---
title: SonarQube Reviews
meta_title: 'SonarQube Reviews 2026: Details, Pricing, & Features | G2'
meta_description: Filter 153 reviews by the users' company size, role or industry
  to find out how SonarQube works for a business like yours.
aggregate_rating:
  rating_value: 4.4
  review_count: 153
  scale: '5'
date_modified: '2026-07-14'
parent_category:
  name: "DevSecOps\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t"
  url: https://www.g2.com/categories/devsecops
---

# SonarQube Reviews
**Vendor:** SonarSource Sàrl  
**Category:** [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis)  
**Average Rating:** 4.4/5.0  
**Total Reviews:** 153
## About SonarQube
Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. Sonar is the foundation for high-performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at ServiceNow, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.



## SonarQube Pros & Cons
**What users like:**

- Users value SonarQube for its ability to **efficiently flag code quality and security issues** , ensuring a clean and reliable codebase. (24 reviews)
- Users appreciate the **flexible issue filtering and prioritization** features of SonarQube, enhancing focus and communication. (20 reviews)
- Users value the **issue identification** feature of SonarQube, enhancing focus on high-priority problems and improving development processes. (19 reviews)
- Users appreciate the **ease of use** of SonarQube, benefiting from automated quality checks integrated into their development workflows. (18 reviews)
- Users appreciate the **easy integrations** with CI/CD tools, enhancing their workflow and overall development process. (18 reviews)
- Users value the **seamless integration** of SonarQube with CI/CD pipelines, enhancing code quality management effortlessly. (18 reviews)
- Security (15 reviews)
- Vulnerability Detection (15 reviews)
- Code Review (12 reviews)
- Integration Support (12 reviews)

**What users dislike:**

- Users experience **software bugs** including false positives and high RAM usage, complicating usage and requiring advanced knowledge. (12 reviews)
- Users find the **configuration process complex** , often requiring extensive knowledge and still resulting in numerous warnings. (10 reviews)
- Users report frequent **false positives** that complicate the analysis process, affecting the overall usability of SonarQube. (10 reviews)
- Users find SonarQube&#39;s **configuration complexity** and overwhelming warnings to be challenging, affecting their overall experience. (8 reviews)
- Users find the **complex setup** of SonarQube challenging, especially for beginners, often leading to frustrating experiences. (8 reviews)
- Users often face **integration issues** with SonarQube, particularly in connecting to GitLab and navigating its complexities. (8 reviews)
- Users find SonarQube&#39;s **limited features** frustrating, particularly with restrictions on scanning and analysis capabilities. (8 reviews)
- Users note that the **expensive nature** of SonarQube limits access to advanced features and complicates setup. (7 reviews)
- Difficult Setup (6 reviews)
- Setup Difficulty (6 reviews)

## SonarQube Reviews
  ### 1. Great tool for code quality scanning!

**Rating:** 5.0/5.0 stars

**Reviewed by:** Jinal P. | Small-Business (50 or fewer emp.)

**Reviewed Date:** March 15, 2023

**What do you like best about SonarQube?**

Integration is easy in CI/CD pipelines
Helped a lot at the time of code push!
UI interface is really good and easy to go!
It helped a lot in code duplicate!

**What do you dislike about SonarQube?**

It took too long to setup and move forward!

**What problems is SonarQube solving and how is that benefiting you?**

It helped with static code analysis.

  ### 2. Great Tool for code Analysis

**Rating:** 5.0/5.0 stars

**Reviewed by:** Sachin S. | System Engineer, Enterprise (> 1000 emp.)

**Reviewed Date:** July 06, 2022

**What do you like best about SonarQube?**

As a DevOps team, we are managing and offering this tool to different teams within the organisation. Its seamlessly easy integration with other tool CI/CD tools such as Jenkins, and Azure DevOps Services is very useful. By which we can easily Analyze code in Sonarqube based on the predefined rules setup in the quality gate and quality profile. After analysis, we will get a detailed overview of the vulnerabilities, security hotspots, bugs and other parameters. We can review those parameters and work on the fixes. In this way, it improves the code quality.

**What do you dislike about SonarQube?**

We are using the Sonarqube Enterprise version we do sometimes face issues while getting additional help from the Sonarqube. If we have to check code coverage of the test case of Java language we need to rely on a third-party plugin like Jacoco. Apart from these, we didn't encounter many issues so far.

**What problems is SonarQube solving and how is that benefiting you?**

Being in DevOps teams are offering Sonarqube to our end customers. Sonarqube helps to analyze code and review the vulnerabilities, security hotspots and bugs along with other parameters. We have integrated with CI/CD tools. Once a Pull request is done on the master branch Sonaranlysis began if it passes the standards as defined in the quality gate and quality profile only merge will otherwise it will block it. In this way, we are ensuring developers follow good practices of coding and review their code against common vulnerabilities.

  ### 3. SonarQube: Continuous Code Quality & Code Security

**Rating:** 4.5/5.0 stars

**Reviewed by:** Pranay J. | Senior DevOps Consultant, Small-Business (50 or fewer emp.)

**Reviewed Date:** January 31, 2022

**What do you like best about SonarQube?**

I'm using SonarQube for almost 5 years now, it's an open-source tool that can be self-host in the cloud or on-prem or can be run inside a docker container. It's backed by a large community and they are updating it continuously from both features and capability wise.

**What do you dislike about SonarQube?**

It's a legacy tool but I would like to see some UI changes as it's not up to mark as compared to the other modern tools like GitGuardian and Snyk. Creating custom rules can be very tricky sometimes. There should be some kind of repository for keeping and sharing the rules.

**What problems is SonarQube solving and how is that benefiting you?**

We use SonarQube for checking the quality of every piece of code written by our team. We have SonarQube running on cloud-based server where our team can go and check the quality of their code.

  ### 4. A really helpful add on for code quality check

**Rating:** 4.5/5.0 stars

**Reviewed by:** Bipul H. | CP Lead | CodeChef CGC Chapter, Mid-Market (51-1000 emp.)

**Reviewed Date:** March 01, 2022

**What do you like best about SonarQube?**

It is beneficial to check for any quality issue while writing code for any project. It can instantly find any quality issue and will highlight it where you either can fix it yourself or through the quick fix button, which it provides inbuilt. It currently supports HTML, JavaScript, Python, TypeScript, PHP, and Java. I like its feature to describe any quality issue it detects where you can read the vulnerabilities and their correction.

**What do you dislike about SonarQube?**

Even though it is very instant to parse and find quality issues, but there is still room to improve. As for some cases where it detects any vulnerabilities or quality issues, the description it provides is not quite well explained to understand the reason.

