Name: SonarQube
Rating: 4.4 (111 reviews)

Overview

Product Information on SonarQube

Updated 6th February 2026

What is SonarQube?

SonarQube is an automated code review platform that checks your code for quality and security issues, available via cloud or on your own server. SonarQube is an independent review and verification layer to ensure all code—whether written by developers or generated by AI or AI agents—is secure, reliable, and maintainable. SonarQube automatically scans every code change, giving developers clear instructions and suggested fixes to resolve problems before they are merged into the main project. The experience starts in your editor with SonarQube for IDE, which works with both traditional and AI-native code editors, to highlight problems and suggest fixes. SonarQube also connects directly to your AI coding tools through an MCP server, giving AI assistants the data they need to understand your code's quality and security rules. Originally built by the open-source community, it is now used by over 7 million developers globally.

Overall experience with SonarQube

Chief Architect

30B + USD, Consumer Goods

FAVORABLE

“SonarQube Enables Transparent Software Quality Tracking and Customizable Coding Rules”

5.0

Oct 16, 2025

I set up and used SonarQube for several years in CI/CD pipelines to ensure software quality goals in my teams were clearly defined and met at each commit. The results of the scans were important for handover of software products between teams and different devops partners, as we had a very transparent state of the software quality.

APPLICATION ARCHITECT

Gov't/PS/ED <5,000 Employees, Government

CRITICAL

“SonarCloud's Unexpected Price Increase Very Concerning”

3.0

Sep 12, 2024

The tool has great integration with Azure DevOps. However, they don't have any documentation on implementing a quality gate using an Azure Devops branch policy even though the feature exists. I figured out how to do it by luck and it appears to be the only way to get it working. Lastly, beware of SonarCloud pricing. We had the product for 1 year now and they created a new plan we have to move to with a 71% price increase. In addition, we have to do a 2-year contract or they will add an additional 10%. Not sure if they will do another significant price increase in another two years. Fortunately, we don't have full integration with too many projects and can move to another vendor.

About Company

Company Description

Sonar helps prevent code quality and security issues from reaching production, amplifies developers' productivity in concert with AI assistants, and improves the developer experience with streamlined workflows. Sonar analyzes all code, regardless of who writes it—your internal team or genAI—resulting in more secure, reliable, and maintainable software. Rooted in the open-source community, Sonar’s solutions support over 30 programming languages, frameworks, and infrastructure technologies. Today, Sonar is used by 7M+ developers and 400K organizations worldwide.

Company Details

Year Founded

2008

Head office location

Geneva, Switzerland

Number of employees

501 - 1000

Website

https://sonarsource.com/

Do You Manage Peer Insights at SonarSource?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

Reviewer Insights for: SonarQube

Deciding Factors: SonarQube Vs. Market Average

Performance of SonarQube Across Market Features

SonarQube Likes & Dislikes

I like the capability to have various rulesets and be able to customize rules that are relevant to my specific domain. I liked the possibility to push these rules as settings for my developers IDE so that they had an early indication when coding rules were violated.

They are the few Vendors that integrate with Azure DevOps. It provides good Quality Code analytics and has limited and useful security features.

- SonarQube PyCharm plug-in's code recommendations help to optimize code and make it more clean; - SonarQube server shows test coverage level on the new and overall code; - All found alerts and warnings could be assigned to the team members to remediate

I have never achieved good results on C repos, however this may be due to inherent difficulties in analysing C/C code. Maintaining custom coding rules becomes tedious when there are a lot of changes in the underlying rulesets.

They are lacking on Support. I wanted to use a quality gate in my Azure DevOps pipeline and they don't have documentation on how to implement it in a real-world pipeline with a quality gate. They had a basic example that was completely worthless to me. In addition, they were unwilling to help me with any support.

