# SonarQube Reviews 2026. Verified Reviews, Pros & Cons | Capterra > Is SonarQube the right Continuous Integration solution for you? Explore 67 verified user reviews from people in industries like yours to make a confident choice. Source: https://www.capterra.com/p/210481/SonarQube/reviews --- SonarQube 4.5 (67) [View alternatives](https://www.capterra.com/p/210481/SonarQube/alternatives/) Provider data verified by our Software Research team, and reviews moderated by our Reviews Verification team. [Learn more](https://www.capterra.com/our-story/) * * * Last updated March 13th, 2026 # Reviews of SonarQube Ease of use 4.2 Customer Service 4.0 ## Pros and Cons in Reviews Swarnima G Software EngineerInformation Technology and Services, 501 - 1,000 employeesUsed the software for: More than 2 years. “That saves time and helps maintain cleaner code across projects.“ May 9, 2026 Daniel S Director of Research and DevelopmentHealth, Wellness and Fitness, 11 - 50 employeesUsed the software for: More than 2 years. “For example, if there are many commands in a Dockerfile, it will ensure that commands are merged together (but not necessarily correctly), which causes the dev to break the commands apart again. And the loop goes on until it is silenced.“ April 3, 2026 Swarnima G Software EngineerInformation Technology and Services, 501 - 1,000 employeesUsed the software for: More than 2 years. “The dashboard is detailed and gives a clear overview of code health.“ May 9, 2026 Swarnima G Software EngineerInformation Technology and Services, 501 - 1,000 employeesUsed the software for: More than 2 years. “Another small issue is that some warnings feel too strict or unnecessary, so developers still need to manually review results instead of trusting every suggestion directly.“ May 9, 2026 MP Michal P Software EngineerAccounting, 501 - 1,000 employeesUsed the software for: 1-2 years. “SonarQube is good at enforcing minimum code coverage on PRs“ February 28, 2025 ZR Zach R CEO OWnerComputer & Network Security, 11 - 50 employeesUsed the software for: 1-2 years. “It took them 2 months to resolve my request and they continued billing my card when the account was 100% not in use and I had no access to it. “ February 13, 2025 CP Carlos P QAEComputer Software, 1,001 - 5,000 employeesUsed the software for: 1-2 years. “Really good to detect bugs, vulnerabilities and code smells. And integration with popular CI/CD pipelines is really impressive.“ July 20, 2023 Naresh B Software EngineerInformation Technology and Services, 201 - 500 employeesUsed the software for: 6-12 months. “It is a bit difficult to integrate with existing services and the quality checks may also conflict with other integrations.“ March 30, 2024 ## Showing most helpful reviews Showing 1-25 of 67 Reviews Sort by: Most Helpful Rating Company Size Reviewer's Role Length of Use Frequency of Use Sachin S. DevOps Engineer Computer Software Used the software for: 6-12 months ### "Code Analysis and ensuing security against threats" May 23, 2022 5.0 Overall experience with Sonarqube is pretty wholesome integration came handy with my CI/CD tools such as Azure Devops and Jenkins. Provides insights against vulnerabilities and common threats so that necessary actions can be taken by developers to ensure the security and good coding practices to follow. Features like PR decoration allows to get results in CI/CD tools itself if passed then only commit happens to master branch. Pros Feature like Code Analysis and publishing those analysis report to end user. You can use default Quality Gates and Quality Profiles for scanning of your code. In case you want to modify these you can do that and define your own rule. Whenever there's commit in repo you just need to configure the task in your continuous integration pipeline if it passed the parameter only then commit will happens the master/main branch otherwise it will not. With these features you can eliminate the security threats and ensure that developers are following good practices while developing their code. I have integrated it with Azure DevOps. Cons Only thing which I can think can be improved is logging of events. Sometime it becomes hard to debug the issues. Other then that, I think over all this fulfills all the requirements. Review Source VR Verified Reviewer Undergraduate Student Higher Education Used the software for: 6-12 months ### "SonarQube is Great for Developers! " December 23, 2022 5.0 We could identify many code related issues that are presented in our code and improve the quality of the application that we are developing. As a overall, SonarQube tool is able to add a value to our applications. Pros It is simple for developers to recognize their code smells, unused lines of code, errors, problems with the third-party libraries they are using, etc. information and the precise location of the issue. It also offers answers to those problems. As a result, figuring out the problems and fixing them is simple. This