# SonarQube Reviews 2026. Verified Reviews, Pros & Cons | Capterra > Is SonarQube the right Continuous Integration solution for you? Explore 66 verified user reviews from people in industries like yours to make a confident choice. Source: https://www.capterra.com/p/210481/SonarQube/reviews --- SonarQube 4.5 (66) [View alternatives](https://www.capterra.com/p/210481/SonarQube/alternatives/) Provider data verified by our Software Research team, and reviews moderated by our Reviews Verification team. [Learn more](https://www.capterra.com/our-story/) * * * Last updated March 13th, 2026 # Reviews of SonarQube Ease of use 4.2 Customer Service 4.0 ## Pros and Cons in Reviews AC Allyson C Senior Staff EngineerComputer Software, 51 - 200 employeesUsed the software for: 6-12 months. “Recently, while working on a project, it flagged potential code smells, helping me enhance code quality preemptively.“ May 23, 2024 Daniel S Director of Research and DevelopmentHealth, Wellness and Fitness, 11 - 50 employeesUsed the software for: More than 2 years. “For example, if there are many commands in a Dockerfile, it will ensure that commands are merged together (but not necessarily correctly), which causes the dev to break the commands apart again. And the loop goes on until it is silenced.“ April 3, 2026 MP Michal P Software EngineerAccounting, 501 - 1,000 employeesUsed the software for: 1-2 years. “SonarQube is good at enforcing minimum code coverage on PRs“ February 28, 2025 ZR Zach R CEO OWnerComputer & Network Security, 11 - 50 employeesUsed the software for: 1-2 years. “It took them 2 months to resolve my request and they continued billing my card when the account was 100% not in use and I had no access to it. “ February 13, 2025 YM Yusmeidy M Java DeveloperTelecommunications, 1,001 - 5,000 employeesUsed the software for: More than 2 years. “Combining all this benefits leads to a consistent and reliable coding behavior.“ May 14, 2024 Yegor L ConsultantInformation Technology and Services, 1,001 - 5,000 employeesUsed the software for: Less than 6 months. “SonarQube may produce false positives, as with any static analysis tool.“ April 28, 2024 YM Yusmeidy M Java DeveloperTelecommunications, 1,001 - 5,000 employeesUsed the software for: More than 2 years. “It makes it easy to collaborate with other features to generate clean codes.“ May 14, 2024 Naresh B Software EngineerInformation Technology and Services, 201 - 500 employeesUsed the software for: 6-12 months. “It is a bit difficult to integrate with existing services and the quality checks may also conflict with other integrations.“ March 30, 2024 ## Showing most helpful reviews Showing 1-25 of 66 Reviews Sort by: Most Helpful Rating Company Size Reviewer's Role Length of Use Frequency of Use Sachin S. DevOps Engineer Computer Software Used the software for: 6-12 months ### "Code Analysis and ensuing security against threats" May 23, 2022 5.0 Overall experience with Sonarqube is pretty wholesome integration came handy with my CI/CD tools such as Azure Devops and Jenkins. Provides insights against vulnerabilities and common threats so that necessary actions can be taken by developers to ensure the security and good coding practices to follow. Features like PR decoration allows to get results in CI/CD tools itself if passed then only commit happens to master branch. Pros Feature like Code Analysis and publishing those analysis report to end user. You can use default Quality Gates and Quality Profiles for scanning of your code. In case you want to modify these you can do that and define your own rule. Whenever there's commit in repo you just need to configure the task in your continuous integration pipeline if it passed the parameter only then commit will happens the master/main branch otherwise it will not. With these features you can eliminate the security threats and ensure that developers are following good practices while developing their code. I have integrated it with Azure DevOps. Cons Only thing which I can think can be improved is logging of events. Sometime it becomes hard to debug the issues. Other then that, I think over all this fulfills all the requirements. Review Source VR Verified Reviewer Undergraduate Student Higher Education Used the software for: 6-12 months ### "SonarQube is Great for Developers! " December 23, 2022 5.0 We could identify many code related issues that are presented in our code and improve the quality of the application that we are developing. As a overall, SonarQube tool is able to add a value to our applications. Pros It is simple for developers to recognize their code smells, unused lines of code, errors, problems with the third-party libraries they are using, etc. information and the precise location of the issue. It also offers answers to those problems. As a result, figuring out the problems and fixing them is simple. This