USA / Canada 866-503-1471
International +972-722-405-222
SonarQube Community / Developer / Enterprise Editions
SonarQube system provides code quality testing, static code analysis, clean Code and checking the level of security of the code developed in the company - and in a continuous and regular manner.
The SonarQube system allows all developers to write cleaner and safer code, using convenient and modern work methods.
SonarQube provides the following capabilities:
- Scanning 29 code languages: Java, C#, C, Objective C, C++, Javascript, TypeScript, Python, Go, Terraform, CloudFormation, Swift, Cobol, Apex, PHP, Kotlin, Kubernetes, Ruby, Scala, HTML, CSS, XML, ABAP, Flex, PL/1, PL/SQL, RPG, T-SQL, Visual Basic, VB6, code Secrets
- SonarLint : an IDE plugin that detects bugs and security vulnerabilities, and offers solutions to fix them
- Integration with IDEs, including VS Code, Visual Studio, IntelliJ, Eclipse and more
- Integration with SCM tools including git, GitLab, GitHub, Bitbucket, Azure DevOps
- Integration with CI (Continuous Integration) tools: Jenkins, GitLab CI, GitHub Actions, Azure DevOps, TeamCity
- Integration with build frameworks, including Maven, Gradle, MSBuilt, makefile, Ant
- Automation and more integration capabilities by using Webhooks and API
- Optional: High Availability solution
- Optional: Integration with legacy SCM tools such as ClearCase
SonarQube : Tech Demo (6 min.)
This video demonstrates the detection of bugs and security vulnerabilities (weaknesses) as well as the use of HotspotsSonarQube Benefits
- Open Source: SonarQube is open source: this allows you full control over the system (you can change and customize it according to your exact needs), and you can also see the conversations around the system components, participate in discussions about them and influence!
- Made by software developers and intended to developers
- Clean Code: SonarQube trains and empower develoeprs of writing cleaner and safer code
- Fast Feedback: SonarQube allows receiving quick feedback as part of the Code Review
- Shift Left: Applying best practices to quickly resolve security issues and bugs (and save money)
- Efficient User interface that helps you get the whole picture and find injection flaws
- Fully control over installation since SonarQube can be installed on-premise within an organization (and behind a firewall), as well as installation in the public cloud or any private cloud
- Built-in Integrations with many tools such as VS Code, Jenkins, GitLab, GitHub, Azure DevOps, Docker, Kubernetes, Visual Studio, Eclipse, IntelliJ and more
- Scale: SonarQube supports rapid growth: the system supports thousands of users on a single server, and there is also support for- High Availability
- Performance: SonarQube improves scanning time and can utilize your compute resources to run faster
- Fast onboarding: Installation is quite easy and you can quickly start getting results
- Reliability: The product has over 6000 customers worldwide (and hundreds of thousands of users)
How we can help you?
ALM-Toolbox is an official distributor of SonarQube, and also specializes in providing additional solutions to SonarQube,
including:
- Planning SonarQube implementation (self-hosted, in private or public cloud)
- Adding SonarQube to your workflows
- SonarQube, git and CI/CD training. Click here to learn more.
- We help in matching the organization's needs with the most appropriate licensing (on-premises and cloud)
- Selling subscriptions and licenses
- Providing trial licenses
- We provide integrations with complementary tools and cloud environemnts, such as git, GitLab, Kubernetes, Jenkins, Bitbucket, GitHub Actions , Jira, AWS, Azure DevOps, GCP and more
- Managed services and support center (with SLA)
- Integrating SonarQube with CI/CD pipelines
- Migration from other tools
Articles
Feature & Pricing : Comparison Table
Note this is a partial list. We wrote a comprehensive comparison article and made a smart, fully and updated comparison list - contact us.| Feature \ Product Edition | Community (Free) Edition | Developer Edition
Get a Quote |
Enterprise Edition
Get a Quote |
Data Center Edition
Get a Quote |
|---|---|---|---|---|
| Customer Support & SLA | ||||
| Download updates |  |
|
|
|
| Email support | - | |
|
|
|
Priority support
Get the support you need. Highly-skilled support engineers are available to help you with all of your support needs.
|
- | |
|
|
| Features | ||||
|
SonarQube & 60+ plugins
Library of plugins: SonarQube experience can be augmented by plugins. More than 60 community and commercial plugins are available for SonarQube, making it easy to enhance your experience with extra languages, metrics, pages. Plugins can also be developed to meet specific needs within an organization
| |
|
|
|
|
SonarLint
Get real-time code notifications from SonarQube in your IDE as you work. Track release status and keep abreast of issues you introduce. Integrated with Visual Studio, VS Code, IntelliJ and Eclipse.
| |
|
|
|
|
Branch Analysis
Track the quality of all feature and maintenance branches, to make sure only safe and secure code makes it in production.
