it across our org, and it has been awesome. Code coverage everywhere has gone up, more bugs are being fixed, and there is more visibility into team's tech debt. **What do you dislike about SonarQube?** The one downside to the new versions is lack of support for older node versions. Our monolith is still using some old versions (which of course we need to work on upgrading!), keeping us from upgrading sonarqube. **What problems is SonarQube solving and how is that benefiting you?** It is helping us increase code coverage across our whole organization, which is making for better code all around. ### 39. Good but I would like to have training courses **Rating:** 4.5/5.0 stars **Reviewed by:** josue d. | Small-Business (50 or fewer emp.) **Reviewed Date:** April 25, 2024 **What do you like best about SonarQube?** I like how complete the tool is, I like that I can have many users with different permissions **What do you dislike about SonarQube?** I don't like the complexity of integrations I don't like that there is no error documentation I don't like that there are no training courses. I would like a certification **What problems is SonarQube solving and how is that benefiting you?** in ease of use, because it is easier to make demos that way ### 40. Must for high quality development **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** May 03, 2024 **What do you like best about SonarQube?** SonarQube helps to evaluate your code during the development itself. It provides a great amount of reviews/suggestions to improve your code. It also supports a variety of programming languages. The tool is easy to use. **What do you dislike about SonarQube?** Nothing as such, but some of the static analysis could be improved for certain languages like C++. **What problems is SonarQube solving and how is that benefiting you?** We were facing quite a few challenges in manual code reviews and standardizing the coding formats. Sonarqube came to our rescue during our development to have a good quality code with integrated chcks into Developer IDE as well as the build pipeline. ### 41. Good tool, mixed experience with SonarSource **Rating:** 1.5/5.0 stars **Reviewed by:** Verified User in Medical Devices | Mid-Market (51-1000 emp.) **Reviewed Date:** April 28, 2024 **What do you like best about SonarQube?** Good integration with CI tools. Supports many programming languages. Modern web UI. **What do you dislike about SonarQube?** My experience as a SonarSource customer shows that they manifest little interest in small customers. In addition, their quality policy is poor when it comes to fixing major bugs in their code. For instance, this ticket has now been open for 1 year without any time frame for fix: https://sonarsource.atlassian.net/browse/CPP-4175 This is unsatifying and quite ironical actually, for a company writing software for code quality. **What problems is SonarQube solving and how is that benefiting you?** Static code analysis, discover potential bugs in code. ### 42. Game Changer for Shifting Left **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Manufacturing | Enterprise (> 1000 emp.) **Reviewed Date:** April 24, 2024 **What do you like best about SonarQube?** SonarQube has been an invaluable tool for our development team that helps us catch issue earlier on in the SDLC. We like the wide range of static code analysis rules, easy to use UI, and the large number of supported programming languages. **What do you dislike about SonarQube?** Occasionally, when analyzing large codebases or running complex rules, SonarQube can be resource-intensive and slow down the analysis process. Also, there are more languages we would like to see supported as the product matures. **What problems is SonarQube solving and how is that benefiting you?** The ability to shift left on code quality and application security by using SonarQube in our SDLC. ### 43. A powerful tool for more powerful teams **Rating:** 4.0/5.0 stars **Reviewed by:** Franco R. | Small-Business (50 or fewer emp.) **Reviewed Date:** April 24, 2024 **What do you like best about SonarQube?** This easy-to-configure tool increases code quality in no time **What do you dislike about SonarQube?** It takes a bit to achieve the cultural change of the team necessary to take advantage of the insights reported by the tool **What problems is SonarQube solving and how is that benefiting you?** We were able to resolve code errors and improve quality. We also increased test coverage by reducing the number of functional errors ### 44. A Tool to Improve Code Quality! **Rating:** 5.0/5.0 stars **Reviewed by:** Ankshuk R. | Specialist Programmer, Enterprise (> 1000 emp.) **Reviewed Date:** July 20, 2022 **What do you like best about SonarQube?** SonarLint is the most customizable and Free Open Source tool that can be integrated with multiple IDEs and coding platforms like Spring tools suite, IntelliJ Idea etc. The fact that it is this customizable and user friendly, is what I like about it the most. **What do you dislike about SonarQube?** Although it is very customizable and user-friendly, SonalLint can be very vague at times, there are times when it throws errors in the code like some auto wiring errors for spring-boot projects that are ignorable. Also, it does not have a way to understand and improve code complexity. **What problems is SonarQube solving and how is that benefiting you?