**What problems is SonarQube solving and how is that benefiting you?**

It helps me to maintain code quality while building any project, which makes it more professional and representable. I also use DeepSource for the same purpose, but it is not available as an extension in VSCode. It fills the much-needed gap.

  ### 5. SonarQube for checking code quality

**Rating:** 4.0/5.0 stars

**Reviewed by:** Tigran M. | Java Software Engineer, Small-Business (50 or fewer emp.)

**Reviewed Date:** July 20, 2022

**What do you like best about SonarQube?**

Sonarqube it's an open-source application, that you can run on your server and with that tool you can check your code quality, and fined which part is tested and which one is not

**What do you dislike about SonarQube?**

It's the first time it's hard to configure, you need some platform for deployment, ex Docker, wich need to run the sonarQube server and after that you can use it

**What problems is SonarQube solving and how is that benefiting you?**

It help developer to understand which part of their code is tested and which part is closed, it's need for checking the code quality, and can be use with some testing tools

  ### 6. Protects my application from vulnerable code and libs

**Rating:** 5.0/5.0 stars

**Reviewed by:** Sarath N. | Automation Manager, Enterprise (> 1000 emp.)

**Reviewed Date:** March 11, 2022

**What do you like best about SonarQube?**

Development perspective it 
1. checks the library that I am using whether it's outdated or it's vulnerable. 
2. Checks my code coverage if I go ace any code that does not have any tests to validate
3. Checks it my code smells (like unwanted statements, unused imports etc)
From testing perspective
4. Checks my code if that smells 
5. Checks and inform Jenkins dsl pipeline if that job is success or failed

**What do you dislike about SonarQube?**

Configuration to suppress some of the components should have been bit easier I.e kind of plug and play. In this way we should be able to manage what components that suits my app or test code needs

**What problems is SonarQube solving and how is that benefiting you?**

We where using Jenkins on a descriptive pipeline (CI) to run our automation suite and there is a restriction that we should run our suite only in docker slave container instead of master. Since we are calling a shell script in Jenkins which always sends 200 for job status even if some tests failed this is giving me false positive as the pipeline is always green actually it should be RED. When we integrate SonarQube inside our container we were able to distinguish the failed tests thereby failing the Jenkins job and provide a positive feedback with our tests. This helps us in delivering a quality product to Custer rather a defective one

  ### 7. Helps us in maintaining the coding standards and avoid security risk code

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.)

**Reviewed Date:** March 07, 2022

**What do you like best about SonarQube?**

The way it analyzes all the code written and provides the violations of standard coding helps us optimize the written code ensuring the minimal number of lines are written to cover the functionality effectively. It has a beautiful user interface where the violations are categorized into different groups ranging from minor to major and involve resolving the unnecessary complexity of the code.It also helps us in removing the duplicate code which has been used multiple times and maintaining the standards in methods.

**What do you dislike about SonarQube?**

At times I find the blocker during the times of emergency code deployment where it doesn't allow the code to be checked-in to the repository unless the violations are fixed, which should enable the user to bypass the number of lines that should be part of the written method. The build failure messages which is triggered to the group when the coding violation occurs

**What problems is SonarQube solving and how is that benefiting you?**

Code analysis and minimizing the violations of the code and ensure the complexity of the code is resolved and meets the industry standards and run the health report in every code check-in to the repository to ensure the coding violations are minimal, removal of duplicate methods or code and empty methods and ensure we have a plan in place with regards to the specified format.

  ### 8. Sonar Qube - great tool for code scan and quality

**Rating:** 4.5/5.0 stars

**Reviewed by:** Sourabh G. | Engineering Lead, Mid-Market (51-1000 emp.)

**Reviewed Date:** September 16, 2022

**What do you like best about SonarQube?**

It provides multiple options to track vulnerabilities, code coverage etc.

**What do you dislike about SonarQube?**

New next-gen better code scan tools are available in the market, and sonar has not been upgraded with new features for many years.

**What problems is SonarQube solving and how is that benefiting you?**

We use sonar qube to track coverage and run style check etc in pipelines, it helps in track us code quality.

  ### 9. Best tool to found code issues.

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** August 03, 2022

**What do you like best about SonarQube?**

Help to avoid some runtime error.
Helps to found some code  bugs,coverage, blockers, smell,etc
Easy to configure.

**What do you dislike about SonarQube?**

Take to long time to update the latest report

**What problems is SonarQube solving and how is that benefiting you?**

Helps to found some code  bugs,coverage, blockers, smell,etc.
Can implement with Jenkins too.
Code review is too easy

  ### 10. To Maintain Quality Of the Codebase

**Rating:** 5.0/5.0 stars

**Reviewed by:** Shubham P. | Software Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** October 21, 2021

**What do you like best about SonarQube?**

SonarQube is the real troubleshooter for a software developer. Sonarqube is really helpful to maintain the code quality of the code and also to maintain the code coverage. With the help of its preconfigured rules for specific languages, you will be able to write high-quality and bug-free code. It is also helping us with our project audits which clearly and loudly shows the audit people that we are indeed maintaining the project's code quality.

**What do you dislike about SonarQube?**

The biggest headache of the sonarQube is that if you are planning to use it for the code coverage purpose of your test cases, you have to configure a 3rd party plugin like JaCoCo in the case of Java which is an extra thing for configuration. The biggest headache of the sonarQube is that if you are planning to use it for the code coverage purpose of your test cases, you have to configure a 3rd party plugin like JaCoCo in the case of Java which is an extra thing for configuration. Once you write the code in java and expecting your sonarqube to show code coverage of your applications testcases you have to configure the plugin.

**Recommendations to others considering SonarQube:**

Yes I would definitely recommend this to use it to every developer infact I would say we don't have a better option than this. It will help you in learning code conventions, maintaining code quality and also code coverage.

**What problems is SonarQube solving and how is that benefiting you?**

Sonarqube is helpful to maintain the code quality of the code and also to maintain the code coverage. With the help of its preconfigured rules for specific languages, you will be able to write high-quality and bug-free code. About the benefits I would say it helped to maintain our project code quality to a topmost level with the help of Sonar developer can quickly identify their mistakes and correct it and also learn the coding standards to maintain the code conventions which is very good in the  case of the new learners/ beginners for the professionals of the specific language.

  ### 11. Elevate the quality of code with ease!

**Rating:** 4.5/5.0 stars

**Reviewed by:** Shreyans M. | Scrum Master, Mid-Market (51-1000 emp.)

**Reviewed Date:** January 30, 2022

**What do you like best about SonarQube?**

Runs complex static code analysis rules to help elevate the quality of code and promote a more clean, better secure, and optimized version of the code achieved ahead of the production release.