will be a terrific tool for developers. Except that, we can introduce our own rules for checking the code quality. It could identify the code issues that are vulnerable to cyber attacks such as XSS, SQL Injection, etc. Cons It was difficult to use the SonarQube on-premise application. Once we pushed a new code section, the server needed to restart in order for the application to work. Alternatives considered [GitGuardian](https://www.capterra.com/p/186913/GitGuardian/) Reason for choosing SonarQube Higher number of facilities are available in SonarQube and suggesting the options for fixing the issues. Review Source VR Verified Reviewer Director of Research and Development Health, Wellness and Fitness Used the software for: 2+ years ### "Smooth experience for code reviewers" April 3, 2026 4.0 Overall, it's made our team much more consistent and efficient.PRs are a smoother process because the code smells are already fixed. Pros It makes our team consistent. For example, one of our devs was notorious for PRs with high cognitive complexity in their functions. Now, all we need to do in our azure pipelines is ensure that all sonarqube code smells are solved before they can merge their work to main. Cons Sometimes it can create a loop in code smells. For example, if there are many commands in a Dockerfile, it will ensure that commands are merged together (but not necessarily correctly), which causes the dev to break the commands apart again. And the loop goes on until it is silenced. Review Source ZR Zach R. CEO OWner Computer & Network Security Used the software for: 1-2 years ### "Never use SonarQube" February 13, 2025 1.0 This service is a complete scam. Let's start with how it ended. I canceled my account, only to find out that it did not actually cancel. So I contacted support. It took them 2 months to resolve my request and they continued billing my card when the account was 100% not in use and I had no access to it. Now they refuse to refund my money. This is after they increased the cost of my plan by 3x without my approval (which is what prompted me to want to leave). In order to try to reduce my cost, our engineering team attempted to discsonnect some unused repos... nope, not possible. NEVER use this service. You absolutely cannot trust them. It's unbelievable that their system cannot be canceled and yet somehow it's my fault and I continue to get billed while their support team takes weeks to respond. Pros There is nothing about this company that I would ever recommend. Cons Of all the terrible things about this service and company, it's their customer support that takes the cake! Review Source VR Verified Reviewer Software Engineer II A Information Technology and Services Used the software for: 1-2 years ### "Best Code Quality check Tool" August 25, 2022 5.0 We are really taking help of SonarQUbe in maintaining code quality. Doing code scanning on each JIRA story completion. It also helps our developers to improve their code quality. Coding standards are better now. Reports are very useful. Pros 1\. Calculate the quality of code and also helps to improve the quality by providing the solution 2. Highlight the vulnerabilities , repetitive line of code 3. Developer Friendly tool as it provides recommendations on the line of code which needs an improvement. 4. Create Scan reports on demand 5. Option to add exception in code Cons 1\. Report Generation sometime take long time. 2. User Interface should be enhanced. 3. Lack custom rule set 4. As per cost, it is little bit expensive. Alternatives considered [Embold](https://www.capterra.com/p/241514/Embold/)[Coverity](https://www.capterra.com/p/163552/Coverity-Static-Code-Analysis/)[CodeScan](https://www.capterra.com/p/204478/CodeScan/) Switched from [embold](https://www.capterra.com/p/175649/Gamma/)[Coverity](https://www.capterra.com/p/163552/Coverity-Static-Code-Analysis/) SOnarQube is better in terms of quality percentage, provide more insights. Review Source JK Jitae K. Sr. Devops Computer Software Used the software for: 2+ years ### "A powerful tool for code quality" September 30, 2025 5.0 Overall, SonarQube is very powerful tool to catch bugs and potential security issues in order to improve our code quality even though setting it up can be a little bit of challenges at the beginning. Also you can customize rules like we set up rules to match what our project needs based on project's use-cases Pros We've been SonarQube many years for catching bugs and integrated with Github. It does provide very clear reports showing how our code is doing in details and also what needs fixing. Cons As admin of SonarQube, setting up project and configure/integrating this to other app like TeamCity or AWS codebuild was bit tricky. I was struggling to set it up at the beginning and also UI is not really intuitive. Also we have to manage its server as well like