** SonarLint reduces the overall time to review code quality and helps in making the code readable. It has helped our codes to be more production friendly and less bulky. It also resolves potential errors areas of code and warns the developer while coding itself. ### 45. Simple to set up, use, and provides useful feedback on code quality **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** April 18, 2024 **What do you like best about SonarQube?** - The basic setup (automated analysis) is as simple as it gets to integrate with GitHub and supported languages - The language-specific rules are of good quality and we rarely encounter false positives - The overview it provides of the code quality trends is particularly nice **What do you dislike about SonarQube?** - Manual setup could be documented better (it is not always fully clear which properties you need to define and why) - There is no way to manually trigger an analysis with an automated analysis setup, which is sometimes necessary as the GitHub application "bugs out" and doesn't provide an analysis **What problems is SonarQube solving and how is that benefiting you?** It is generally difficult to track code quality across different projects, and SonarQube offers a simple way with not much additional overhead to track and analyse code quality for each project. ### 46. Wonderful tool to learn from your mistakes **Rating:** 4.5/5.0 stars **Reviewed by:** Soufiane M. | System Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** April 24, 2024 **What do you like best about SonarQube?** * Comprehensive Code Analysis * Very easy to use * Very easy to integrate with existing CI/CD tools **What do you dislike about SonarQube?** * Difficult to implement in a rigid environment **What problems is SonarQube solving and how is that benefiting you?** Issues related to code quality Recurrent mistakes that need to be taught to all new comers can be added as rules Code Legacy ### 47. Deeper insights into code quality **Rating:** 5.0/5.0 stars **Reviewed by:** Frederik E. | Intern konsulent, Small-Business (50 or fewer emp.) **Reviewed Date:** April 24, 2024 **What do you like best about SonarQube?** Automated Pullrequest decoration for quick insights into new code. **What do you dislike about SonarQube?** Onboarding of new GitHub Actions was difficult - I believe however, that this flow has been vastly improved since then. **What problems is SonarQube solving and how is that benefiting you?** Automated validating of simple errors, that are caught in static analysis, to ease load off other developers. ### 48. SonarQube: Help Developers to accelerate their productivity **Rating:** 4.0/5.0 stars **Reviewed by:** Damien G. | Enterprise (> 1000 emp.) **Reviewed Date:** April 18, 2024 **What do you like best about SonarQube?** Using SonarQube transformed our development process by providing comprehensive code analysis. it identified and flagged code smells, bugs and security vulnerabilities enabling our team to address them early in the development cycle **What do you dislike about SonarQube?** Difficult to integrate with. Low integration with other ecosystem especialy with Kubernetes/Openshift. **What problems is SonarQube solving and how is that benefiting you?** code analysis ### 49. Sast tooling experience **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Manufacturing | Enterprise (> 1000 emp.) **Reviewed Date:** April 24, 2024 **What do you like best about SonarQube?** SonarQubes ability to analyze the code at local build as well in CI/CD build add an important steps in improving the quality of the code. The recently added security analsyis of the code is very helpful for us for discovering any vulnerabily of the written code. **What do you dislike about SonarQube?** Reporting can be further improved with slice and dice featues **What problems is SonarQube solving and how is that benefiting you?** SonarQube is helping improve the code quality interms of security and as well as overall quality of the code ### 50. SonarQube Review **Rating:** 5.0/5.0 stars **Reviewed by:** murthy g. | DevOps Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** April 18, 2024 **What do you like best about SonarQube?** It's very easy to use and the customer support is fantastic. Very easy to integrate with other tools like TeamCity. **What do you dislike about SonarQube?** Nothing in special we dislike about the product. **What problems is SonarQube solving and how is that benefiting you?** We have been using sonar for Statis code analysis. ## SonarQube Discussions - [What is the benefit of SonarQube?](https://www.g2.com/discussions/what-is-the-benefit-of-sonarqube) - [What are the main components of SonarQube platform?](https://www.g2.com/discussions/what-are-the-main-components-of-sonarqube-platform) - [What is SonarQube and its features?](https://www.g2.com/discussions/what-is-sonarqube-and-its-features) - [What is the best way to integrate a plugin for the code coverage?](https://www.g2.com/discussions/what-is-the-best-way-to-integrate-a-plugin-for-the-code-coverage) - 1 upvote - [test coverage](https://www.g2.com/discussions/31154-test-coverage) - 1 upvote - [View SonarQube pricing details and edition comparison](https://www.g2.com/products/sonarqube/reviews?section=pricing&secure%5Bexpires_at%5D=2026-06-04+06%3A56%3A11+-0500&secure%5Bsession_id%5D=a58d42c6-cb3e-4d11-a8b8-6228317c90db&secure%5Btoken%5D=1a9dc674c2976dcb089b44b05829610f067df50e2bd554fff6414cfb9a870fc8&format=llm_user) ## SonarQube Integrations - [Android