**What do you dislike about SonarQube?**

A good amount of time is required to integrate the Sonarqube in CI/CD Pipelines and may need even more time if the developer is relatively newer. The available guide should have more real-time solutions, so it is pretty quick to resolve issues and complete the integration.

**What problems is SonarQube solving and how is that benefiting you?**

This tool helps to catch unusual code vulnerabilities/bugs using various complex level analytics and ultimately help prevent a deteriorated version of the code from being introduced to the end-users. Overall it also helps to increase the velocity of the code by reducing the technical debt being piled up and generating a clean, maintainable, and optimized version of the code.

  ### 12. Very useful tool for getting code insights

**Rating:** 5.0/5.0 stars

**Reviewed by:** Kashyap J. | Senior Consultant, Enterprise (> 1000 emp.)

**Reviewed Date:** August 09, 2022

**What do you like best about SonarQube?**

Provides a very detailed analysis of code and also explains the issues and possible solutions to resolve them.

**What do you dislike about SonarQube?**

Slightly confusing to configure exclusions and multiple projects

**What problems is SonarQube solving and how is that benefiting you?**

It identifies problems in code even before its deployed and helps avoid code smells.

  ### 13. Best tools for Continuous PR reviewing and code checking.

**Rating:** 4.5/5.0 stars

**Reviewed by:** Akshata P. | Associate Technical Consultant , Enterprise (> 1000 emp.)

**Reviewed Date:** November 25, 2021

**What do you like best about SonarQube?**

It provides reasons as to why a particular code is marked for review.
Issues generated can be assigned in bulk to a user in GitHub and tracked accordingly.
Thus making it the best tool for code quality.

**What do you dislike about SonarQube?**

Sonarlint is a minor tool used by sonarqube that runs in background could be in sync with the vscode(other similar IDE) - Most awaited feature.
If this feaure is implemented then there won't be hassle to switch between IDE and Sonarqube server.

**Recommendations to others considering SonarQube:**

Best to consider this tool only if the size of your team is above 10. For groups below 10, it is recommended to use the community version or integrate Sonarlint with IDE(free to use).
It is recommended to be used by the team lead esp for the management of technical debts and security concerns.

**What problems is SonarQube solving and how is that benefiting you?**

Below is the list of problems that we previously faced and are solved by Sonarqube:
1. Code reviews - (along with creation/assigning of issues)
2. Security issues - (With resolution)
3. Technical Debt calculator

  ### 14. Nice tool to get your Code and Coding skills right!!

**Rating:** 5.0/5.0 stars

**Reviewed by:** Piyushkumar R. | Senior Test Automation Engineer, Enterprise (> 1000 emp.)

**Reviewed Date:** March 27, 2022

**What do you like best about SonarQube?**

Sonar Qube provides suggestions on Coding standard violations and helps us to improve the Code quality. It categorizes coding issues while compiling code in  Major, Minor, Critical etc so we can fix it and improve. It also provides us to track and assign issues. I improved my coding skills somewhat using this tool's suggestion.

**What do you dislike about SonarQube?**

Sometimes we get warnings for legitimate issues but that is fine as this tool provides suppress issue functionality.

**What problems is SonarQube solving and how is that benefiting you?**

Improved Coding standard and code quality. Make code efficient. remove redundant code.

  ### 15. SonarQube: Great tool for Code Quality

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.)

**Reviewed Date:** January 17, 2022

**What do you like best about SonarQube?**

1. Open SOurce tool for code quality check
2. Easy to install on various OS and can be used as a Docker container
3. Supports multiple common programming languages 
4. Easy to implement in CI pipelines

**What do you dislike about SonarQube?**

1. Requires to self-host for the community version
2. PDF report generation available only in the enterprise version
3. UI is very outdated in comparison to other tools in the market
4. IaC scanning is missing in the community version

**What problems is SonarQube solving and how is that benefiting you?**

We were looking for a tool to check the Code Quality which we can add to our CI pipelines. Now we are using SonarQube and getting the reports on the dashboard after every code commot.

  ### 16. An ok static analyzer

**Rating:** 4.0/5.0 stars

**Reviewed by:** Olafur B. | Enterprise Architect, Mid-Market (51-1000 emp.)

**Reviewed Date:** January 07, 2022

**What do you like best about SonarQube?**

Sonarqube shows us how well programmers are adhering to the rules of code and does that admirably. Also, it does show CWEs, unnecessary code duplication, and code smells, which is a great addition.

**What do you dislike about SonarQube?**

This tool is not in the same league as Synopsis Coverity as it does not analyze the code for a potential null pointer or buffer overflow errors in the execution tree.  Additionally, it does not detect any threading race conditions like Coverity.

**What problems is SonarQube solving and how is that benefiting you?**

Best practices in coding, style adherence, flag CWEs, reduce duplications of code, on all levels, java, c++.

  ### 17. Best Tool For Code Testing

**Rating:** 5.0/5.0 stars

**Reviewed by:** Taimoor A. | SQA Automation Engineer, Small-Business (50 or fewer emp.)

**Reviewed Date:** November 18, 2021

**What do you like best about SonarQube?**

SonarQube gives the platform for QA to test the quality of code. SonarQube accepts many languages for testing the code. It generates the testing code report and shows all the loopholes in the code.

**What do you dislike about SonarQube?**

There is nothing to say major bug in SonarQube, but one thing is that when we integrate SonarQube to Jenkins, it's complicated to combine both because it's not a localhost URL. We must provide an instance IP address.

**What problems is SonarQube solving and how is that benefiting you?**

I'm a QA, I will test UI and functionality for any software, but when we try to code, it's challenging; SonarQube provides the best way to test the code and find the bugs on any software code.

  ### 18. Thorough and detailed static code analysis

**Rating:** 4.0/5.0 stars

**Reviewed by:** Jared B. | DevOps Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** November 03, 2021

**What do you like best about SonarQube?**

SonarCloud has a deep and thorough ability to analyze any codebase. The display of code smells and coverage issues is detailed and shows a line-by-line analysis of a project.

**What do you dislike about SonarQube?**

Setup takes a bit of work. It took a while to integrate into our CI/CD workflows.

**What problems is SonarQube solving and how is that benefiting you?**

Static code analysis and code coverage checks. We have been able to optimize and improve our code quality with SonarCloud.

  ### 19. SonarCloud

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Automotive | Mid-Market (51-1000 emp.)

**Reviewed Date:** May 12, 2022

**What do you like best about SonarQube?**

Helps detect bugs, vulnerability, code language and duplicate lints.

**What do you dislike about SonarQube?**

It does not detect the comment sections very well.

