# Page 2 | SonarQube Reviews 2026. Verified Reviews, Pros & Cons | Capterra

> Page 2 - Is SonarQube the right Continuous Integration solution for you? Explore 65 verified user reviews from people in industries like yours to make a confident choice.

Source: https://www.capterra.com/p/210481/SonarQube/reviews

---

SonarQube

4.5 (65)

[View alternatives](https://www.capterra.com/p/210481/SonarQube/alternatives/)

Provider data verified by our Software Research team, and reviews moderated by our Reviews Verification team. [Learn more](https://www.capterra.com/our-story/)

* * *

Last updated March 13th, 2026

# Page 2 - Reviews of SonarQube

## Showing most helpful reviews

Showing 26-50 of 65 Reviews

Sort by:

Most Helpful

Rating

Company Size

Reviewer's Role

Length of Use

Frequency of Use

CP

Chandramouli P.  
DevSecOps Lead  
Hospital & Health Care  
Used the software for: 6-12 months

### "Great tool to drive Coding Quality standards"

August 12, 2021

3.0

PR analysis and Integration with Bitbucket are most in avoiding the new issues. The tool needs a lot of improvements 1. Number of rules should be increased. 2. Few rules should have custom exclusions. Ex: Naming conventions => Organisation-specific words will be there which should be in Capital. 3. Generating a lot of false positives 4. Executive reports should generate based on scheduled triggers. We have 20 projects which are assigned to a Portfolio. if you are going to generate a report and send an email for the first portfolio calculation then the rest of the 19 projects info for that day will be missed. Higher management will think that the generated report is the latest but it is not. 5. PR analysis reports should be generated Quickly

Pros

PR analysis and Integration with Bitbucket are most helpful.

Cons

1\. Number of rules should be increased. 2. Few rules should have custom exclusions. Ex: Naming conventions => Organisation-specific words will be there which should be in Capital. 3. Generating a lot of false positives 4. Executive reports should generate based on scheduled triggers. We have 20 projects which are assigned to a Portfolio. if you are going to generate a report and send an email for the first portfolio calculation then the rest of the 19 projects info for that day will be missed. Higher management will think that the generated report is the latest but it is not. 5. PR analysis reports should be generated Quickly

Review Source

Response from SonarSource

August 13, 2021

Thank you for your review, Chandramouli. We appreciate your feedback, and invite you to join the SonarSource Community Forum. SonarSource Community Forum: https://community.sonarsource.com/ Posting to the Forum will allow there to be transparency to the community, and allow our product managers & users to understand any issues you are facing. To better assist you, please indicate what language(s), and how long the PR analysis is actually taking; as well as, examples of the false positives. Thanks!

GS

Gaurav S.  
Sr devops engineer  
Automotive  
Used the software for: 6-12 months

### "Sonarqube a static code analysis for quality and security of the code"

July 17, 2022

4.0

We have been using sonarqube in our cicd pipeline for static code analysis and its been very helpful identifying the bugs early in the stages. This tool is best in the market but still missing on some functionalities, mainly in dashboards.

Pros

1\. Ensures that only quality, bugfree and vulnerabilities free code goes into production and improves developer’s skills. 2. Supports 24+ languages. 3. Open source version. 4. Developer workflow integration 5. Detect the bugs early in development and send alerts to developers to have a look into suspicious code snippets. 6. The results are faster and can get integrated within pipeline.

Cons

1\. Integration with the third party apps could be improved. 2. Dashboards could be better and code security features can be added more. 3. Sometimes false positive results

Review Source

VR

Verified Reviewer  
Technical Lead  
Computer Software  
Used the software for: 1-2 years

### "Best code scanning and monitoring tools "

April 26, 2022

5.0

Used sonarqube in multiple web development project where we used this tool and found very useful and checkpoints

Pros

Reports it generates and grades on vulnerabilities and highlights the scanned code

Cons

Integration with Visual Studio. Net code was not simple and easier.

Review Source

VR

Verified Reviewer  
Consultant  
Information Technology and Services  
Used the software for: Less than 6 months

### "SonarQube reivew"

April 28, 2024

5.0

Pros

SonarQube provides important metrics such as code smells, bugs, vulnerabilities, and code coverage. Easy integration with CI/CD tools.

Cons

SonarQube may produce false positives, as with any static analysis tool.