will be a terrific tool for developers. Except that, we can introduce our own rules for checking the code quality. It could identify the code issues that are vulnerable to cyber attacks such as XSS, SQL Injection, etc. Cons It was difficult to use the SonarQube on-premise application. Once we pushed a new code section, the server needed to restart in order for the application to work. Alternatives considered [GitGuardian](https://www.capterra.com/p/186913/GitGuardian/) Reason for choosing SonarQube Higher number of facilities are available in SonarQube and suggesting the options for fixing the issues. Review Source VR Verified Reviewer Software Engineer Information Technology and Services Used the software for: 2+ years ### "Great tool for improving code quality" May 9, 2026 4.0 Pros What I liked most about SonarQube is how helpful it is for improving code quality and catching issues early in development. The vulnerability detection is one of its strongest features because it points out security risks, bugs, and code smells before they become bigger problems. It also integrates well with source code management and CI/CD pipelines, which makes it easier to include code analysis as part of the normal development workflow. That saves time and helps maintain cleaner code across projects. The platform has a bit of a learning curve in the beginning, especially when configuring rules and understanding reports, but after some use it becomes much easier to manage. The dashboard is detailed and gives a clear overview of code health. From a value for money perspective, it feels worth it for teams that care about code quality and security. It helps reduce issues before deployment, which can save a lot of time later. Cons One thing I liked least about SonarQube is that the initial setup can take time, especially when configuring quality rules and integrating it with existing workflows. It is not something that feels fully plug and play. Scans on bigger projects can also be a bit slow at times, which can affect development speed during heavy usage. Another small issue is that some warnings feel too strict or unnecessary, so developers still need to manually review results instead of trusting every suggestion directly. For new users, understanding all the settings and customization options can also take a while, so there is definitely a learning curve before getting the most out of the tool. Review Source ZR Zach R. CEO OWner Computer & Network Security Used the software for: 1-2 years ### "Never use SonarQube" February 13, 2025 1.0 This service is a complete scam. Let's start with how it ended. I canceled my account, only to find out that it did not actually cancel. So I contacted support. It took them 2 months to resolve my request and they continued billing my card when the account was 100% not in use and I had no access to it. Now they refuse to refund my money. This is after they increased the cost of my plan by 3x without my approval (which is what prompted me to want to leave). In order to try to reduce my cost, our engineering team attempted to discsonnect some unused repos... nope, not possible. NEVER use this service. You absolutely cannot trust them. It's unbelievable that their system cannot be canceled and yet somehow it's my fault and I continue to get billed while their support team takes weeks to respond. Pros There is nothing about this company that I would ever recommend. Cons Of all the terrible things about this service and company, it's their customer support that takes the cake! Review Source VR Verified Reviewer Director of Research and Development Health, Wellness and Fitness Used the software for: 2+ years ### "Smooth experience for code reviewers" April 3, 2026 4.0 Overall, it's made our team much more consistent and efficient.PRs are a smoother process because the code smells are already fixed. Pros It makes our team consistent. For example, one of our devs was notorious for PRs with high cognitive complexity in their functions. Now, all we need to do in our azure pipelines is ensure that all sonarqube code smells are solved before they can merge their work to main. Cons Sometimes it can create a loop in code smells. For example, if there are many commands in a Dockerfile, it will ensure that commands are merged together (but not necessarily correctly), which causes the dev to break the commands apart again. And the loop goes on until it is silenced. Review Source VR Verified Reviewer Software Engineer II A Information Technology and Services Used the software for: 1-2 years ### "Best Code Quality check Tool" August 25, 2022 5.0 We are really taking help of SonarQUbe in maintaining code quality. Doing code scanning on each JIRA story completion. It also helps our developers to improve their code quality. Coding standards are better now. Reports are very useful. Pros 1\. Calculate the quality of code and also helps to improve the quality by providing the solution 2. Highlight the vulnerabilities , repetitive line of code 3. Developer Friendly tool as it provides recommendations on the line of code which needs an improvement. 