**What problems is SonarQube solving and how is that benefiting you?**

All PR to branches triggers the webhook to sonar cloud as our first check/testing to make sure the code is in a good state to proceed.

  ### 20. Code Analysis by Sonar

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Banking | Enterprise (> 1000 emp.)

**Reviewed Date:** September 08, 2021

**What do you like best about SonarQube?**

Scanning the source code is a basic requirement to identify the gaps. Sonar does it very efficiently and also you can create your own custom rules and quality gates. It provides you all the info about code coverage, bugs, reliability , vulnerability, code smells etc that you can fix and make sure a issue free code delivery. It has good ui for the reports to analyze and can send automated notifications to subscribers on each scans. It also can be easily integrated with CI pipeline to make it more effective and improve the over code quality

**What do you dislike about SonarQube?**

Setup of project to scan the codes and cost issues due to branching - it used to consider each branch code as a separate repo which was fixed in one of the recent release so the only issue is cost

**What problems is SonarQube solving and how is that benefiting you?**

Scanning code as part of CI pipeline in an automated way and send notification to stakeholders. Since we use multiple technologies we needed something that can support across tech stack and in an automated manner

  ### 21. One of the most helpful tool to get the Perfect code coverage and improving coding standards

**Rating:** 5.0/5.0 stars

**Reviewed by:** Debnita G. | Associate Consultant, Enterprise (> 1000 emp.)

**Reviewed Date:** September 09, 2021

**What do you like best about SonarQube?**

The best thing is the code smell detected by the sonarqube and it also indicates if there is any code vulnerability.

**What do you dislike about SonarQube?**

It would be good if there is any way to download the report and share it with teams.

**Recommendations to others considering SonarQube:**

This is the best tool to check the Test case coverage and detect any security hole/ code smell in the application. The suggestions given by the sonarqube highly help to increase the coding standard.

**What problems is SonarQube solving and how is that benefiting you?**

We look at the test case coverage and try to increase the coding standard with the help of Sonarqube.

  ### 22. Comlex to integrate with cloud applications

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Information Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** March 25, 2022

**What do you like best about SonarQube?**

Detailed report about the vulnerabilities and clear indication with expected time it will take to resolve the issues

**What do you dislike about SonarQube?**

Complex integration with cloud applications and IDE's plugins

**What problems is SonarQube solving and how is that benefiting you?**

Code coverage and vulnerabilities in code

  ### 23. SonarQube - Perfect tool to enhance code quality

**Rating:** 5.0/5.0 stars

**Reviewed by:** Riddhi G. | Sr software engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** September 29, 2021

**What do you like best about SonarQube?**

SonarQube offers the best functionality to manage your code quality by making it bug-free, in results it improves code security as well

**What do you dislike about SonarQube?**

As SonarQube shows perfect errors in code with line number as well there is nothing missing or about dislike in it.

**What problems is SonarQube solving and how is that benefiting you?**

We can improve code quality, we can make it bug free

  ### 24. SonarQube - The go to static code analysis tool

**Rating:** 4.0/5.0 stars

**Reviewed by:** Prathamesh S. | Software Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** September 18, 2020

**What do you like best about SonarQube?**

The ability to run my scans against a default set of code rules (in the free version) or to run it against an organisation wide set of rules (paid versions).

Sonarqube also provides a plugin for IntelliJ which makes it very easy for me to run the static code analysis straight out of my IDE as soon as I make the changes. 

The integration with Jenkins also is one of the biggest benefits. Makes the whole process smooth and the ability to add the concept of tollgate makes it a great feature for enterprise applications.

**What do you dislike about SonarQube?**

Setup can be a bit challenging, considering the latest version requires Java 11 and we had a challenging time setting up the system due to various issues faced with other components not being compatible with Java 11.

**What problems is SonarQube solving and how is that benefiting you?**

Code Quality Metrics, Static code analysis and bad coding practice detection.

  ### 25. My opinion about SonarQube

**Rating:** 4.5/5.0 stars

**Reviewed by:** Cha Y. | Technical Support Engineer 1 (I5), Mid-Market (51-1000 emp.)

**Reviewed Date:** August 12, 2020

**What do you like best about SonarQube?**

What I like the most about this program is that it performs a very high-quality analysis of the source code, and this makes the code much more reliable, and also reduces potential errors in the projects that are carried out.
Another thing that I really like is the ability to support different languages, and to that is added the use of characters such as C, C ++, Python and many others.
It is quite adaptable to the needs that are required in terms of quality adjustments, and allows to generate checks and projects that respond effectively to what is required.

**What do you dislike about SonarQube?**

One of the things I dislike about this tool is that it takes a great deal of effort to get everything up and running. Additionally, you need to balance quantity and quality in order to produce low-quality code that is functional.
Likewise, a mechanism that evidences the real quality in the mutation tests is not shown, although numbers appear, these can be modified.

**Recommendations to others considering SonarQube:**

It is important when using this tool, take into account that not all IDE codes can be used in SonarQube, so you have to be aware when selecting them. Similarly, the security terms of the code must be taken into account, these could be better.

**What problems is SonarQube solving and how is that benefiting you?**

With the help of this program I identify technical problems in the codes I generate, in this way I avoid or reduce vulnerability factors, and in turn reduce errors in the codes.
One of the benefits that seem most outstanding to me is the ability of the tool to track the origin of errors in the codes. Also, the ability to adapt to user specifications, which allows greater customization in projects.
With the help of this program I identify technical problems in the codes that it generated, in this way I avoid or reduce vulnerability factors, and in turn reduce errors in the codes.
One of the benefits that seem most outstanding to me is the ability of the tool to track the origin of errors in the codes. Also, the ability to adapt to user specifications, which allows greater customization in projects.

  ### 26. Great solution, lousy licensing

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Human Resources | Enterprise (> 1000 emp.)

**Reviewed Date:** September 19, 2020

**What do you like best about SonarQube?**

Continuous code inspection has a great deal of benefits, from increasing team velocity through first pass code reviews, to reduced maintenance costs. My favorite feature of SonarQube, however, is the IDE integration between SonarQube (server-side) and SonarLint (client-side). By allowing rules / qualify profiles to be centralized, we are able to essentially have a spell-checker for our code, while it is in active development, helping to shift feedback about as far left as it can get.

**What do you dislike about SonarQube?**

The pricing model is prohibitive as many critical features are found only in higher tiered versions of the application. One in particular is high-availability. Any corporation making SonarQube a part of their delivery pipeline essentially is required to get the highest tiered version of the application to have HA capabilities and boy will it cost you.

**What problems is SonarQube solving and how is that benefiting you?**

Reduced code review times. Improved readability and maintainability. Helps to educate junior developers with explanation of the violations and examples for how to be in compliance.

