# SonarQube Reviews 2026. Verified Reviews, Pros & Cons | Capterra > Is SonarQube the right Continuous Integration solution for you? Explore 65 verified user reviews from people in industries like yours to make a confident choice. Source: https://www.capterra.com/p/210481/SonarQube/reviews --- SonarQube 4.5 (65) [View alternatives](https://www.capterra.com/p/210481/SonarQube/alternatives/) Provider data verified by our Software Research team, and reviews moderated by our Reviews Verification team. [Learn more](https://www.capterra.com/our-story/) * * * Last updated March 13th, 2026 # Reviews of SonarQube Ease of use 4.2 Customer Service 4.0 ## Pros and Cons in Reviews AC Allyson C Senior Staff EngineerComputer Software, 51 - 200 employeesUsed the software for: 6-12 months. “Recently, while working on a project, it flagged potential code smells, helping me enhance code quality preemptively.“ May 23, 2024 ZR Zach R CEO OWnerComputer & Network Security, 11 - 50 employeesUsed the software for: 1-2 years. “It took them 2 months to resolve my request and they continued billing my card when the account was 100% not in use and I had no access to it. “ February 13, 2025 MP Michal P Software EngineerAccounting, 501 - 1,000 employeesUsed the software for: 1-2 years. “SonarQube is good at enforcing minimum code coverage on PRs“ February 28, 2025 Yegor L ConsultantInformation Technology and Services, 1,001 - 5,000 employeesUsed the software for: Less than 6 months. “SonarQube may produce false positives, as with any static analysis tool.“ April 28, 2024 YM Yusmeidy M Java DeveloperTelecommunications, 1,001 - 5,000 employeesUsed the software for: More than 2 years. “Combining all this benefits leads to a consistent and reliable coding behavior.“ May 14, 2024 Naresh B Software EngineerInformation Technology and Services, 201 - 500 employeesUsed the software for: 6-12 months. “It is a bit difficult to integrate with existing services and the quality checks may also conflict with other integrations.“ March 30, 2024 YM Yusmeidy M Java DeveloperTelecommunications, 1,001 - 5,000 employeesUsed the software for: More than 2 years. “It makes it easy to collaborate with other features to generate clean codes.“ May 14, 2024 SM Susan M Software Engineer Airlines/Aviation, 201 - 500 employeesUsed the software for: 6-12 months. “Code maintenance is actually a difficult part.“ July 11, 2023 ## Showing most helpful reviews Showing 1-25 of 65 Reviews Sort by: Most Helpful Rating Company Size Reviewer's Role Length of Use Frequency of Use Sachin S. DevOps Engineer Computer Software Used the software for: 6-12 months ### "Code Analysis and ensuing security against threats" May 23, 2022 5.0 Overall experience with Sonarqube is pretty wholesome integration came handy with my CI/CD tools such as Azure Devops and Jenkins. Provides insights against vulnerabilities and common threats so that necessary actions can be taken by developers to ensure the security and good coding practices to follow. Features like PR decoration allows to get results in CI/CD tools itself if passed then only commit happens to master branch. Pros Feature like Code Analysis and publishing those analysis report to end user. You can use default Quality Gates and Quality Profiles for scanning of your code. In case you want to modify these you can do that and define your own rule. Whenever there's commit in repo you just need to configure the task in your continuous integration pipeline if it passed the parameter only then commit will happens the master/main branch otherwise it will not. With these features you can eliminate the security threats and ensure that developers are following good practices while developing their code. I have integrated it with Azure DevOps. Cons Only thing which I can think can be improved is logging of events. Sometime it becomes hard to debug the issues. Other then that, I think over all this fulfills all the requirements. Review Source VR Verified Reviewer Undergraduate Student Higher Education Used the software for: 6-12 months ### "SonarQube is Great for Developers! " December 23, 2022 5.0 We could identify many code related issues that are presented in our code and improve the quality of the application that we are developing. As a overall, SonarQube tool is able to add a value to our applications. Pros It is simple for developers to recognize their code smells, unused lines of code, errors, problems with the third-party libraries they are using, etc. information and the precise location of the issue. It also offers answers to those problems. As a result, figuring out the problems and fixing them is simple. This will be a terrific tool for developers. Except that, we can introduce our own rules for checking the code quality. It could identify the code issues that are vulnerable to cyber attacks such as XSS, SQL Injection, etc. Cons It was difficult to use the SonarQube on-premise application. Once we pushed a new code section, the server needed to restart in order for the application to work. Alternatives considered [GitGuardian](https://www.capterra.com/p/186913/GitGuardian/) Reason for choosing SonarQube Higher number of facilities are available in SonarQube and suggesting the options for fixing the issues. Review Source ZR Zach R. CEO OWner Computer & Network Security Used the software for: 1-2 years ### "Never use SonarQube" February 13, 2025 1.0 This service is a complete scam. Let's start with how it ended. I canceled my account, only to find out that it did not