4. Create Scan reports on demand 5. Option to add exception in code Cons 1\. Report Generation sometime take long time. 2. User Interface should be enhanced. 3. Lack custom rule set 4. As per cost, it is little bit expensive. Alternatives considered [Embold](https://www.capterra.com/p/241514/Embold/)[Coverity](https://www.capterra.com/p/163552/Coverity-Static-Code-Analysis/)[CodeScan](https://www.capterra.com/p/204478/CodeScan/) Switched from [embold](https://www.capterra.com/p/175649/Gamma/)[Coverity](https://www.capterra.com/p/163552/Coverity-Static-Code-Analysis/) SOnarQube is better in terms of quality percentage, provide more insights. Review Source JK Jitae K. Sr. Devops Computer Software Used the software for: 2+ years ### "A powerful tool for code quality" September 30, 2025 5.0 Overall, SonarQube is very powerful tool to catch bugs and potential security issues in order to improve our code quality even though setting it up can be a little bit of challenges at the beginning. Also you can customize rules like we set up rules to match what our project needs based on project's use-cases Pros We've been SonarQube many years for catching bugs and integrated with Github. It does provide very clear reports showing how our code is doing in details and also what needs fixing. Cons As admin of SonarQube, setting up project and configure/integrating this to other app like TeamCity or AWS codebuild was bit tricky. I was struggling to set it up at the beginning and also UI is not really intuitive. Also we have to manage its server as well like upgrading! Review Source Flor C. Software Developer Computer Software Used the software for: 1-2 years ### "A free tool for source code analysis" April 10, 2023 5.0 It helped me to be able to do my job in improving the code, giving me possible solutions and saving me time. Pros What I find most useful in this software is the code analysis, which gives detailed reports of the errors found and then suggests possible solutions. This saves time in software development.In addition, their large community helps solve problems that arise along the way. Cons Sometimes the reports can give false positives, which requires that the personnel in charge of handling the software carefully review the results to avoid false positives. Review Source Mo F. Lead DevOps Engineer Legal Services Used the software for: 2+ years ### "Developer friendly SAST" December 7, 2022 4.0 Pros We really like the IDE tool called SonarLint which makes it easy for developers to integrate with most IDEs and lint their code even before committing it to the repos. Another advantage was that we were able to self host our own instance on our Kubernetes cluster and keep the versions based on the containers we specify to pull. Cons Other engines tend to scan the same code base faster. Not too much of a con since this is all automated. Alternatives considered [Snyk](https://www.capterra.com/p/172252/Snyk/) Review Source Vishvesh K. Quality Assurance Engineer Computer Software Used the software for: 6-12 months ### "Loved using SonarQube!!!" April 27, 2022 5.0 We primarily need to perform some static analyses. Everyone sends a pool request while they're coding. We must guarantee that the code is up to date before committing it to the main branch. That's basically how we work to make sure that whatever rules we've set up, whatever gates we've set up, are followed before we commit the code to the main branch. I had a lot of fun with the powerful tool. Pros The way it evaluates all of the code generated and reports on any violations of standard coding help us optimize the written code, ensuring that the smallest number of lines are created to properly cover the functionality. It offers a lovely user interface with distinct groups of infractions ranging from small to large, and it involves fixing the code's needless complexity. It also aids in the removal of duplicate code that has been used several times and the upkeep of method standards. Cons Integrating Sonarqube into CI/CD Pipelines takes time, and it may take even longer if the developer is newer. More real-time solutions could be included in the available guide, making it easier to handle issues and complete the integration. Review Source MP Michal P. Software Engineer Accounting Used the software for: 1-2 years ### "Perfect for detecting unit test coverage" February 28, 2025 4.0 Pros SonarQube is good at enforcing minimum code coverage on PRs Cons It is really difficult to run it locally, however once set up on github it runs well, and provides valuable insights on code coverage. Review Source VR Verified Reviewer Senior FullStack Developer Internet Used the software for: 1-2 years ### "Un super outil pour améliorer la qualité de code et la maintenir" January 18, 2024 5.0 J'ai utilisé SonarQube sur des repositories