With GitHub Enterprise, Bitbucket Server or Microsoft Azure DevOps, SonarQube can directly comment in Pull Requests
| master (main) only | |
|
|
|
Pull Request Decoration for GitLab, Bitbucket, GitHub and Azure DevOps
Pull reques analysis: Use SonarQube pull request analysis and decoration to make sure your code is top-notch before you merge - and maybe even before you ask for human review.
| - | |
|
|
|
Detection of injection flaws
With detection of Injection Flaws, untrusted user input can be detected within the code, and sanitized before it compromises your application.
| - | |
|
|
|
SonarLint notifications
With GitLab CI/CD you can create a new environment for each one of your branches, speeding up your development process. Spin up dynamic environmeSmart notifications allow developers using Connected Mode in SonarLint to receive in-IDE notifications from SonarQube when the Quality Gate status (failed / success) of a project /solution open in the IDE changes or a SonarQube analysis raises new issues introduced by this developer in a project /solution open in the IDEnts for your merge requests with the ability to preview your branch in a live environment.
| - | |
|
|
|
Decorate GitLab Merge Requests
Quality Gate status in GitLab pipelines and merge request comments
| - | |
|
|
|
MISRA compliance
Compliant with MISRA C 2004, MISRA C 2012 and MISRA C++ 2008 standards for C, C++ , Java and Kotlin
| - | |
|
|
|
Support for GitHub Checks & BitBucket Code Insights
| - | |
|
|
|
Portfolio Management
Organize a large portfolio of applications and projects the way you like. Create your own hierarchy and define category trees to the number and depth that works best for you
| - | - | |
|
|
Security Reports
OWASP / SANS Security Reports: Built-in security reports, with developer friendly language, shorten the vulnerability feedback loop and get developers fixing security holes quickly.
| - | - | |
|
|
Executive Reporting
Gain visibility into health factors such as operational risks and security risks. Generate, export and schedule reports in PDF format to ensure visibility of key metrics to all stakeholders. Get fast reporting and up-to-date information, no matter the number of projects.
|
- | - | |
|
|
Project Transfer
Consolidate projects from multiple SonarQube servers into a central instance where you can track your overall software portfolio.
|
- | - | |
|
|
Component Redundancy
Deploy SonarQube as a cluster of applications to avoid any interruption of the service: You can deploy SonarQube as a cluster of applications and search nodes to ensure that if a node fails, the other ones will take the lead to keep the service up and running. The SonarQube cluster will automatically recover from the unexpected situation and restore data resiliency.
|
- | - | - | |
|
Data Resiliency
Deploy SonarQube as a cluster of applications to avoid any interruption of the service: You can deploy SonarQube as a cluster of applications and search nodes to ensure that if a node fails, the other ones will take the lead to keep the service up and running. The SonarQube cluster will automatically recover from the unexpected situation and restore data resiliency.
|
- | - | - | |
|
Horizontal Scalability
Data Center Edition is designed for organizations running a very large deployment of SonarQube requiring maximum application uptime. High availability is achieved by adding redundancy to every node in the system. When combined with the Horizontal Scalability feature, Data Center Edition ensures rapid, reliable code analysis reporting - even when your instance grows to global proportions hosting thousands of users and projects.
|
- | - | - | |
|
Customer support
Search globally through the API
|
- | Extra charge | Extra charge | Included |
| Supporting Java | |
|
|
|
| Supporting JavaScript | |
|
|
|
| Supporting C# | |
|
|
|
| Supporting TypeScript | |
|
|
|
| Supporting Kotlin | |
|
|
|
| Supporting Ruby | |
|
|
|
| Supporting Go | |
|
|
|
| Supporting Scala | |
|
|
|
| Supporting Flex | |
|
|
|
| Supporting Python | |
|
|
|
| Supporting PHP | |
|
|
|
| Supporting HTML | |
|
|
|
| Supporting CSS | |
|
|
|
| Supporting XML | |
|
|
|
| Supporting VB.NET | |
|
|
|
| Supporting C | - | |
|
|
| Supporting C++ | - | |
|
|
| Supporting Objective-C | - | |
|
|
| Supporting PL/SQL | - | |
|
|
| Supporting ABAP | - | |
|
|
| Supporting TSQL | - | |
|
|
| Supporting Swift | - | |
|
|
| Supporting Apex | - | - | |
|
| Supporting Cobol | - | - | |
|
| Supporting PL/1 | - | - | |
|
| Supporting RPG | - | - | |
|
| Supporting VB6 | - | - | |
|
| Pricing and available licenses | Free | Subscription
Starts at $150 Get a Quote |
Subscription
Starts at $20,000 Get a Quote |
Subscription
Get a Quote |
Need help deciding? Email us or use the chatter below
Note this is a partial list. We wrote a comprehensive comparison article and made a smart, fully and updated comparison list - contact us.SonarQube: Training
We offer the following:
- SonarQube on-boarding training for developers, Security and DevOps (one day)
- SonarQube Admin training for DevOps and IT (one day)
Contact us to learn more: training@almtoolbox.com
SonarQube is very easy to use, and it is integrated in Jenkins to manage the jobs. It fits with ThalesRaytheonSystems needs, since we have many components, and many work packages, in different languages, and the notion of ‘portfolios’ is essential.
“One of the best things about SonarQube is its powerful dashboards. These enable our project managers and developers to view available metrics in different contexts, based on their role in the development process. By unifying this data and making it visible to all concerned, SonarQube has significantly improved the quality and depth of internal discussions about code quality.”
“we were doing tedious, manual code reviews of all the new code, every release version,” Zitro R&D Director Xavi Albors said.
SonarQube: Testimonials
Josiane Denis , ThalesRaytheonSystems
Siemens SonarQube Service manager, Siemens
Zitro R&D Director Xavi Albors
Test Management
Service Desk (ITSM)
- Jenkins
- GitLab CI
- DBmaestro (Français)
- Jenkins Monitoring
- InstallBuilder
- ג'נקינס בעברית
- בעברית GitLab
- קורס חדש GitLab CI/CD
Static Code Analysis
Cloud & Kubernetes
- Health Checks
- Reports, Charts and Analytics
- Visual Annotate Desktop Edition
- Visual Annotate for Eclipse \ Linux
- Automatic Environment Installation
- Performance Monitoring
- Health Checks as a Service
- ClearCase JIRA Bridge
- ClearCase Git Bridge