actually cancel. So I contacted support. It took them 2 months to resolve my request and they continued billing my card when the account was 100% not in use and I had no access to it. Now they refuse to refund my money. This is after they increased the cost of my plan by 3x without my approval (which is what prompted me to want to leave). In order to try to reduce my cost, our engineering team attempted to discsonnect some unused repos... nope, not possible. NEVER use this service. You absolutely cannot trust them. It's unbelievable that their system cannot be canceled and yet somehow it's my fault and I continue to get billed while their support team takes weeks to respond. Pros There is nothing about this company that I would ever recommend. Cons Of all the terrible things about this service and company, it's their customer support that takes the cake! Review Source VR Verified Reviewer Software Engineer II A Information Technology and Services Used the software for: 1-2 years ### "Best Code Quality check Tool" August 25, 2022 5.0 We are really taking help of SonarQUbe in maintaining code quality. Doing code scanning on each JIRA story completion. It also helps our developers to improve their code quality. Coding standards are better now. Reports are very useful. Pros 1\. Calculate the quality of code and also helps to improve the quality by providing the solution 2. Highlight the vulnerabilities , repetitive line of code 3. Developer Friendly tool as it provides recommendations on the line of code which needs an improvement. 4. Create Scan reports on demand 5. Option to add exception in code Cons 1\. Report Generation sometime take long time. 2. User Interface should be enhanced. 3. Lack custom rule set 4. As per cost, it is little bit expensive. Alternatives considered [Embold](https://www.capterra.com/p/241514/Embold/)[Coverity](https://www.capterra.com/p/163552/Coverity-Static-Code-Analysis/)[CodeScan](https://www.capterra.com/p/204478/CodeScan/) Switched from [embold](https://www.capterra.com/p/175649/Gamma/)[Coverity](https://www.capterra.com/p/163552/Coverity-Static-Code-Analysis/) SOnarQube is better in terms of quality percentage, provide more insights. Review Source JK Jitae K. Sr. Devops Computer Software Used the software for: 2+ years ### "A powerful tool for code quality" September 30, 2025 5.0 Overall, SonarQube is very powerful tool to catch bugs and potential security issues in order to improve our code quality even though setting it up can be a little bit of challenges at the beginning. Also you can customize rules like we set up rules to match what our project needs based on project's use-cases Pros We've been SonarQube many years for catching bugs and integrated with Github. It does provide very clear reports showing how our code is doing in details and also what needs fixing. Cons As admin of SonarQube, setting up project and configure/integrating this to other app like TeamCity or AWS codebuild was bit tricky. I was struggling to set it up at the beginning and also UI is not really intuitive. Also we have to manage its server as well like upgrading! Review Source MP Michal P. Software Engineer Accounting Used the software for: 1-2 years ### "Perfect for detecting unit test coverage" February 28, 2025 4.0 Pros SonarQube is good at enforcing minimum code coverage on PRs Cons It is really difficult to run it locally, however once set up on github it runs well, and provides valuable insights on code coverage. Review Source YM Yusmeidy M. Java Developer Telecommunications Used the software for: 2+ years ### "Well defined by consistency and high operability" May 14, 2024 4.0 Brings quality and professionalism in the final results. It is an impressive tool. Pros One of the outstanding values about SonarQube is the speed of analysis. It makes it easy to collaborate with other features to generate clean codes. I and my team had an easy time during deployment. It was quite easy to relate with our needs. Combining all this benefits leads to a consistent and reliable coding behavior. Cons Installation of the tool was troublesome. We were forced to buy a new device with higher processing speed to avoid the numerous rebooting. Later, deployment and use was smooth. Review Source KG Kreasan G. Jnr HR Business Partner Construction Used the software for: 2+ years ### "SonarQube delivers high code quality standards for every project " May 22, 2024 5.0 Vibrant customer service and interactive product demo. Their work is great and commendable. Pros For a while, I used the SonarQube product demo which is great and interactive giving the best experience. The dashboard is easy to use since it is designed with a lot of clarity and motivation. While in use, SonarQube can detect and help remove secrets in code but at the same time offering security against any breaches. Dealing with security vulnerabilities in codes is now made possible. Lastly, there are clear security reports in PDF form which helps us to evaluate the risks on our systems. Cons It meets our quality and security expectations. No setbacks. Review Source Flor C. Software Developer Computer Software Used the software for: 1-2 years ### "A free tool for source code analysis" April 10, 2023 5.0 It helped me to be able to do my job in improving the code, giving me possible solutions and saving me time. Pros What I find most useful in this software is the code analysis, which gives detailed reports of the errors found and then suggests possible solutions. This saves time in software