contenant des applications Angular, .NET et des scripts SQL. A chaque fois les recommandations étaient pertinentes et ont pu améliorer la qualité du code. Pros SonarQube est complet. Il permet l'analyse de nombreux langages de développement sur plusieurs projets. Il propose de base plusieurs jeux de règles de qualité à appliquer et permet d'en ajouter d'autre. Pour chaque règle un exemple est fourni et des explications assez claire. Certaines règles concernent la qualité du code, mais pas que. Certaines touchent à la sécurité et d'autres aux performances. L'intégration dans un process de build via des tâches ou des jobs est assez facile. Cons Le plus gros inconvénient de SonarQube est son coût qui peut s'avérer, selon les projets, un peu élevé. L'outil est néanmoins très facile à utiliser et à mettre en place. Review Source YM Yusmeidy M. Java Developer Telecommunications Used the software for: 2+ years ### "Well defined by consistency and high operability" May 14, 2024 4.0 Brings quality and professionalism in the final results. It is an impressive tool. Pros One of the outstanding values about SonarQube is the speed of analysis. It makes it easy to collaborate with other features to generate clean codes. I and my team had an easy time during deployment. It was quite easy to relate with our needs. Combining all this benefits leads to a consistent and reliable coding behavior. Cons Installation of the tool was troublesome. We were forced to buy a new device with higher processing speed to avoid the numerous rebooting. Later, deployment and use was smooth. Review Source AS Anselmo S. IT Strategy Financial Services Used the software for: 2+ years ### "SonarQube cornerstone of our continuous development lifecycle " May 3, 2024 5.0 Pros Easy to use interface Rules flexibility Broad set of rules to activate Cons No roadmap for dynamic analysis Reports API not so flexible Fixed price approach Review Source Franck B. Software engineer Computer Software Used the software for: 1-2 years ### "Avis positif " August 2, 2023 5.0 Pros Le fait que l'on puis enregistrer nos propre metriques pour les tests de qualités Cons La documentation n'est pas forcément la plus aisée Review Source TK Tolgay K. DevOps Engineer Telecommunications Used the software for: 2+ years ### "A great tool to improve Code Quality" April 28, 2022 4.0 Tool really fulfills our needs on code quality improvements and security perspectives. Pros First of all, The tool has a great user interface highlighting all of the errors and bugs. It also shows how much effort is needed to fix those as well. We integrated it with our CI/CD pipelines in GitLab. Cons Enterprise licensing cost is a bit expensive. We faced rarely memory issues running the CI/CD pipelines. Review Source AB Adrian B. SaaS QA Lead Computer Software Used the software for: 6-12 months ### "SQ for Quality and Security" August 11, 2021 5.0 In general SQ is great. We use it extensively in multiple projects to provide valuable metrics, measure technical debt and spot issues as quickly as possible. SonarQube rocks! Pros Quality matters as much as Security. SonarQube supports both of those aspects very well. What is more it is done automatically with minimum configuration. Speed, reliability and flexibility makes SQ must have solution in every Organization. Cons Limited support for self-hosted repository was challenging. Another one is diversity of versions: ZIP, Docker and Cloud. Review Source Response from SonarSource August 16, 2021 Thank you for your feedback, Adrian! We are glad to hear that you are enjoying SonarQube! SM Sebastian M. IT-Architect Insurance Used the software for: 2+ years ### "A developers friend" August 12, 2021 5.0 I am very happy with its reliability and performance. best-in-class Pros Supporting developers to build high-quality apps Cons The very high Performance when comparing to CAST. Reason for choosing SonarQube High Performance and easy CI/CD-Integration Review Source Response from SonarSource August 19, 2021 Thank you for your review, Sebastian! TT Thenappan T. Technical Specialist Information Technology and Services Used the software for: 2+ years ### "Keeps ur code intact with less grammar mistake" January 24, 2022 5.0 Pros it allows us to correct the grammatically wrong code , unused imports ,variables etc. It Helps us to optimize the code with the rules specified for that project. Allows us to remove the duplicate code as well. Cons Integration with visual studio code and binding with project is tad difficult . Duplicate code block appears only after the build , so we have to wait till the build is completed to view whether any duplicate is present in our code. Review Source kV kiruthiga V. DevOps Engineer Information Technology and Services Used the software for: 2+ years ### "SonarQube Usage review" April 8, 2021 4.0 Cheap and good for Code Vulnerability scans. Pros The vulnerability scans that it uses encompasses a lot of languages. It also has