  ### 27. Code review and Quality check

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** August 20, 2021

**What do you like best about SonarQube?**

Detects the vulnerabilities, smell checks

**What do you dislike about SonarQube?**

Some repositories manual instructions are not to the point

**What problems is SonarQube solving and how is that benefiting you?**

Checks with Reliability, Security,Maintainability and coverage

  ### 28. Really about the Cloud.

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Medical Devices | Small-Business (50 or fewer emp.)

**Reviewed Date:** November 11, 2020

**What do you like best about SonarQube?**

It's super easy to connect to your organization and get started.
Allows for the flexibility of authentication to use GitHub or other authentication mechanisms. 
You can choose to do all of your repos or just select ones.
Has more advanced features that you can integrate with as you gain experience with (and clean up your house) such as using it as a pass/fail during pull or merges, checking for code coverage etc.

**What do you dislike about SonarQube?**

Some of the navigation is a bit confusing and they could still improve how branches are handled and make it simpler to use in that regard.

**What problems is SonarQube solving and how is that benefiting you?**

Showing security compliance with OWAP top 25, Code coverage, Code complexity. Allows us to focus in on trouble spots in our code.

  ### 29. A must tool for  the code quality i.e. Sonarqube

**Rating:** 5.0/5.0 stars

**Reviewed by:** Thati S. | Senior Devops engineer, Enterprise (> 1000 emp.)

**Reviewed Date:** November 29, 2019

**What do you like best about SonarQube?**

These are the below points i love to use it
1)  Sonarqube integration to the continuous integration   pipelines 
2) Graphical viewing & lists the detail description of code  bugs, Vulnerability, code smells & time taken to solve the code smells, detecting the duplicate lines &  Code coverage
3) integrating the unit test cases to the existing pipelines & reflecting the same in the sonarqube dashboard
4) We have approx 26 tools in the market compare to all i feel like sonarqube is having the most number of pros.
5)  In terms of the security features i could see it holds the number one in the market.
6) Integrating the fortifyscan with the sonarqube gives the best result in terms of the security.
7)For the developer it gives the detail description were exactly the code is lacking as per the market standards

**What do you dislike about SonarQube?**

The only dislike i have is
When ever developer writes any code they use to have habit to use the #(comment)ing the lines if necessary but sometimes sonarqube will detect those are errors,

**Recommendations to others considering SonarQube:**

Folks, As i said there are 26 tools in approx there in the market w.r.t code quality  compare to all the other tools were in terms of dashboard, Security, Easiness, Comfort, depicting the change & etc will be observed in the sonarqube, So i strongly recommend this tool for the business needs to get the quality work

Finally i can say if you want quality &  security then sonar qube is the best tool in the market

**What problems is SonarQube solving and how is that benefiting you?**

As discussed in the likes especially i like the way it differentiate the code smells, code bugs, vulnerabilities, Time taken to solve the vulnerabilities, Duplicate lines & code coverage

  ### 30. Very concise analytics tool with good visualization design choices.

**Rating:** 4.5/5.0 stars

**Reviewed by:** Mansi J. | Enterprise (> 1000 emp.)

**Reviewed Date:** July 27, 2020

**What do you like best about SonarQube?**

Code smell detection and quality checks! Great feature for bugs and errors as well as integration with Jenkins.

**What do you dislike about SonarQube?**

It would be nice to have suggestions from team members to the code smells and assign other people to take care of certain bugs/issues

**Recommendations to others considering SonarQube:**

Keep checking your code for this!

**What problems is SonarQube solving and how is that benefiting you?**

Have a more robust test suite.

  ### 31. Great for quality check of software

**Rating:** 5.0/5.0 stars

**Reviewed by:** Mansi S. | Software Engineer, Enterprise (> 1000 emp.)

**Reviewed Date:** March 07, 2020

**What do you like best about SonarQube?**

Sonarqube is used for quality check for the software which is under development . I have found so many bugs , vulnerabilities and code smells using sonarqube and then after I minimized them which improved my code quality. SonarQube is very good.

**What do you dislike about SonarQube?**

Initial setup for the Sonar Qube is very irritating and troublesome . I got hanged so many times in its setup.

**What problems is SonarQube solving and how is that benefiting you?**

I have used sonar Qube in many projects of my company. I have minimized so many bugs , vulnerabilities and code smells by finding them using Sonar Qube.  It helps me for quality check and refactoring of my code.

  ### 32. Nice tool for static code analysis

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** August 31, 2020

**What do you like best about SonarQube?**

It is really time saving to complete the development by using Sonar Qube as it will do the static code analysis at initial development phase itself

**What do you dislike about SonarQube?**

I've used it along with VS Code editor and it seems to be working fine.

**What problems is SonarQube solving and how is that benefiting you?**

Mainly the problems related to static code analysis.

  ### 33. The only tool that stands talls in Code Quality Management 

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Logistics and Supply Chain | Enterprise (> 1000 emp.)

**Reviewed Date:** May 08, 2019

**What do you like best about SonarQube?**

1. Wide range of Code Metrics
2. Customizations on Quality Profiles / Gates, Rules
3. Great Auditing and Trending capabilities
4. Good number of languages covered in OSS version
 

**What do you dislike about SonarQube?**

1. Lot of features being shifted across OSS and Paid versions creates a great confusion in terms of version upgrades. For instance branch / Portfolio version was introduced in OSS 6.7.4 and then moved to Enterprise version in later releases.
2. Need a clear path for the features that would be provided in OSS vs Enterprise variations.
3. Need better alignment with the new generation Code Configuration tools like GIT.
4. Portfolio management capabilities pivot data always around "master" branch.  Tool should be flexible to aggregate data around any branch of development.
5. More fine grained Access Control.
6. Leak period feature is a little confusing to understand

**Recommendations to others considering SonarQube:**

Invest to integrated Static scans in your DevOps lifecycle are minimal while the Benefits achieved are multifold.

**What problems is SonarQube solving and how is that benefiting you?**

Static Code Quality Scans
Code Coverage checks
Quality Gating
Code Quality Monitoring / Dashboarding  

  ### 34. SonarQube Implementation 

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Banking | Enterprise (> 1000 emp.)

**Reviewed Date:** September 11, 2019

**What do you like best about SonarQube?**

Code Quality , Code Coverage, code scan and code vulnerabilities 

**What do you dislike about SonarQube?**

Integration with testing tools like UTF doesn't cover all the functionalities like a Standalone Sonar. 

**Recommendations to others considering SonarQube:**

Integrates greatly with CI server like Cloudbees and Jenkins along with version control and testing tool like UFT.