Review Source

VR

Verified Reviewer  
Solutions Architect  
Information Technology and Services  
Used the software for: 2+ years

### "Measure the quality of your software "

December 24, 2022

5.0

Pros

I like sonarqube dashboard and the flexibility that quality gates provide to measure your software quality. You can set up you own thresholds for maintenance, reliability, security, code coverage and many other metrics, and allow only versions passing this quality gate to be deployed.

Cons

Unfortunately it lacks an easy way to see trends and go deep into which developers are the best/the worst. Also, it is paid if you need to analyse software in some languages, available only on the cloud.

Alternatives considered

[CAST Highlight](https://www.capterra.com/p/177188/CAST-Highlight/)[Kiuwan](https://www.capterra.com/p/160729/Kiuwan-Code-Security/)[Jenkins](https://www.capterra.com/p/171026/Jenkins/)[Azure DevOps](https://www.capterra.com/p/170547/VSTS-DevOps/)

Review Source

CA

Carlos A.  
IT Manager  
Banking  
Used the software for: 2+ years

### "Sonarqube essential code quality analysis tool"

March 12, 2023

4.0

In short, it is an indispensable tool and should be mandatory in all software development companies.

Pros

The ability to analyze the quality of the code in each deployment or integration, together with the possibility of modifying the rules to allow deployment or not (quantity or criticality of errors or defects), as well as vulnerability analysis allows for better software, always keeping in mind of the developers the quality and security of the code.

Cons

Like everything, the time it takes to leave it well configured and integrated with the rest of the systems, as well as the maintenance and updating of the standards, rules and vulnerabilities depending on the programming language and the news that are published at the level of security.

Review Source

VR

Verified Reviewer  
Sr. Vice President  
Banking  
Used the software for: 2+ years

### "Code Quality Assurance"

March 21, 2024

4.0

Overall, impressed by this tool that supports multiple languages, monitoring code quality, bugs and vulnerability detection. Also, integrates well with Jenkins, GitHub, etc.

Pros

\- It supports almost all commonly used languages like JAVA, Python, Javascript, etc. - Integrates well with CI/CD pipeline established in tools like Jenkins and GitHub. - Detects code duplication, bugs and vulnerabilities in code.

Cons

\- May be complex to understand the reports for new users. - May block delivery/deployment if hard gates are enabled by DevOps team which may delay project delivery.

Review Source

VR

Verified Reviewer  
Developer  
Computer Software  
Used the software for: 2+ years

### "Excellent code assurance tool"

January 15, 2023

3.0

It's a great tool and be understood by experienced people more easily.

Pros

Sonarqube helps me find out if there are any repetitive lines in my code. Since the code sometimes get lengthy or at times missed by me to recheck. It is added in continuous integration in jenkins which when runs code smells, coverage and quality will be detected.

Cons

At times we need to precisely set all the settings for the issues to be detected. If any small mistake happens then no result can be seen. We use traditional sonarqube where we install and integrate rather then plugin in jenkins. So the traditional method needs to be more careful in installing and running it.

Review Source

VR

Verified Reviewer  
Software Engineer  
Information Technology and Services  
Used the software for: 6-12 months

### "Elevate your code quality to the next level"

March 30, 2024

4.0

The development process has been a bit slower than usual after SonarQube integration, but the quality and readability of the code is much better.

Pros

The main feature of SonarQube is that it detects code complexities within the code so that the developer can optimize it. It also detects accessibility and security issues; code smells and suggests changes.

Cons

It is a bit difficult to integrate with existing services and the quality checks may also conflict with other integrations.

Review Source

VR

Verified Reviewer  
Technical Project Manager  
Information Technology and Services  
Used the software for: 2+ years

### "The least you can do for software quality"

November 30, 2022

5.0

Pros

Sonarqube allows anyone to run a scan for code smells, bugs or vulnerabilities. There is no reason not to use it or integrate it into your CI/CD pipelines. Even if you do not enforce passing the quality gate, it helps a lot in tracking and highlighting where are your weaknesses. Code duplication and Code coverage are very useful tools to understand the overall quality of your development.

Cons

It is hard to view historic data, and once you run a new analysis you cannot see the previous ones anymore from the same unified dashboard, you have to enter into each metric and check the history link. Please bring back the history dashboard from sonar 5!