upgrading! Review Source MP Michal P. Software Engineer Accounting Used the software for: 1-2 years ### "Perfect for detecting unit test coverage" February 28, 2025 4.0 Pros SonarQube is good at enforcing minimum code coverage on PRs Cons It is really difficult to run it locally, however once set up on github it runs well, and provides valuable insights on code coverage. Review Source KG Kreasan G. Jnr HR Business Partner Construction Used the software for: 2+ years ### "SonarQube delivers high code quality standards for every project " May 22, 2024 5.0 Vibrant customer service and interactive product demo. Their work is great and commendable. Pros For a while, I used the SonarQube product demo which is great and interactive giving the best experience. The dashboard is easy to use since it is designed with a lot of clarity and motivation. While in use, SonarQube can detect and help remove secrets in code but at the same time offering security against any breaches. Dealing with security vulnerabilities in codes is now made possible. Lastly, there are clear security reports in PDF form which helps us to evaluate the risks on our systems. Cons It meets our quality and security expectations. No setbacks. Review Source Flor C. Software Developer Computer Software Used the software for: 1-2 years ### "A free tool for source code analysis" April 10, 2023 5.0 It helped me to be able to do my job in improving the code, giving me possible solutions and saving me time. Pros What I find most useful in this software is the code analysis, which gives detailed reports of the errors found and then suggests possible solutions. This saves time in software development.In addition, their large community helps solve problems that arise along the way. Cons Sometimes the reports can give false positives, which requires that the personnel in charge of handling the software carefully review the results to avoid false positives. Review Source Mo F. Lead DevOps Engineer Legal Services Used the software for: 2+ years ### "Developer friendly SAST" December 7, 2022 4.0 Pros We really like the IDE tool called SonarLint which makes it easy for developers to integrate with most IDEs and lint their code even before committing it to the repos. Another advantage was that we were able to self host our own instance on our Kubernetes cluster and keep the versions based on the containers we specify to pull. Cons Other engines tend to scan the same code base faster. Not too much of a con since this is all automated. Alternatives considered [Snyk](https://www.capterra.com/p/172252/Snyk/) Review Source YM Yusmeidy M. Java Developer Telecommunications Used the software for: 2+ years ### "Well defined by consistency and high operability" May 14, 2024 4.0 Brings quality and professionalism in the final results. It is an impressive tool. Pros One of the outstanding values about SonarQube is the speed of analysis. It makes it easy to collaborate with other features to generate clean codes. I and my team had an easy time during deployment. It was quite easy to relate with our needs. Combining all this benefits leads to a consistent and reliable coding behavior. Cons Installation of the tool was troublesome. We were forced to buy a new device with higher processing speed to avoid the numerous rebooting. Later, deployment and use was smooth. Review Source GS Gaurav S. Sr devops engineer Automotive Used the software for: 6-12 months ### "Sonarqube a static code analysis for quality and security of the code" July 17, 2022 4.0 We have been using sonarqube in our cicd pipeline for static code analysis and its been very helpful identifying the bugs early in the stages. This tool is best in the market but still missing on some functionalities, mainly in dashboards. Pros 1\. Ensures that only quality, bugfree and vulnerabilities free code goes into production and improves developer’s skills. 2. Supports 24+ languages. 3. Open source version. 4. Developer workflow integration 5. Detect the bugs early in development and send alerts to developers to have a look into suspicious code snippets. 6. The results are faster and can get integrated within pipeline. Cons 1\. Integration with the third party apps could be improved. 