development.In addition, their large community helps solve problems that arise along the way. Cons Sometimes the reports can give false positives, which requires that the personnel in charge of handling the software carefully review the results to avoid false positives. Review Source Mo F. Lead DevOps Engineer Legal Services Used the software for: 2+ years ### "Developer friendly SAST" December 7, 2022 4.0 Pros We really like the IDE tool called SonarLint which makes it easy for developers to integrate with most IDEs and lint their code even before committing it to the repos. Another advantage was that we were able to self host our own instance on our Kubernetes cluster and keep the versions based on the containers we specify to pull. Cons Other engines tend to scan the same code base faster. Not too much of a con since this is all automated. Alternatives considered [Snyk](https://www.capterra.com/p/172252/Snyk/) Review Source SF Sadri F. Architecte organique Computer Software Used the software for: 2+ years ### "SonarQube l'outil a avoir" February 18, 2023 5.0 J'ai utilisé Sonarqube que ce soit avec l'invite de commande de faire une analyse du code avant de le pousser. et aussi la création du pipeline de compilation. Pros il s'intègre dans le pipeline de compilation Cons L'analyse du code prend du temps et parfois, il y a des recommandations qu'on ne peut pas corriger Reason for choosing SonarQube Il est paramétrable et il bien intègre à azure devops. Switched from [SonarLint](https://www.capterra.com/p/239669/SonarLint/) On doit justifier le produit choisi par rapport les fonctionnalités qu'il propose par rapport à ses concurrents. Review Source JRS Jimmy R S. Oficial de seguridad de la informacion Leisure, Travel & Tourism Used the software for: 1-2 years ### "Mejoras para Sonarqube" January 16, 2025 4.0 Buena herramienta para equipo red de una empresa y de manera gratis puedes crear plantillas de correo para todas las areas o parte de ellas Pros Envió de campañas de phising a usuarios de la empresa para reforzar ciberseguridad de las empresas Cons la configuración inicial es complicada y la gestión de seguridad envió de correos, hay pocos ejemplos practicos o estan fuera de actualizacion Review Source AC Allyson C. Senior Staff Engineer Computer Software Used the software for: 6-12 months ### "Navigating Code Clarity with SonarQube" May 23, 2024 5.0 Pros I love SonarQube's real-time code analysis, providing instant feedback. Recently, while working on a project, it flagged potential code smells, helping me enhance code quality preemptively. Cons It is sometimes overwhelming amount of information and alerts, which can make it challenging to prioritize and address issues effectively. Review Source MK Marcin K. Senior Technical Engineer/Senior DevOps Engineer Information Technology and Services Used the software for: 6-12 months ### "Staple in the CI/CD pipelined quality gate solutions " December 11, 2022 4.0 It allows our dev teams to keep consistent level of code quality and known issues proof in code and used target platforms so as to provide to end users/customers highest quality products delivered in CI/CD methodology. Pros Easily add source code analysis for potential bugs and pitfalls to warrant against developers' errors or just not efficient coding by novices, projects dependencies on vulnerable platforms and potential long-term support issues due to how your code is structured. Simple deployment of binaries needed for scans for major target build environments OSes, plus easy to use APIs, all for the benefit of easy integration into CI/CD pipelines. Cons Caps and limits on key server instance component required when obtaining config for project and preset rules, when sending analysis results or getting quality gate results may make the pipelines seem to fail without easier discerning real reasons. Review Source DØ Daniel Ø. Solution Architect Real Estate Used the software for: 2+ years ### "Review" August 16, 2021 4.0 It have been a mixed ride overall. The actualy code analysis is really great, the rest is so so. Pros The amount of errors it catches and that developers code look somewhat similar in mindset after using it for some time. Cons The setup with CodeCoverage is a nightmare and it seems is not working equallty well all the time. We also have a solution where it doesn't even work. Review Source Response from SonarSource August 19, 2021 Hi Daniel. Thank you for your review of SonarQube. We appreciate your feedback! Regarding your code coverage issues, have you checked out our Community Forum? There may be a solution/fix already identified and if not, you can easily start a new thread and provide us with the details around your workflow, language(s), etc. Thanks! Community Forum: https://community.sonarsource.com/ VR Verified Reviewer Software engineer Computer Software Used the software for: 2+ years ### "Evaluation with end user and software developer experience" June 28, 2022 5.0 Pros The ability to analyze static code is very useful to improve and maintain software quality. Defining special rules or editing the rules according to your needs provides flexibility. Cons in some scenarios, after updating the issue responsible, the same user may open an issue again in the next scan. we were forced to customize the rules for this. Review Source IR Ie R. DevOps Engineer Computer Software Used the software for: 1-2 years ### "Popular tool for code smell search in the organisation's repositories" August 8, 2023 5.0 Pros