Alternatives considered

[CAST Highlight](https://www.capterra.com/p/177188/CAST-Highlight/)[Kiuwan](https://www.capterra.com/p/160729/Kiuwan-Code-Security/)

Review Source

Vishvesh K.  
Quality Assurance Engineer  
Computer Software  
Used the software for: 6-12 months

### "Loved using SonarQube!!!"

April 27, 2022

5.0

We primarily need to perform some static analyses. Everyone sends a pool request while they're coding. We must guarantee that the code is up to date before committing it to the main branch. That's basically how we work to make sure that whatever rules we've set up, whatever gates we've set up, are followed before we commit the code to the main branch. I had a lot of fun with the powerful tool.

Pros

The way it evaluates all of the code generated and reports on any violations of standard coding help us optimize the written code, ensuring that the smallest number of lines are created to properly cover the functionality. It offers a lovely user interface with distinct groups of infractions ranging from small to large, and it involves fixing the code's needless complexity. It also aids in the removal of duplicate code that has been used several times and the upkeep of method standards.

Cons

Integrating Sonarqube into CI/CD Pipelines takes time, and it may take even longer if the developer is newer. More real-time solutions could be included in the available guide, making it easier to handle issues and complete the integration.

Review Source

Flavio V.  
Software Architect  
Telecommunications  
Used the software for: 2+ years

### "The best bugs exterminator "

May 29, 2022

5.0

We can't live anymore without Sonarqube. When we started using it 5 years ago, the teams adoption was very fast.

Pros

Code review could be more focused on the new features implementation than trying to identify silly basic faults.

Cons

The Eclipse Sonarqube plugin was not easy to make it work in the same manner was it was setup in the CI/CD machines.

Review Source

Pedro L.  
consultant  
Computer Software  
Used the software for: 1-2 years

### "Manten código de calidad gracias a SonarQube"

August 9, 2023

4.0

Pros

Me gusta mucho la integración con el servicio de devops de azure, gracias a ello puedo integrar las tareas de revisión de código de SonartiQube en la integración continua. Los reportes que genera son de gran utilidad para detectar malas prácticas o brechas de seguridad en el código.

Cons

Me gustaría que el panel de administración de la herramienta fuera más configurable, para poder hacer que el análisis de código sea más efectivo.

Review Source

VR

Verified Reviewer  
QA Manager  
Government Administration  
Used the software for: 2+ years

### "Good tool for review static code"

September 30, 2021

5.0

Really good

Pros

You can see the coverage in unit test, review the programming code with the best practice and the vulnerabilities in the code

Cons

The support is not included in the license.

Reason for choosing SonarQube

We implement the community version

Review Source

Response from SonarSource

October 14, 2021

Thank you for the review!

Pinki K.  
Technical Consultant  
Computer Software  
Used the software for: 1-2 years

### "Improve code quality with sonarQube"

December 31, 2022

5.0

Its very good tool for scanning code and improving code quality by using this tool now we are able to improve code quality which reduces the review time and issues on production.

Pros

Its very helpful tool for improving code quality and find vulnerabilities in code which reduces the security issue as well as reduce issue on production. It check duplicate code, logical bug and many more.

Cons

Custom role adding is difficult rest all good.

Review Source

Mohammed F.  
Security Engineer  
Information Technology and Services  
Used the software for: 1-2 years

### "One of the Best tools to incorporate Security into Pipeline"

October 2, 2021

5.0

Sonar cube has been used for Static code analysis and Has been built to Jenkins Pipeline, It allowed to identify huge amount vulnerabilities and helped us to improve our code quality to a great instant.

Pros

Great knowledgebase in understanding the bugs and vulnerabilities and fixing them. Highly informational dashboard and tools to filter huge amount of repos.

Cons

Customizing rules are difficult. Certain times they will catch comments and rule engine still needs tweaking

Review Source

Response from SonarSource

October 14, 2021

Thank you for your review & feedback, Mohammed!

Franck B.  
Software engineer  
Computer Software  
Used the software for: 1-2 years

### "Avis positif "

August 2, 2023

5.0

Pros

Le fait que l'on puis enregistrer nos propre metriques pour les tests de qualités

Cons

La documentation n'est pas forcément la plus aisée

Review Source

VR

Verified Reviewer  
QA Engineer  
Computer Software  
Used the software for: 1-2 years

### "Check your developers code quality "

August 4, 2022

4.0

Great experience I loved it. It will track all the lines in code and gives us the quality report according to rule set.