ability where user can define custom profiles and rules. Dashboards created are easy to use and decipher. Cons Technical support is very expensive and need to use their community forums to get support. Reason for choosing SonarQube SonarQube provides continuous code quality checks . Can provision Quality Gates to fix the leaks immediately. Review Source Response from SonarSource October 14, 2021 Thank you for your review, kiruthiga! AC Antonio C. Software Engineering Insurance Used the software for: 6-12 months ### "Code quality matters" March 1, 2024 4.0 Very positive as it allows you to improve the writing of your code. Pros Report both security and code quality vulnerabilities, indicating the reason for the flaw and the possible resolution. It allows you to set thresholds so as not to compromise too much the quality of the code and the coverage of the tests. Cons It is necessary to configure it to avoid false positives in terms of code quality that can block the release of the code. Review Source VR Verified Reviewer Programmer Computer Software Used the software for: I used a free trial ### "Free open source" May 10, 2023 4.0 Pros \- integrate CI/CD- customizable Quality Profiles- easy to use Cons \- performance Impact- limited programming language- open-source, some advanced features are only available in the commercial version Review Source SB Shaifi B. Senior Software Engineer Financial Services Used the software for: Less than 6 months ### "A Senior partner of development team" May 29, 2022 4.0 It is a life saver in the development. It acts as a primary reviewer for every commit and the suggestions it provide are also very good thus saving time in code review . It helps in increasing the code quality and also supports self learning by providing the reviews. Pros \- It catches bugs very easily and classifies them into errors, bugs, code smells etc. based on their impact on the code. - It can be integrated with git and can be configured to automatically run on every commit Cons \- It is somewhat messy as if there are linting changes in the code then it also picks that previous changes and provide insights on it which sometimes creates ruckus on large code base Review Source JRS Jimmy R S. Oficial de seguridad de la informacion Leisure, Travel & Tourism Used the software for: 1-2 years ### "Mejoras para Sonarqube" January 16, 2025 4.0 Buena herramienta para equipo red de una empresa y de manera gratis puedes crear plantillas de correo para todas las areas o parte de ellas Pros Envió de campañas de phising a usuarios de la empresa para reforzar ciberseguridad de las empresas Cons la configuración inicial es complicada y la gestión de seguridad envió de correos, hay pocos ejemplos practicos o estan fuera de actualizacion Review Source CP Chandramouli P. DevSecOps Lead Hospital & Health Care Used the software for: 6-12 months ### "Great tool to drive Coding Quality standards" August 12, 2021 3.0 PR analysis and Integration with Bitbucket are most in avoiding the new issues. The tool needs a lot of improvements 1. Number of rules should be increased. 2. Few rules should have custom exclusions. Ex: Naming conventions => Organisation-specific words will be there which should be in Capital. 3. Generating a lot of false positives 4. Executive reports should generate based on scheduled triggers. We have 20 projects which are assigned to a Portfolio. if you are going to generate a report and send an email for the first portfolio calculation then the rest of the 19 projects info for that day will be missed. Higher management will think that the generated report is the latest but it is not. 5. PR analysis reports should be generated Quickly Pros PR analysis and Integration with Bitbucket are most helpful. Cons 1\. Number of rules should be increased. 2. Few rules should have custom exclusions. Ex: Naming conventions => Organisation-specific words will be there which should be in Capital. 3. Generating a lot of false positives 4. Executive reports should generate based on scheduled triggers. We have 20 projects which are assigned to a Portfolio. if you are going to generate a report and send an email for the first portfolio calculation then the rest of the 19 projects info for that day will be missed. Higher management will think that the generated report is the latest but it is not. 5. PR analysis reports should be generated Quickly Review Source Response from SonarSource August 13, 2021 Thank you for your review, Chandramouli. We appreciate your feedback, and invite you to join the SonarSource Community Forum. SonarSource Community Forum: https://community.sonarsource.com/ Posting to the Forum will allow there to be transparency to the community, and allow our product managers & users to understand any issues you are facing. To better assist you, please indicate what language(s), and how long the PR analysis is actually taking; as well as, examples of the false positives. Thanks! Similar Products Featured