SonarQube 10.0 is out!
New Webinar recording: What's New in SonarQube 9.9

SonarQube Community / Developer / Enterprise Editions

SonarQube system provides code quality testing, static code analysis, clean Code and checking the level of security of the code developed in the company - and in a continuous and regular manner.
The SonarQube system allows all developers to write cleaner and safer code, using convenient and modern work methods.

SonarQube provides the following capabilities:

  • Scanning 29 code languages: Java, C#, C, Objective C, C++, Javascript, TypeScript, Python, Go, Terraform, CloudFormation, Swift, Cobol, Apex, PHP, Kotlin, Kubernetes, Ruby, Scala, HTML, CSS, XML, ABAP, Flex, PL/1, PL/SQL, RPG, T-SQL, Visual Basic, VB6, code Secrets
  • SonarLint : an IDE plugin that detects bugs and security vulnerabilities, and offers solutions to fix them
  • Integration with IDEs, including VS Code, Visual Studio, IntelliJ, Eclipse and more
  • Integration with SCM tools including git, GitLab, GitHub, Bitbucket, Azure DevOps
  • Integration with CI (Continuous Integration) tools: Jenkins, GitLab CI, GitHub Actions, Azure DevOps, TeamCity
  • Integration with build frameworks, including Maven, Gradle, MSBuilt, makefile, Ant
  • Automation and more integration capabilities by using Webhooks and API
  • Optional: High Availability solution
  • Optional: Integration with legacy SCM tools such as ClearCase

SonarQube : Tech Demo (6 min.)

This video demonstrates the detection of bugs and security vulnerabilities (weaknesses) as well as the use of Hotspots

SonarQube Benefits

  • Open Source: SonarQube is open source: this allows you full control over the system (you can change and customize it according to your exact needs), and you can also see the conversations around the system components, participate in discussions about them and influence!
  • Made by software developers and intended to developers
  • Clean Code: SonarQube trains and empower develoeprs of writing cleaner and safer code
  • Fast Feedback: SonarQube allows receiving quick feedback as part of the Code Review
  • Shift Left: Applying best practices to quickly resolve security issues and bugs (and save money)
  • Efficient User interface that helps you get the whole picture and find injection flaws
  • Fully control over installation since SonarQube can be installed on-premise within an organization (and behind a firewall), as well as installation in the public cloud or any private cloud
  • Built-in Integrations with many tools such as VS Code, Jenkins, GitLab, GitHub, Azure DevOps, Docker, Kubernetes, Visual Studio, Eclipse, IntelliJ and more
  • Scale: SonarQube supports rapid growth: the system supports thousands of users on a single server, and there is also support for- High Availability
  • Performance: SonarQube improves scanning time and can utilize your compute resources to run faster
  • Fast onboarding: Installation is quite easy and you can quickly start getting results
  • Reliability: The product has over 6000 customers worldwide (and hundreds of thousands of users)

How we can help you?

Sonarsource SonarQube partner GitLab virtuoso
Jenkins Certified Azure developer AWS Developer Atlassian Jira Certified

ALM-Toolbox is an official distributor of SonarQube, and also specializes in providing additional solutions to SonarQube,
  • Planning SonarQube implementation (self-hosted, in private or public cloud)
  • Adding SonarQube to your workflows
  • SonarQube, git and CI/CD training. Click here to learn more.
  • We help in matching the organization's needs with the most appropriate licensing (on-premises and cloud)
  • Selling subscriptions and licenses
  • Providing trial licenses
  • We provide integrations with complementary tools and cloud environemnts, such as git, GitLab, Kubernetes, Jenkins, Bitbucket, GitHub Actions , Jira, AWS, Azure DevOps, GCP and more
  • Managed services and support center (with SLA)
  • Integrating SonarQube with CI/CD pipelines
  • Migration from other tools
We have vast experience in SonarQube, DevOps and DevSecOps. Contact us for any questions by email or call us