Pros

Great tool to check the code quality like unit test cases, number of repetitive lines and other checks for coments and other. This helps us to set the rules which should be followed by the developer which maintains the consistency of the software for customers.

Cons

I don't have any much cons on this. But we need little good knowledge to handle this. It is little tricky to manage the application.

Review Source

VR

Verified Reviewer  
Principal Consultant  
Information Technology and Services  
Used the software for: 2+ years

### "Great tool to drive Coding Quality standards"

July 11, 2021

5.0

Driving code quality standards across enterprise and inducing code quality gates in the continuous integration workflow

Pros

Static code analysis, support for Java, .Net, JavaScript, typescript, html, CSS, etc. Helps you set custom quality gates and rules as well

Cons

Community version does not support high availability. You need to pay for this feature, would have preferred it to be free. Tools upgrade process can be improved as we have to take down the tool instance.

Review Source

Response from SonarSource

October 14, 2021

Thank you for your review!

TK

Tolgay K.  
DevOps Engineer  
Telecommunications  
Used the software for: 2+ years

### "A great tool to improve Code Quality"

April 28, 2022

4.0

Tool really fulfills our needs on code quality improvements and security perspectives.

Pros

First of all, The tool has a great user interface highlighting all of the errors and bugs. It also shows how much effort is needed to fix those as well. We integrated it with our CI/CD pipelines in GitLab.

Cons

Enterprise licensing cost is a bit expensive. We faced rarely memory issues running the CI/CD pipelines.

Review Source

VR

Verified Reviewer  
Software Engineer  
Computer Software  
Used the software for: 6-12 months

### "powerful code quality tool"

February 23, 2023

5.0

Pros

SonarQube can integrate with CI/CD tools such as Jenkins, GitLab, and Travis CI, making it easy to automate code analysis as part of the development process. SonarQube allows developers to customize the rules and profiles used for code analysis.SonarQube provides a dashboard and reporting features that allow developers to track the progress of code quality metrics and identify areas that require attention. This feature can help developers stay on top of code quality issues and make data-driven decisions about where to focus their efforts.

Cons

Improving documentation could help users better understand how to use the tool effectively.

Review Source

Prateek J.  
DevSecOps Engineer  
Computer Software  
Used the software for: 1-2 years

### "SonarQube: Code Quality and Code Security"

July 25, 2021

5.0

SonarQube is one of the best open-source tools I have used for SAST testing but I feel there are so many features that are still missing.

Pros

1\. Provides a detailed review of the code 2. It highlights suspicious code snippets 3. Strong integration with popular CI pipelines

Cons

1\. Installation process should be smooth 2. Reporting is poor 3. Integration with IDE is not available

Review Source

Response from SonarSource

October 14, 2021

Thank you for your review, Prateek!

SM

Susan M.  
Software Engineer  
Airlines/Aviation  
Used the software for: 6-12 months

### "Great product!"

July 11, 2023

5.0

Pros

This product has actually improved productivity within my team by making sure there’s no duplicate code and by making code easily understandable.

Cons

Code maintenance is actually a difficult part.

Review Source

AB

Adrian B.  
SaaS QA Lead  
Computer Software  
Used the software for: 6-12 months

### "SQ for Quality and Security"

August 11, 2021

5.0

In general SQ is great. We use it extensively in multiple projects to provide valuable metrics, measure technical debt and spot issues as quickly as possible. SonarQube rocks!

Pros

Quality matters as much as Security. SonarQube supports both of those aspects very well. What is more it is done automatically with minimum configuration. Speed, reliability and flexibility makes SQ must have solution in every Organization.

Cons

Limited support for self-hosted repository was challenging. Another one is diversity of versions: ZIP, Docker and Cloud.

Review Source

Response from SonarSource

August 16, 2021

Thank you for your feedback, Adrian! We are glad to hear that you are enjoying SonarQube!

AC

Alexander C.  
Developer  
Computer Software  
Used the software for: 2+ years

### "Software Quality Assurred"

September 28, 2021

5.0

Software Quality Increasing Over Time

Pros

Multiple quality metrics for software develop and configurable quality gates

Cons

Some brakes with compatibility when doing migrations

Review Source

Response from SonarSource

October 14, 2021

Thank you for your review and feedback, Alexander!

Similar Products

Featured