Overview
Product Information on SonarQube
Updated 6th April 2026
What is SonarQube?
SonarQube Pricing
SonarQube Product Images
Overall experience with SonarQube
Security Consultant
50M - 250M USD, IT ServicesFAVORABLE
“SonarQube Simplifies Code Quality Checks But Requires Rule Fine-Tuning Efforts”
Overall, my experience with SonarQube has been positive. Its been useful for catching code quality issues and common security gaps during development. Setup and integration were straightforward, and fit well into CI/CD workflows, although fine tuning sometimes requires extra effort.
Security Architect
10B - 30B USD, MediaCRITICAL
“SonarQube Integrates Security in Development but Lacks Depth for Complex Needs”
SonarQube is a solid foundational asset for our testing capability, making it easy to integrate basic security checks directly into development workflows. However, for organisations with more stringent security requirements or complex attack surfaces, it often serves as a beneficial first layer, rather than a comprehensive, standalone solution when compared to more specialised competitors. Its ease of adoption and developer-centric reporting were key factors in our decision to use it.
About Company
Company Description
Sonar is an automated code review platform serving as the trust and verification layer for AI code. Integrating code quality and code security into a single platform, Sonar delivers deterministic, repeatable, and actionable code verification at scale, analyzing over 750 billion lines of code daily to ensure software is reliable, maintainable, and secure. Originally built by the open-source community, it is now used by over 7 million developers globally.
Company Details
Year Founded
2008
Head office location
Geneva, Switzerland
Number of employees
501 - 1000
Website
Do You Manage Peer Insights at SonarSource?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Top SonarQube Alternatives
Peer Discussions
SonarQube Reviews and Ratings
Filter Reviews
Sort By:
Most helpful
Last 12 Months
Star Rating
Reviewer Type
Reviewer's Company Size
Reviewer's Industry
Reviewer's Region
Reviewer's Job Function
- Security Consultant50M-1B USDIT ServicesReview Source
SonarQube Simplifies Code Quality Checks But Requires Rule Fine-Tuning Efforts
Overall, my experience with SonarQube has been positive. Its been useful for catching code quality issues and common security gaps during development. Setup and integration were straightforward, and fit well into CI/CD workflows, although fine tuning sometimes requires extra effort. - Security Architect10B+ USDMediaReview Source
SonarQube Integrates Security in Development but Lacks Depth for Complex Needs
SonarQube is a solid foundational asset for our testing capability, making it easy to integrate basic security checks directly into development workflows. However, for organisations with more stringent security requirements or complex attack surfaces, it often serves as a beneficial first layer, rather than a comprehensive, standalone solution when compared to more specialised competitors. Its ease of adoption and developer-centric reporting were key factors in our decision to use it. - Manager, It Security And Risk Management<50M USDFinance (non-banking)Review Source
A useful tool for detecting technical debt and good development practices.
It is a very useful tool for detecting technical debt, as well as good development practices. For source code security, it is not as powerful as other tools on the market. Also, keep in mind that integration with IDEs tends to disconnect, and synchronization in on-premises environments has a slight delay. - Manager, IT Security and Risk Management10B+ USDFinance (non-banking)Review Source
Initial Setup And Tuning Required For SonarQube Security Rules To Match Needs
My main usage of SonarQube product is security testing of code. The number of security rules available in SonarQube is not necessarily up to the most current security industry standards. The dashboard and issues tracking are useful but initial setup and tuning of quality rules take some effort before it really matched Security Team needs. - Devops Engineer50M-1B USDIT ServicesReview Source
Integration of SonarQube Enhances Code Quality and Early Issue Identification
We have integrated SonarQube into our pipeline to provide us good visibility into code quality, security vulnerabilities, bugs and code smells throughout the application development process. The quality gate feature helps enforce coding standards before code moves to a higher environment. It has helped our team identify issues early in development. The detailed analysis and recommendations have supported us in improving code maintainability and reducing technical debt.
...
Showing Result 1-5 of 123
Recommended Gartner Insights
This service may contain translations provided by Google. Google disclaims all warranties related to the translations, express or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose and noninfringement. Gartner's use of this provider is for operational purposes and does not constitute an endorsement of its products or services.