**What problems is SonarQube solving and how is that benefiting you?**

Implementing SonarQube to figure out the quality gate, code coverage, code scan and code vulnerabilities.

  ### 35. Code quality and scanning 

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Banking | Enterprise (> 1000 emp.)

**Reviewed Date:** September 16, 2019

**What do you like best about SonarQube?**

Quality gate 
Code scanning 
Code coverage 

**What do you dislike about SonarQube?**

Integration with quality control testing tools.

**What problems is SonarQube solving and how is that benefiting you?**

We have successfully implemented Sonar with code scanning , code coverage and finding out the code quality and vulnerabilities associated with the source code.

  ### 36. SonarQube Review

**Rating:** 4.5/5.0 stars

**Reviewed by:** Gurleen S. | Technology Analyst, Information Technology and Services, Enterprise (> 1000 emp.)

**Reviewed Date:** July 09, 2018

**What do you like best about SonarQube?**

SonarQube is one of the most easy to use DevOps tool which provided insights into the code being build by the developers and helps in measuring the quality of deliverable.
SonarQube provides different metrics for reporting such as bugs, vulnerabilities, code smells, etc. which help lower the technical debt.
SonarQube integrated with various tools in DevOps pipeline such as Jenkins, TeamCity and provides the output in a separate tab / url which reviewers can make use off to determine whether code artifact can be released into market or quality has to be improved.

**What do you dislike about SonarQube?**

I have not come up with something I dislike about SonarQube since it takes care of our daily code quality needs.

**Recommendations to others considering SonarQube:**

I would strongly recommend SonarQube since it's very easy to setup, configure and provides us quality deliverable by finding out the quality issues in the code.
SonarQube provides report as well in the form of PDF so that management can have a look at it and analyse the areas where they want their team to focus more.

**What problems is SonarQube solving and how is that benefiting you?**

We have release a quality artifact by making use of SonarQube's in built functionalities which helps developers code in right way, using right code semantics and paying attention to resolving any bugs, hard coded references, etc.
We are making use of SonarQube quality gates feature to determine whether to go ahead with the build or not depending upon certain percentages or threshold which are set up.

  ### 37. Assures Quality

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Airlines/Aviation | Enterprise (> 1000 emp.)

**Reviewed Date:** January 28, 2019

**What do you like best about SonarQube?**

Analysis deeply and makes suggestions to catch best practices.

**What do you dislike about SonarQube?**

Reporting over tags or even all projects are not enough

**What problems is SonarQube solving and how is that benefiting you?**

Quality assurance over the different teams and fit a standard all over the company.

  ### 38. Code quality tool

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** January 01, 2019

**What do you like best about SonarQube?**

This is best code quality tool for both static code analysis and code coverage. It's easy to configure. It supports a bunch of languages like java, groovy, c , php etc. 

**What do you dislike about SonarQube?**

There is noting to dislike in sonarqube. 

**What problems is SonarQube solving and how is that benefiting you?**

Used it in applications for code quality and coverage. It runs on a server so anyone can easily see code coverage. 

  ### 39. Used for maintaining your code quality

**Rating:** 3.5/5.0 stars

**Reviewed by:** Tushar B. | Software Engineer, Enterprise (> 1000 emp.)

**Reviewed Date:** April 15, 2018

**What do you like best about SonarQube?**

I really like the UI and how easy it is to navigate to the right set of granularity for each project. It has good set of testing support also including Junit tests and integration tests. It is better than using just findbugs. It has really helped me find critical issues in my code that I was unable to.

**What do you dislike about SonarQube?**

It is difficult to configure for the first time. I and my team took a lot of time for configuring it specific to our project. Some plugins don't work out of the box and need code configuration.

**Recommendations to others considering SonarQube:**

It is a good tool out of the box with a lot of features like code coverage, testing, code health and much more. Definitely a must try!

**What problems is SonarQube solving and how is that benefiting you?**

We are using in our team to check the health of our code and test coverage.

  ### 40. Ensuring Quality

**Rating:** 5.0/5.0 stars

**Reviewed by:** Juan Carlos R. | Agile Coach aka Scrum Master, Mid-Market (51-1000 emp.)

**Reviewed Date:** April 10, 2018

**What do you like best about SonarQube?**

In the programming world, quality is always a subjective and hard to measure aspect, Sonarqube is the tool we use to ensure code quality through code analysis for each project we are working on.

**What do you dislike about SonarQube?**

So far nothing has stood out that I don't like.

**What problems is SonarQube solving and how is that benefiting you?**

In the programming world, quality is always a subjective and hard to measure aspect, Sonarqube helps us with a number associated to code covered by tests and three grades on our code quality for each project.

  ### 41. Cover your code using Sonar

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** November 01, 2017

**What do you like best about SonarQube?**

Code coverage, Adding templates of custom rule sets, existing rule sets, check the code quality, apply different solutions to adhere to the code quality and rectify the code quality violations and secure coding is very important aspect and very essential for gaining client trust. code coverage and unit test report is generated. Very well used in Continuous Integration.

**What do you dislike about SonarQube?**

Nothing as such. As per my usage knowledge, I have no dislikes with respect to SonarQube. Sonar qube is best used in all of the code coverage purpose and finding code quality. Improving the code quality is very important for client.

**Recommendations to others considering SonarQube:**

Yes, I would like to recommend to every developer and project to track and enhance the code quality and this facilitates code reviews.

**What problems is SonarQube solving and how is that benefiting you?**

Banking applications, Development and maintenance. Code coverage and code quality checks and report generation. 

  ### 42. Sonar Qube Review

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** November 07, 2017

**What do you like best about SonarQube?**

Freedom to implement different type of analyses and the ability to quite quickly get some results. Its quite clear that the tool is going in the rigth direction and have the support from the community to carry on.

**What do you dislike about SonarQube?**

Requires some technical knowledge to deploy it and then analyse some results. If there is any way to automate a few steps and provide some basic help that with a few clicks people can see results it coud push it to another level.

**Recommendations to others considering SonarQube:**

Really try it! I become a fan!

**What problems is SonarQube solving and how is that benefiting you?**

Monitoring of development code regarding some quality rules and best practices. 
Some basic errors made by junior resources were identified and fixed even before going fwd for future 'copy-paste'. 

  ### 43. SonarQube issues/benefits

**Rating:** 2.5/5.0 stars

**Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.)

**Reviewed Date:** January 25, 2018

**What do you like best about SonarQube?**

Data visualization. Did a good job of using graphs and charts to better understand code quality 

**What do you dislike about SonarQube?**

Recognizing code coverage. Speed. Recognizing accurate code issues sometimes poor. 

**What problems is SonarQube solving and how is that benefiting you?**

Trying to improve code coverage and software quality. 