- the default settings provide a lot of unnecessary warnings and should be tweaked to have more sense; - it is hard to exclude or partially exclude files and code blocks from scan - it is slower than expected analyzing the large projects

Top SonarQube Alternatives

4.6

(401 Ratings)

4.6

(398 Ratings)

4.8

(246 Ratings)

View All Alternatives

Peer Discussions

SonarQube Reviews and Ratings

Showing data for 111 ratings and reviews for Application Security Testing market. View all 111 ratings and reviews across markets for a complete picture.

4.4

(111 Ratings)

Rating Distribution

5 Star: 38%
4 Star: 57%
3 Star: 5%
2 Star: 0%
1 Star: 0%

Customer Experience

Evaluation & Contracting

4.3

Integration & Deployment

4.6

Service & Support

4.4

Product Capabilities

4.5

Filter Reviews

Sort By:

Most helpful

Last 12 Months

Star Rating

Reviewer Type

Reviewer's Company Size

Reviewer's Industry

Reviewer's Region

Reviewer's Job Function

Chief Architect
10B+ USD
Consumer Goods
Review Source
SonarQube Enables Transparent Software Quality Tracking and Customizable Coding Rules
5.0
Oct 16, 2025
I set up and used SonarQube for several years in CI/CD pipelines to ensure software quality goals in my teams were clearly defined and met at each commit. The results of the scans were important for handover of software products between teams and different devops partners, as we had a very transparent state of the software quality.
IT OPS SPECIALIST
10B+ USD
Banking
Review Source
SonarQube Enhances Python Code Quality With Customizable Checks And Assignable Alerts
4.0
Oct 22, 2025
SonarQube provides an additional layer of checks and optimizations during my Python development. It helps keeping my code clean and properly covered by the tests. Some checks could be annoying though, but they could be commented out in place or turned off at all
Director Enterprise Architecture
50M-1B USD
Banking
Review Source
SonarQube Enables Fast Issue Identification and Seamless Integration in Build Pipelines
5.0
Jul 8, 2025
SonarQube is a true value-add for many organizations. Not only does it help identify various quality issues, it does it at speed in the build pipeline. Additionally, smart engineers will use the IDE extension to get feedback while the code is being written, without waiting on the CI/CD build to complete.
IT Manager
10B+ USD
IT Services
Review Source
Intuitive Dashboard for SAST and Seamless Azure DevOps Integration by SonarQube
5.0
Jul 4, 2025
SonarQube seemed to be a very good tool for code coverage analysis and finding vulnerabilities in code. The dashboard gives a very good view of the analysis results. Pricing seemed to be optimal with respect to other vendors providing similar features. Open API of SonarQube is also very helpful for preparing custom reports.
Sourcing Operations Manager
1B-10B USD
IT Services
Review Source
A reliable LOC Analyzer
5.0
Jul 3, 2025
The tool is working very well in analyzing lines of Code and increasing the efficiency of our developers.

...

Showing Result 1-5 of 111

SonarQube

Overview

Product Information on SonarQube

What is SonarQube?

SonarQube Pricing

SonarQube Product Images

Overall experience with SonarQube

“SonarQube Enables Transparent Software Quality Tracking and Customizable Coding Rules”

“SonarCloud's Unexpected Price Increase Very Concerning”

About Company

Company Description

Company Details

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

Reviewer Insights for: SonarQube

Deciding Factors: SonarQube Vs. Market Average

Performance of SonarQube Across Market Features

SonarQube Likes & Dislikes

Top SonarQube Alternatives

1. Veracode

2. Checkmarx SAST

3. Appknox

Peer Discussions

SonarQube Reviews and Ratings

4.4

(111 Ratings)

Rating Distribution

Customer Experience

Product Capabilities

SonarQube Enables Transparent Software Quality Tracking and Customizable Coding Rules

SonarQube Enhances Python Code Quality With Customizable Checks And Assignable Alerts

SonarQube Enables Fast Issue Identification and Seamless Integration in Build Pipelines

Intuitive Dashboard for SAST and Seamless Azure DevOps Integration by SonarQube

A reliable LOC Analyzer

Recommended Gartner Research