Studio](https://www.g2.com/products/android-studio/reviews) - [Apache Maven](https://www.g2.com/products/apache-maven/reviews) - [Atlassian](https://www.g2.com/products/atlassian-2025-01-31/reviews) - [Azure DevOps Server](https://www.g2.com/products/azure-devops-server/reviews) - [Azure Pipelines](https://www.g2.com/products/azure-pipelines/reviews) - [Backstage](https://www.g2.com/products/backstage/reviews) - [Bitbucket](https://www.g2.com/products/bitbucket/reviews) - [CircleCI](https://www.g2.com/products/circleci/reviews) - [Claude](https://www.g2.com/products/claude-2025-12-11/reviews) - [CloudBees](https://www.g2.com/products/cloudbees/reviews) - [Codemagic](https://www.g2.com/products/codemagic/reviews) - [Copado DevOps](https://www.g2.com/products/copado-devops/reviews) - [Cortex](https://www.g2.com/products/cortex-automation-inc-cortex/reviews) - [Cursor](https://www.g2.com/products/cursor/reviews) - [Datadog](https://www.g2.com/products/datadog/reviews) - [Devin AI](https://www.g2.com/products/devin-ai/reviews) - [Docker](https://www.g2.com/products/docker-inc-docker/reviews) - [Drata](https://www.g2.com/products/drata/reviews) - [DX](https://www.g2.com/products/dx-platform/reviews) - [Dynatrace](https://www.g2.com/products/dynatrace/reviews) - [Eclipse](https://www.g2.com/products/tph-global-eclipse/reviews) - [Gemini](https://www.g2.com/products/gemini-2021-11-09/reviews) - [GitHub](https://www.g2.com/products/github/reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - [Gradle Build Tool](https://www.g2.com/products/gradle-build-tool/reviews) - [Harness](https://www.g2.com/products/harness-wealth-harness/reviews) - [Jellyfish](https://www.g2.com/products/jellyfish-2018-10-15/reviews) - [Jenkins](https://www.g2.com/products/jenkins/reviews) - [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews) - [Jira](https://www.g2.com/products/jira/reviews) - [LinearB](https://www.g2.com/products/linearb/reviews) - [Microsoft Visual Studio App Center](https://www.g2.com/products/microsoft-microsoft-visual-studio-app-center/reviews) - [MuleSoft Anypoint Platform](https://www.g2.com/products/mulesoft-anypoint-platform/reviews) - [npm](https://www.g2.com/products/npm/reviews) - [Oobeya](https://www.g2.com/products/oobeya/reviews) - [Port](https://www.g2.com/products/port-port/reviews) - [PyCharm](https://www.g2.com/products/pycharm/reviews) - [Python](https://www.g2.com/products/python/reviews) - [ServiceNow DevOps](https://www.g2.com/products/servicenow-devops/reviews) - [Travis CI](https://www.g2.com/products/travis-ci/reviews) - [Visual Studio](https://www.g2.com/products/visual-studio/reviews) - [Zed](https://www.g2.com/products/zed-zed/reviews) ## SonarQube Features **Administration** - API / Integrations - Extensibility **Functionality** - Repository Integration - Analytics and Trends - Productivity Updates **Bug Reporting** - User Reports & Feedback - Tester Reports & Feedback - Team Reports & Comments **Functionality - Software Composition Analysis ** - Language Support - Integration - Transparency **Documentation** - Feedback - Prioritization - Remediation Suggestions **Risk management - Application Security Posture Management (ASPM)** - Vulnerability Management - Compliance Management - Policy Enforcement **Functionality - Software Bill of Materials (SBOM)** - Format Support - Annotations - Attestation **AI Compliance** - Regulatory Reporting - Automated Compliance **Agentic AI - Static Code Analysis** - Adaptive Learning - Natural Language Interaction - Proactive Assistance **Performance - AI AppSec Assistants** - Remediation - Real-time Vulnerability Detection - Accuracy **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Management** - Data Context - Testing Integration **Bug Monitoring** - Analytics - Bug History - Data Retention **Effectiveness - Software Composition Analysis** - Remediation Suggestions - Continuous Monitoring - Thorough Detection **Security** - False Positives - Custom Compliance - Agility **Integration and efficiency - Application Security Posture Management (ASPM)** - Integration with Development Tools **Management - Software Bill of Materials (SBOM)** - Monitoring - Dashboards - User Provisioning **Risk Management & Monitoring** - Real-time Monitoring **Integration - AI AppSec Assistants** - Stack Integration - Workflow Integration - Codebase Contextual Awareness **Security** - Data Security - Data loss Prevention - Security Auditing **Testing** - Command-Line Tools - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Reporting and Analytics - Application Security Posture Management (ASPM)** - Trend Analysis - Risk Scoring - Customizable Dashboards **Agentic AI - Bug Tracking** - Adaptive Learning - Natural Language Interaction - Proactive Assistance **Identity** - SSO - Governance - User Analytics **Access Control and Security** - Pole-based Access Control (RBAC) **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution **Agentic AI - Application Security Posture Management (ASPM)** - Autonomous Task Execution - Multi-step Planning **Agentic AI - AI Governance Tools** - Autonomous Task Execution - Multi-step Planning - Cross-system Integration - Adaptive Learning - Natural Language Interaction - Decision Making ## Top SonarQube Alternatives - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,293 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (877 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) - 3.8/5.0 (25 reviews)