Feature & Pricing : Comparison Table

Note this is a partial list. We wrote a comprehensive comparison article and made a smart, fully and updated comparison list - contact us.
Feature \ Product Edition      Community (Free) Edition Developer Edition
Get a Quote
Enterprise Edition
Get a Quote
Data Center Edition
Get a Quote
Customer Support & SLA
Download updates
Email support -
Priority support Get the support you need. Highly-skilled support engineers are available to help you with all of your support needs.
SonarQube & 60+ plugins Library of plugins: SonarQube experience can be augmented by plugins. More than 60 community and commercial plugins are available for SonarQube, making it easy to enhance your experience with extra languages, metrics, pages. Plugins can also be developed to meet specific needs within an organization
SonarLint Get real-time code notifications from SonarQube in your IDE as you work. Track release status and keep abreast of issues you introduce. Integrated with Visual Studio, VS Code, IntelliJ and Eclipse.
Branch Analysis Track the quality of all feature and maintenance branches, to make sure only safe and secure code makes it in production. With GitHub Enterprise, Bitbucket Server or Microsoft Azure DevOps, SonarQube can directly comment in Pull Requests
master (main) only
Pull Request Decoration for GitLab, Bitbucket, GitHub and Azure DevOps Pull reques analysis: Use SonarQube pull request analysis and decoration to make sure your code is top-notch before you merge - and maybe even before you ask for human review.
Detection of injection flaws With detection of Injection Flaws, untrusted user input can be detected within the code, and sanitized before it compromises your application.
SonarLint notifications With GitLab CI/CD you can create a new environment for each one of your branches, speeding up your development process. Spin up dynamic environmeSmart notifications allow developers using Connected Mode in SonarLint to receive in-IDE notifications from SonarQube when the Quality Gate status (failed / success) of a project /solution open in the IDE changes or a SonarQube analysis raises new issues introduced by this developer in a project /solution open in the IDEnts for your merge requests with the ability to preview your branch in a live environment.
Decorate GitLab Merge Requests Quality Gate status in GitLab pipelines and merge request comments
MISRA compliance Compliant with MISRA C 2004, MISRA C 2012 and MISRA C++ 2008 standards for C, C++ , Java and Kotlin
Support for GitHub Checks & BitBucket Code Insights
Portfolio Management Organize a large portfolio of applications and projects the way you like. Create your own hierarchy and define category trees to the number and depth that works best for you
- -
Security Reports OWASP / SANS Security Reports: Built-in security reports, with developer friendly language, shorten the vulnerability feedback loop and get developers fixing security holes quickly.
- -
Executive Reporting Gain visibility into health factors such as operational risks and security risks. Generate, export and schedule reports in PDF format to ensure visibility of key metrics to all stakeholders. Get fast reporting and up-to-date information, no matter the number of projects.
- -
Project Transfer Consolidate projects from multiple SonarQube servers into a central instance where you can track your overall software portfolio.
- -
Component Redundancy Deploy SonarQube as a cluster of applications to avoid any interruption of the service: You can deploy SonarQube as a cluster of applications and search nodes to ensure that if a node fails, the other ones will take the lead to keep the service up and running. The SonarQube cluster will automatically recover from the unexpected situation and restore data resiliency.
- - -
Data Resiliency Deploy SonarQube as a cluster of applications to avoid any interruption of the service: You can deploy SonarQube as a cluster of applications and search nodes to ensure that if a node fails, the other ones will take the lead to keep the service up and running. The SonarQube cluster will automatically recover from the unexpected situation and restore data resiliency.
- - -
Horizontal Scalability Data Center Edition is designed for organizations running a very large deployment of SonarQube requiring maximum application uptime. High availability is achieved by adding redundancy to every node in the system. When combined with the Horizontal Scalability feature, Data Center Edition ensures rapid, reliable code analysis reporting - even when your instance grows to global proportions hosting thousands of users and projects.
- - -
Customer support Search globally through the API
- Extra charge Extra charge Included
Supporting Java
Supporting JavaScript
Supporting C#
Supporting TypeScript
Supporting Kotlin
Supporting Ruby
Supporting Go
Supporting Scala
Supporting Flex
Supporting Python
Supporting PHP
Supporting HTML
Supporting CSS
Supporting XML
Supporting VB.NET
Supporting C -
Supporting C++ -
Supporting Objective-C -
Supporting PL/SQL -
Supporting ABAP -
Supporting TSQL -
Supporting Swift -
Supporting Apex - -
Supporting Cobol - -
Supporting PL/1 - -
Supporting RPG - -
Supporting VB6 - -
Pricing and available licenses Free Subscription
Starts at $150
Get a Quote
Starts at $20,000
Get a Quote

Get a Quote

Need help deciding? Email us or use the chatter below

Note this is a partial list. We wrote a comprehensive comparison article and made a smart, fully and updated comparison list - contact us.

SonarQube: Training

We offer the following:

  1. SonarQube on-boarding training for developers, Security and DevOps (one day)
  2. SonarQube Admin training for DevOps and IT (one day)

Contact us to learn more:

SonarQube: Testimonials

SonarQube is very easy to use, and it is integrated in Jenkins to manage the jobs. It fits with ThalesRaytheonSystems needs, since we have many components, and many work packages, in different languages, and the notion of ‘portfolios’ is essential.

thalesJosiane Denis , ThalesRaytheonSystems

“One of the best things about SonarQube is its powerful dashboards. These enable our project managers and developers to view available metrics in different contexts, based on their role in the development process. By unifying this data and making it visible to all concerned, SonarQube has significantly improved the quality and depth of internal discussions about code quality.”

siemensSiemens SonarQube Service manager, Siemens

“we were doing tedious, manual code reviews of all the new code, every release version,” Zitro R&D Director Xavi Albors said.

zitroZitro R&D Director Xavi Albors