Easy-to-administer tool, with good functionality to monitor security part of your code (using SAST methodology), with ability to integrate with Jenkins, GitHub and other tools. You are able to fail the build if the code doesn't meet percentage score. Cons When new repository is added - there should be pop-up suggestion to create SonarQube project for it, coming from SonarQube. At the moment the user/administrator must watch out for new repositories in the organisation, without a note from the system itself that there is a new repository which you might want to add for scanning. Review Source VR Verified Reviewer Data developer Computer Software Used the software for: 6-12 months ### "Great tool for Code Quality" January 18, 2023 5.0 Pros I appreciated how SonarQube offers an extensive collection of static code analysis tools that are user-friendly and comprehendible. They make it simple to quickly recognize potential errors and safety flaws in your code. Moreover, it has effective reporting features to allow you to keep track of and observe code quality over time. Cons The biggest downside of SonarQube is that it can be difficult to configure and set up. It also requires a lot of manual configuration and maintenance. Review Source VR Verified Reviewer developer Telecommunications Used the software for: 1-2 years ### "SonarQube" May 24, 2022 5.0 Overall very easy to use and thus very helpfull tool. Pros We have SonarQube implemented in our company develop environment and it's very easy to use. Cons Constantly annoying me with my code smells :-) (just a joke!) Review Source MM Mansi M. Senior Software Engineer Information Technology and Services Used the software for: 1-2 years ### "SonarQube - Used to improve the code quality and security" December 21, 2022 5.0 SonarQube is a great tool to maintain code quality. Issues are divided into different categories like Bug, Major, Minor etc. Pros All the vulnerabilities and possible exceptions are flagged which becomes easy for developer. Rules can be customized as per the requirement. Provides the examples of compliant and non-compliant code. Cons Sometimes there are false positive issues Review Source CP Carlos P. QAE Computer Software Used the software for: 1-2 years ### "SonarQube Review" July 20, 2023 4.0 Overall experience about Sonarqube - Effective tool for improving code quality but demands expertise for setup and maintenance. Pros Comprehensive code quality analysis. Really good to detect bugs, vulnerabilities and code smells. And integration with popular CI/CD pipelines is really impressive. Cons Setup and configuration can be complex for begineers. And limited support for some programming languages is what could be improved. Review Source CZ Cristina Z. it specialist Information Technology and Services Used the software for: Less than 6 months ### "SonarQube" February 27, 2023 5.0 Pros The tool that got us better code. The integration of libraries and the amount of languages is enough to work with and integrate with other DevOps applications which is easy. Everything is very intuitive including the initial setup. Setting up multiple rules for languages is included as well as security. The static code scanning feature is good. The only thing is that the UI integration could be improved. Cons The only thing is that the UI integration could be improved, maybe even better documentation, but otherwise I am satisfied with the application, deployment without problems, integration with other applications as well. Review Source AS Anselmo S. IT Strategy Financial Services Used the software for: 2+ years ### "SonarQube cornerstone of our continuous development lifecycle " May 3, 2024 5.0 Pros Easy to use interface Rules flexibility Broad set of rules to activate Cons No roadmap for dynamic analysis Reports API not so flexible Fixed price approach Review Source AC Antonio C. Software Engineering Insurance Used the software for: 6-12 months ### "Code quality matters" March 1, 2024 4.0 Very positive as it allows you to improve the writing of your code. Pros Report both security and code quality vulnerabilities, indicating the reason for the flaw and the possible resolution. It allows you to set thresholds so as not to compromise too much the quality of the code and the coverage of the tests. Cons It is necessary to configure it to avoid false positives in terms of code quality that can block the release of the code. Review Source VR Verified Reviewer Senior FullStack Developer Internet Used the software for: 1-2 years ### "Un super outil pour améliorer la qualité de code et la maintenir" January 18, 2024 5.0 J'ai utilisé SonarQube sur des repositories contenant des applications Angular, .NET et des scripts SQL. A chaque fois les recommandations étaient pertinentes et ont pu améliorer la qualité du code. Pros SonarQube est complet. Il permet l'analyse de nombreux langages de développement sur plusieurs projets. Il propose de base plusieurs jeux de règles de qualité à appliquer et permet d'en ajouter d'autre. Pour chaque règle un exemple est fourni et des explications assez claire. Certaines règles concernent la qualité du code, mais pas que. Certaines touchent à la sécurité et d'autres aux performances. L'intégration dans un process de build via des tâches ou des jobs est assez facile. Cons Le plus gros inconvénient de SonarQube est son coût qui peut s'avérer, selon les projets, un peu élevé. L'outil est néanmoins très facile à utiliser et à mettre en place. Review Source Similar Products Featured