  ### 44. Good product for coding standards enforcement

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.)

**Reviewed Date:** October 11, 2017

**What do you like best about SonarQube?**

Several pre defined coding standards , IDE support, Free community edition

**What do you dislike about SonarQube?**

Too much noise. No easy way to ignore all existing issues with several release mode projects. Licensed versions too costly
Takes long time to run rules
IDE support - cannot run analysis at package level

**What problems is SonarQube solving and how is that benefiting you?**

Enforce coding standards

  ### 45. Top Quality Code Quality Dashboard

**Rating:** 5.0/5.0 stars

**Reviewed by:** Shahram J. | Senior Java Backend Developer, Enterprise (> 1000 emp.)

**Reviewed Date:** October 06, 2017

**What do you like best about SonarQube?**

All valuable software metrics could be found packed in this nice piece of software.

**What do you dislike about SonarQube?**

I am so impressed by this software that can't see any downside in it.

**What problems is SonarQube solving and how is that benefiting you?**

Keeping an eye on the quality of software being developed like cohesion and technical debt.

  ### 46. Quality Gates and code coverage tool

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Internet | Mid-Market (51-1000 emp.)

**Reviewed Date:** January 23, 2018

**What do you like best about SonarQube?**

Real time tracking of unit tests and code coverage

**What do you dislike about SonarQube?**

Nothing much, serves our purpose. UI is intuitive, so nothing I can think of. 

**Recommendations to others considering SonarQube:**

I would recommend everyone to try this software if you are evaluating tools for code coverage analysis 

**What problems is SonarQube solving and how is that benefiting you?**

Unit test
Code coverage by unit tests
Quality gates for CI/CD implementation

  ### 47. Amazing Tool

**Rating:** 5.0/5.0 stars

**Reviewed by:** Pranavi B. | DevOps Engineer, Information Technology and Services, Enterprise (> 1000 emp.)

**Reviewed Date:** October 27, 2017

**What do you like best about SonarQube?**

The best thing i like in SonarQube is - it not only helps to find bugs, it also provides solution to fix the bugs.

**What do you dislike about SonarQube?**

Nothing specific. I don`t have any anything.

**What problems is SonarQube solving and how is that benefiting you?**

Checking code quality, detect bugs and finding duplicate code

  ### 48. Salesforce Development Team using SonarQube

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.)

**Reviewed Date:** November 06, 2017

**What do you like best about SonarQube?**

The ability to create stage gates and quality rules that tell me at a glance how many issues, and of what type, need to be addressed.

**What do you dislike about SonarQube?**

Integrations with Continuous Integration (CI) software requires workarounds, and there aren't many pre-built libraries to support them.

**What problems is SonarQube solving and how is that benefiting you?**

We can see at a glance whether the code is meeting quality standards, and can easily review and accept or schedule issues for remediation.

  ### 49. Best code review tool

**Rating:** 4.5/5.0 stars

**Reviewed by:** Sandeep J. | Specialist Master, Management Consulting, Enterprise (> 1000 emp.)

**Reviewed Date:** November 06, 2017

**What do you like best about SonarQube?**

Accurate output every time when you use the sonar cube

**What do you dislike about SonarQube?**

ease of use can be improved. There should be ability for user to add new rulesets. 

**What problems is SonarQube solving and how is that benefiting you?**

code review

  ### 50. Code Analytics Tool That Has Gotten Better with Age

**Rating:** 4.5/5.0 stars

**Reviewed by:** Samuel B. | Principal Consultant/Continuous Delivery and Containers Practices Lead, Information Technology and Services, Mid-Market (51-1000 emp.)

**Reviewed Date:** October 19, 2016

**What do you like best about SonarQube?**

Sonarqube is my one stop shop to find out the health of my code and the ability to integrate it with build tools and continuous integration ensures I'm always getting up to date information.  It can quickly help you highlight trouble (hot-spots) in your code base and has integration with JIRA so that you can create a ticket and make sure the work to fix it isn't lost.  Support for multiple projects with multiple configurations is also a huge plus because not all projects are the same.  Sonarqube has been my go-to code analytics tool for many years as a Java developer.

**What do you dislike about SonarQube?**

Initial set up when using build tools like Maven or Gradle can be a bit challenging if you're just learning but once you've got the set up correct you usually don't need to edit it much after that point.

**Recommendations to others considering SonarQube:**

I wouldn't hesitate to plug SonarQube into one of your current projects and see what metrics it can generate for you and if they are helpful.  I have a feeling that once you start to see what it can uncover that you'll use it more often than not to feel confident that your code is healthy and that your team is adhering to best practices for your company and the wider coding community.

**What problems is SonarQube solving and how is that benefiting you?**

I use SonarQube to ensure that my team and I are adhering to coding best practices defined as static rules and that we are maintaining good code coverage while not adding to technical debt.  Sonarqube makes it extremely simple to tweak what is/is not considered technical debt for your team and as mentioned, makes it easy to identify hot spots to remedy.  I use SonarQube as an early warning system that there may be some issues in the code that the team needs to address and the dashboard and drill down metrics make it easy to identify these issues.


## SonarQube Discussions
  - [What is the benefit of SonarQube?](https://www.g2.com/discussions/what-is-the-benefit-of-sonarqube)
  - [What are the main components of SonarQube platform?](https://www.g2.com/discussions/what-are-the-main-components-of-sonarqube-platform)
  - [What is SonarQube and its features?](https://www.g2.com/discussions/what-is-sonarqube-and-its-features)
  - [What is the best way to integrate a plugin for the code coverage?](https://www.g2.com/discussions/what-is-the-best-way-to-integrate-a-plugin-for-the-code-coverage) - 1 upvote
  - [test coverage](https://www.g2.com/discussions/31154-test-coverage) - 1 upvote

