What is SonarQube?
SonarQube is the leading tool for continuously inspecting the Code Quality & Security of your codebases and guiding development teams during Code Reviews. Covering 27 programming languages, while pairing-up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues and ultimately deliver better and safer software. With over 170k deployments helping small development teams as well as global organizations, SonarQube provides the means for all teams and companies around the world to own and impact their Code Quality.
Company Details
Need Assistance?
We're here to help you with understanding our reports and the data inside to help you make decisions.
Get AssistanceSonarQube Ratings
Real user data aggregated to summarize the product performance and customer experience.
Download the entire Product Scorecard
to access more information on SonarQube.
Product scores listed below represent current data. This may be different from data contained in reports and awards, which express data as of their publication date.
90 Likeliness to Recommend
2
Since last award
100 Plan to Renew
83 Satisfaction of Cost Relative to Value
1
Since last award
Emotional Footprint Overview
Product scores listed below represent current data. This may be different from data contained in reports and awards, which express data as of their publication date.
+93 Net Emotional Footprint
The emotional sentiment held by end users of the software based on their experience with the vendor. Responses are captured on an eight-point scale.
How much do users love SonarQube?
Pros
- Respectful
- Transparent
- Caring
- Over Delivered
How to read the Emotional Footprint
The Net Emotional Footprint measures high-level user sentiment towards particular product offerings. It aggregates emotional response ratings for various dimensions of the vendor-client relationship and product effectiveness, creating a powerful indicator of overall user feeling toward the vendor and product.
While purchasing decisions shouldn't be based on emotion, it's valuable to know what kind of emotional response the vendor you're considering elicits from their users.
Footprint
Negative
Neutral
Positive
Feature Ratings
Vulnerability Scanning
SDLC Integration
Policy Engine and Enforcements
Static Application Security Testing (SAST)
Interactive Application Security Testing (IAST)
Dynamic Application Security Testing (DAST)
Risk Scoring
Mobile Application Security Testing
Container Security Testing
Integrated Development Environment (IDE) plug-in
Software Composition Analysis (SCA)
Vendor Capability Ratings
Ease of Data Integration
Business Value Created
Breadth of Features
Ease of Implementation
Ease of Customization
Ease of IT Administration
Quality of Features
Usability and Intuitiveness
Availability and Quality of Training
Vendor Support
Product Strategy and Rate of Improvement
SonarQube Reviews
Chiesa B.
- Role: Information Technology
- Industry: Insurance
- Involvement: End User of Application
Submitted Mar 2025
My preferred tool for code quality analysis .
Likeliness to Recommend
What differentiates SonarQube from other similar products?
I love and appreciate that Sonarqube integrates with the CI/CD ( continuous integration and continuous deployment ) infrastructure on Gitlab. This comes with a whole lot of benefit when developing software , including helping to comply with best coding standards and practices, it also helps with facilitating collaboration between developers and reviewers in the process of developing software. Of importance is the early detection of security risks within the development process, even before code is passed into the repository.
What is your favorite aspect of this product?
Among the main strength of Sonarqube is its support for different programming languages. This makes Sonarqube the unified tool to use for the purpose of analyzing code quality, regardless of the programming language in which the code was written.
What do you dislike most about this product?
In situations where we have tried to reuse legacy codebases, we have noticed that Sonarqube easily gets overwhelmed by the inherent technical debt and problems which are common on legacy codebases. Of importance, is its tendency to generate a lot of false positives when working on Legacy codes.
What recommendations would you give to someone considering this product?
As far as enterprise level code management is concerned , I think Sonarqube is the tool I recommend because of its rule based analysis and its support for a variety of programming languages. It is important though, that it is setup and customized properly.
Pros
- Reliable
- Performance Enhancing
- Enables Productivity
- Security Protects
Please tell us why you think this review should be flagged.
Jeemish M.
- Role: Information Technology
- Industry: Technology
- Involvement: IT Leader or Manager
Submitted Jul 2023
Enterprise scale SAST scans at zero cost !!
Likeliness to Recommend
What differentiates SonarQube from other similar products?
Ease of implementation and support for most common technology stacks like java, Js, .net, python, groovy, etc for SAST scans
What is your favorite aspect of this product?
Minimalistic UI and multiple technology stack support
What do you dislike most about this product?
Requires a lot of manual setup and configuration for maintenance
What recommendations would you give to someone considering this product?
Must have for implementing automated SAST scans at enterprise scale
Pros
- Helps Innovate
- Reliable
- Performance Enhancing
- Respectful
Please tell us why you think this review should be flagged.
Anurag S.
- Role: Information Technology
- Industry: Other
- Involvement: End User of Application
Submitted Apr 2026
Keep Your Code Clean with SonarQube
Likeliness to Recommend
What differentiates SonarQube from other similar products?
SonarQube is holistic and continuous it is you don't just run it once or rely on spotty manual reviews because it's intergation with my bulid pipeline or CI/CD,so issues are flagged early and automatically that's means you catch messy patterned or problems ins production which helps me like life saver when I working on large web apps with multiple teams.
What is your favorite aspect of this product?
My favorite that's how it's quietly keeps my codebase honest without getting in the way. I alsor appreciate how it's gives a big picture view of my code quality over time and I can actuallu see whether my codebase id improving, which areas are accumulating technical debt and where the team might need to focus that's why the reasons why I like to work with SonarQube.
What do you dislike most about this product?
When I working on larger web project I feel a bit heavy and slow and it's fast moving features or prototyping, running a full analysis can take longer than and it can interrupt my flow. One more issue that can be frustrating in setup and configuration.
What recommendations would you give to someone considering this product?
My recommendation is to be realistic about what it is and what is it isn't because it's not magic wand that instantly fixed your code or replace human reviews it's just a tool that give you insight don't expect too much and it's help maintain long term code quality than you will get the most value from it if ou treat as part of your workflows rather than extra task. I also advise you to spend time customizing it to our codebase.
Pros
- Helps Innovate
- Performance Enhancing
- Trustworthy
- Effective Service
Cons
- Less Friendly Negotiation
Please tell us why you think this review should be flagged.
Get Instant Access<br>to this Report
Get Instant Access
to this Report
Unlock your first report with just a business email. Register to access our entire library.
© 2026 SoftwareReviews.com. All rights reserved.