2. Dashboards could be better and code security features can be added more. 3. Sometimes false positive results Review Source AS Anselmo S. IT Strategy Financial Services Used the software for: 2+ years ### "SonarQube cornerstone of our continuous development lifecycle " May 3, 2024 5.0 Pros Easy to use interface Rules flexibility Broad set of rules to activate Cons No roadmap for dynamic analysis Reports API not so flexible Fixed price approach Review Source Pedro L. consultant Computer Software Used the software for: 1-2 years ### "Manten código de calidad gracias a SonarQube" August 9, 2023 4.0 Pros Me gusta mucho la integración con el servicio de devops de azure, gracias a ello puedo integrar las tareas de revisión de código de SonartiQube en la integración continua. Los reportes que genera son de gran utilidad para detectar malas prácticas o brechas de seguridad en el código. Cons Me gustaría que el panel de administración de la herramienta fuera más configurable, para poder hacer que el análisis de código sea más efectivo. Review Source VR Verified Reviewer Software Engineer Computer Software Used the software for: 6-12 months ### "powerful code quality tool" February 23, 2023 5.0 Pros SonarQube can integrate with CI/CD tools such as Jenkins, GitLab, and Travis CI, making it easy to automate code analysis as part of the development process. SonarQube allows developers to customize the rules and profiles used for code analysis.SonarQube provides a dashboard and reporting features that allow developers to track the progress of code quality metrics and identify areas that require attention. This feature can help developers stay on top of code quality issues and make data-driven decisions about where to focus their efforts. Cons Improving documentation could help users better understand how to use the tool effectively. Review Source AB Adrian B. SaaS QA Lead Computer Software Used the software for: 6-12 months ### "SQ for Quality and Security" August 11, 2021 5.0 In general SQ is great. We use it extensively in multiple projects to provide valuable metrics, measure technical debt and spot issues as quickly as possible. SonarQube rocks! Pros Quality matters as much as Security. SonarQube supports both of those aspects very well. What is more it is done automatically with minimum configuration. Speed, reliability and flexibility makes SQ must have solution in every Organization. Cons Limited support for self-hosted repository was challenging. Another one is diversity of versions: ZIP, Docker and Cloud. Review Source Response from SonarSource August 16, 2021 Thank you for your feedback, Adrian! We are glad to hear that you are enjoying SonarQube! SM Sebastian M. IT-Architect Insurance Used the software for: 2+ years ### "A developers friend" August 12, 2021 5.0 I am very happy with its reliability and performance. best-in-class Pros Supporting developers to build high-quality apps Cons The very high Performance when comparing to CAST. Reason for choosing SonarQube High Performance and easy CI/CD-Integration Review Source Response from SonarSource August 19, 2021 Thank you for your review, Sebastian! TT Thenappan T. Technical Specialist Information Technology and Services Used the software for: 2+ years ### "Keeps ur code intact with less grammar mistake" January 24, 2022 5.0 Pros it allows us to correct the grammatically wrong code , unused imports ,variables etc. It Helps us to optimize the code with the rules specified for that project. Allows us to remove the duplicate code as well. Cons Integration with visual studio code and binding with project is tad difficult . Duplicate code block appears only after the build , so we have to wait till the build is completed to view whether any duplicate is present in our code. Review Source kV kiruthiga V. DevOps Engineer Information Technology and Services Used the software for: 2+ years ### "SonarQube Usage review" April 8, 2021 4.0 Cheap and good for Code Vulnerability scans. Pros The vulnerability scans that it uses encompasses a lot of languages. It also has ability where user can define custom profiles and rules. Dashboards created are easy to use and decipher. Cons Technical support is very expensive and need to use their community forums to get support. Reason for choosing SonarQube SonarQube provides continuous code quality checks . Can provision Quality Gates to fix the leaks immediately. Review Source Response from SonarSource October 14, 2021 Thank you for your review, kiruthiga! PA Philip A. IT Technical Project Manager Information Technology and Services Used the software for: I used a free trial ### "Code Inspection Tools" September 30, 2021 5.0 Clearing dead code, following coding standards, identifying security threats, etc Pros The best feature I liked about this tool is it even suggests relevant code be changed. So just a copy-paste will do the job. Less time consuming Cons Initial setup. Have to setup multiple items separately. Would have been good if it was a complete installation as a EXE Reason for choosing SonarQube Opensource was good to demonstrate to the client Review Source Response from SonarSource October 14, 2021 Thank you for your review & feedback, Philip! PP Puneet P. Analyst Information Technology and Services Used the software for: 1-2 years ### "Ease of Using SonarQube" July 27, 2021 5.0 Excellent to work with Pros Deployment Features and the ease of access Cons Customer support sometimes get delayed Review Source Response from SonarSource August 13, 