- [View SonarQube pricing details and edition comparison](https://www.g2.com/products/sonarqube/reviews?page=3&section=pricing&secure%5Bexpires_at%5D=2026-07-14+17%3A03%3A59+-0500&secure%5Bsession_id%5D=ccf572ff-5e3e-4aa0-924c-88aa6da839e9&secure%5Btoken%5D=b119c260240391616bcf66b29599aef7fad44ea162c1c85cc602a58123216406&format=llm_user)
## SonarQube Integrations
  - [Android Studio](https://www.g2.com/products/android-studio/reviews)
  - [Apache Maven](https://www.g2.com/products/apache-maven/reviews)
  - [Atlassian](https://www.g2.com/products/atlassian-2025-01-31/reviews)
  - [AWS CodeBuild](https://www.g2.com/products/aws-codebuild/reviews)
  - [AWS CodePipeline](https://www.g2.com/products/aws-codepipeline/reviews)
  - [AWS CodePipeline for CI/CD Automation](https://www.g2.com/products/aws-codepipeline-for-ci-cd-automation/reviews)
  - [Azure DevOps Server](https://www.g2.com/products/azure-devops-server/reviews)
  - [Azure Pipelines](https://www.g2.com/products/azure-pipelines/reviews)
  - [Backstage](https://www.g2.com/products/backstage/reviews)
  - [Bitbucket](https://www.g2.com/products/bitbucket/reviews)
  - [CircleCI](https://www.g2.com/products/circleci/reviews)
  - [Claude](https://www.g2.com/products/claude-2025-12-11/reviews)
  - [CloudBees](https://www.g2.com/products/cloudbees/reviews)
  - [Codemagic](https://www.g2.com/products/codemagic/reviews)
  - [Copado DevOps](https://www.g2.com/products/copado-devops/reviews)
  - [Cortex](https://www.g2.com/products/cortex-automation-inc-cortex/reviews)
  - [Cursor](https://www.g2.com/products/cursor/reviews)
  - [Datadog](https://www.g2.com/products/datadog/reviews)
  - [Devin AI](https://www.g2.com/products/devin-ai/reviews)
  - [Docker](https://www.g2.com/products/docker-inc-docker/reviews)
  - [Drata](https://www.g2.com/products/drata/reviews)
  - [DX](https://www.g2.com/products/dx-platform/reviews)
  - [Dynatrace](https://www.g2.com/products/dynatrace/reviews)
  - [Eclipse](https://www.g2.com/products/tph-global-eclipse/reviews)
  - [Gemini](https://www.g2.com/products/gemini-2021-11-09/reviews)
  - [GitHub](https://www.g2.com/products/github/reviews)
  - [GitLab](https://www.g2.com/products/gitlab/reviews)
  - [Google Cloud Console](https://www.g2.com/products/google-cloud-console/reviews)
  - [Google Cloud Tekton](https://www.g2.com/products/google-cloud-tekton/reviews)
  - [Gradle Build Tool](https://www.g2.com/products/gradle-build-tool/reviews)
  - [Harness](https://www.g2.com/products/harness-wealth-harness/reviews)
  - [IntelliJ IDEA](https://www.g2.com/products/intellij-idea/reviews)
  - [Jellyfish](https://www.g2.com/products/jellyfish-2018-10-15/reviews)
  - [Jenkins](https://www.g2.com/products/jenkins/reviews)
  - [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews)
  - [Jira](https://www.g2.com/products/jira/reviews)
  - [LinearB](https://www.g2.com/products/linearb/reviews)
  - [Microsoft Visual Studio App Center](https://www.g2.com/products/microsoft-microsoft-visual-studio-app-center/reviews)
  - [MuleSoft Anypoint Platform](https://www.g2.com/products/mulesoft-anypoint-platform/reviews)
  - [npm](https://www.g2.com/products/npm/reviews)
  - [Oobeya](https://www.g2.com/products/oobeya/reviews)
  - [Port](https://www.g2.com/products/port-port/reviews)
  - [PyCharm](https://www.g2.com/products/pycharm/reviews)
  - [Python](https://www.g2.com/products/python/reviews)
  - [ServiceNow DevOps](https://www.g2.com/products/servicenow-devops/reviews)
  - [Slack](https://www.g2.com/products/slack/reviews)
  - [Travis CI](https://www.g2.com/products/travis-ci/reviews)
  - [Visual Studio](https://www.g2.com/products/visual-studio/reviews)
  - [Visual Studio Code](https://www.g2.com/products/visual-studio-code/reviews)
  - [Zed](https://www.g2.com/products/zed-zed/reviews)

## SonarQube Features
**Administration**
- API / Integrations
- Extensibility

**Functionality**
- Repository Integration
- Analytics and Trends
- Productivity Updates

**Bug Reporting**
- User Reports & Feedback
- Tester Reports & Feedback
- Team Reports & Comments

**Functionality - Software Composition Analysis **
- Language Support
- Integration
- Transparency

**Documentation**
- Feedback
- Prioritization
- Remediation Suggestions

**Risk management - Application Security Posture Management (ASPM)**
- Vulnerability Management
- Compliance Management
- Policy Enforcement

**Functionality - Software Bill of Materials (SBOM)**
- Format Support
- Annotations
- Attestation

**AI Compliance**
- Regulatory Reporting
- Automated Compliance

**Agentic AI - Static Code Analysis**
- Adaptive Learning
- Natural Language Interaction
- Proactive Assistance

**Performance - AI AppSec Assistants**
- Remediation
- Real-time Vulnerability Detection
- Accuracy

**Analysis**
- Reporting and Analytics
- Issue Tracking
- Static Code Analysis
- Code Analysis

**Management**
- Data Context
- Testing Integration

**Bug Monitoring**
- Analytics
- Bug History
- Data Retention

**Effectiveness - Software Composition Analysis**
- Remediation Suggestions
- Continuous Monitoring
- Thorough Detection

**Security**
- False Positives
- Custom Compliance
- Agility

**Integration and efficiency - Application Security Posture Management (ASPM)**
- Integration with Development Tools

**Management - Software Bill of Materials (SBOM)**
- Monitoring
- Dashboards
- User Provisioning

**Risk Management & Monitoring**
- Real-time Monitoring

**Integration - AI AppSec Assistants**
- Stack Integration
- Workflow Integration
- Codebase Contextual Awareness

**Security**
- Data Security
- Data loss Prevention
- Security Auditing

**Testing**
- Command-Line Tools
- Manual Testing
- Test Automation
- Compliance Testing
- Black-Box Scanning
- Detection Rate
- False Positives

**Reporting and Analytics - Application Security Posture Management (ASPM)**
- Trend Analysis
- Risk Scoring
- Customizable Dashboards

**Agentic AI - Bug Tracking**
- Adaptive Learning
- Natural Language Interaction
- Proactive Assistance

**Identity**
- SSO
- Governance
- User Analytics

**Access Control and Security**
- Pole-based Access Control (RBAC)

**Agentic AI - Static Application Security Testing (SAST)**
- Autonomous Task Execution

**Agentic AI  - Application Security Posture Management (ASPM)**
- Autonomous Task Execution
- Multi-step Planning

**Agentic AI - AI Governance Tools**
- Autonomous Task Execution
- Multi-step Planning
- Cross-system Integration
- Adaptive Learning
- Natural Language Interaction
- Decision Making

## Top SonarQube Alternatives
  - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,312 reviews)
  - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (881 reviews)
  - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) - 3.8/5.0 (25 reviews)