2021 Thank you for your review, Puneet! I am sorry to hear that you're experiencing a delay with support. Do you have Commercial Support or do you use the SonarSource Community forum? Visit: https://community.sonarsource.com/ SG Srinivashan G. Consultant Information Technology and Services Used the software for: 6-12 months ### "SonarQube for Static Code Analysis & Code review" September 29, 2021 4.0 SonarQube: The go-to tool for code quality Pros Security Hotspot feature Code Smells Multi language support Cons The free version has limitations on development languages and support. Setup process Would require a UI / CX refresh Reason for choosing SonarQube Coverity, PMD Review Source Response from SonarSource October 14, 2021 Thank you for your review, Srinivashan! JRS Jimmy R S. Oficial de seguridad de la informacion Leisure, Travel & Tourism Used the software for: 1-2 years ### "Mejoras para Sonarqube" January 16, 2025 4.0 Buena herramienta para equipo red de una empresa y de manera gratis puedes crear plantillas de correo para todas las areas o parte de ellas Pros Envió de campañas de phising a usuarios de la empresa para reforzar ciberseguridad de las empresas Cons la configuración inicial es complicada y la gestión de seguridad envió de correos, hay pocos ejemplos practicos o estan fuera de actualizacion Review Source VR Verified Reviewer Senior FullStack Developer Internet Used the software for: 1-2 years ### "Un super outil pour améliorer la qualité de code et la maintenir" January 18, 2024 5.0 J'ai utilisé SonarQube sur des repositories contenant des applications Angular, .NET et des scripts SQL. A chaque fois les recommandations étaient pertinentes et ont pu améliorer la qualité du code. Pros SonarQube est complet. Il permet l'analyse de nombreux langages de développement sur plusieurs projets. Il propose de base plusieurs jeux de règles de qualité à appliquer et permet d'en ajouter d'autre. Pour chaque règle un exemple est fourni et des explications assez claire. Certaines règles concernent la qualité du code, mais pas que. Certaines touchent à la sécurité et d'autres aux performances. L'intégration dans un process de build via des tâches ou des jobs est assez facile. Cons Le plus gros inconvénient de SonarQube est son coût qui peut s'avérer, selon les projets, un peu élevé. L'outil est néanmoins très facile à utiliser et à mettre en place. Review Source CP Chandramouli P. DevSecOps Lead Hospital & Health Care Used the software for: 6-12 months ### "Great tool to drive Coding Quality standards" August 12, 2021 3.0 PR analysis and Integration with Bitbucket are most in avoiding the new issues. The tool needs a lot of improvements 1. Number of rules should be increased. 2. Few rules should have custom exclusions. Ex: Naming conventions => Organisation-specific words will be there which should be in Capital. 3. Generating a lot of false positives 4. Executive reports should generate based on scheduled triggers. We have 20 projects which are assigned to a Portfolio. if you are going to generate a report and send an email for the first portfolio calculation then the rest of the 19 projects info for that day will be missed. Higher management will think that the generated report is the latest but it is not. 5. PR analysis reports should be generated Quickly Pros PR analysis and Integration with Bitbucket are most helpful. Cons 1\. Number of rules should be increased. 2. Few rules should have custom exclusions. Ex: Naming conventions => Organisation-specific words will be there which should be in Capital. 3. Generating a lot of false positives 4. Executive reports should generate based on scheduled triggers. We have 20 projects which are assigned to a Portfolio. if you are going to generate a report and send an email for the first portfolio calculation then the rest of the 19 projects info for that day will be missed. Higher management will think that the generated report is the latest but it is not. 5. PR analysis reports should be generated Quickly Review Source Response from SonarSource August 13, 2021 Thank you for your review, Chandramouli. We appreciate your feedback, and invite you to join the SonarSource Community Forum. SonarSource Community Forum: https://community.sonarsource.com/ Posting to the Forum will allow there to be transparency to the community, and allow our product managers & users to understand any issues you are facing. To better assist you, please indicate what language(s), and how long the PR analysis is actually taking; as well as, examples of the false positives. Thanks! Similar Products Featured ## Related categories [Static Application Security Testing (SAST)](https://www.capterra.com/sast-software/)[Application Development](https://www.capterra.com/application-development-software/)[Continuous Integration](https://www.capterra.com/continuous-integration-software/)