/ plans & pricing

The verification and governance
layer for agentic coding.

No single check catches everything. Sonar guides agents before they write, verifies AI-generated code in the inner loop, and solves issues before they compound. A zero trust, multilayered approach from the agent's inner loop to the outer loop.

SonarQube Cloud · Server Gitar AI code review
/ jump to SonarQube Agent Engine Compare SonarQube Plans Gitar FAQ

Code verification and governance for the AI era

Team

Team

Essential capabilities for small teams

Starts at
$32 monthly
Includes
  • Recommended for teams <50 developers
  • 30+ languages
  • Code quality standards
  • Detecting bugs and vulnerabilities
  • Secrets detection
  • AI-driven code fixes
  • Pull request analysis
  • Commercial support available
Request trial Contact sales
Compare features ↓
★ Most teams choose this
Enterprise

Enterprise

Mission critical scale & performance.

Annual price
Custom pricing
Team plan plus:
  • Advanced security reports & audit logs
  • OWASP, CWE, PCI DSS, and MISRA C++:2023
  • Unlimited users and projects
  • 40+ languages incl. ABAP, COBOL, Apex
  • SSO, SCIM, CMK/BYOK, IP allowlist
  • Enterprise hierarchy, portfolios, org-wide defaults
  • Customizable portfolio & project dashboards
  • GitHub Advanced Security integration
  • Enterprise SLA
  • Premium support available
Contact sales Request a demo
Compare features ↓

Extend any plan

Go further with the Sonar Agent Engine and SonarQube Advanced Security — built on top of Team or Enterprise, not beside them.

Agentic tier · Team and Enterprise

Sonar Agent Engine

Sonar's full agentic verification stack. Guides agents before they write, verifies AI-generated code in the inner loop, and remediates issues before they compound.

Usage-based · Custom pricing
  • Sonar Context Augmentation
    Inject your architecture, security standards, and rules into agents from the first prompt.
  • SonarQube Agentic Analysis
    Verify AI-generated code inside the agent's inner loop — as code is written, not after.
  • SonarQube Remediation Agent
    Opens verified-fix PRs automatically. Build must pass before merge.
  • SonarQube MCP Server
    Bring code quality and security into your AI workflow. Open source and free.
  • SonarQube CLI
    Unified CLI for agentic workflows. Run analysis from any terminal, CI pipeline, or coding agent.
  • SonarQube agent plugins
    Slash commands and quality gates for Claude Code, Gemini, and Kiro.
  • SonarQube for IDE
    On-the-fly analysis in VS Code, IntelliJ, Eclipse, and more.
Works with
Claude Code Codex Cursor Copilot
Team and Enterprise

SonarQube Advanced Security

Developer-first security for your first-party, AI-generated, and open source code — powered by advanced SAST and integrated SCA. Available for Team and Enterprise plans.

Team and Enterprise · Custom pricing
  • CVE detection
    Identify known vulnerabilities in open source dependencies, prioritized by severity and exploitability
  • Malicious package detection
    Block compromised and malicious libraries from entering your supply chain in real time
  • Dependency-aware taint analysis
    Traces data flow across code boundaries into third-party libraries — uncovering complex vulnerabilities that cross-file analysis alone misses
  • SBOM Enterprise
    Generate and export a complete software bill of materials for every project
  • License policy management Enterprise
    Define and enforce open source license policies across all projects and dependencies
Feature comparison

Compare features

Capability Compare Click a section to expand or collapse SonarQube Team
$32 monthly
Starts at 		★ Most teams choose this Enterprise
Custom pricing
Annual price
SonarQube MCP Server Claude Code, Codex, Cursor, Copilot AgentYesYes
SonarQube CLIYesYes
AI Code Assurance Quality gate for AI-generated codeYesYes
AI-driven code fixesYesYes
Detect issues in AI-generated codeYesYes
Languages and frameworks supported30+40+
Quality gates and profilesYesYes
Architecture managementYesYes
Technical debt managementYesYes
Enforce custom coding standardsYesYes
Test coverageYesYes
Pull request and branch analysisYesYes
SASTYesYes
Taint analysisYesYes
Secrets detectionYesYes
IaC scanningYesYes
SCA and Advanced SASTIncluded in Advanced Security Enterprise subscription
OWASP Top 10, CWE, PCI DSS, STIG, CASAYes
MISRA C++:2023 complianceYes
Cyber Resilience Act (CRA) complianceYes
GitHub Advanced Security integrationYes
Security reports and audit logsYes
Unlimited users and projectsYes
SSO, SCIM, CMK/BYOKYes
IP allowlistYes
Enterprise hierarchy and portfoliosYes
Customizable dashboardsYes
Enterprise SLAYes
Premium supportAdd-onAdd-on

AI code review that fixes your code

Not just comments. Real fixes, validated against your CI pipeline. Try the full platform free for 14 days.

Best for getting started

Core

Unlimited public & private repos · Up to 50 users

$20 per user / month $25 per user / month
Billed annually · 14-day free trial Billed monthly · 14-day free trial
Get started
No credit card required
Includes
  • Unlimited code reviewsFully customizable review instructions
  • Automatic PR summaries
  • CI failure analysisGitHub Actions, GitLab Pipelines
  • Fixes via commentsAsk Gitar to fix issues on your PRs
  • Interactive agent on your PRs
  • Developer insights
★ Best for growing teams
Most popular

Pro

Unlimited public & private repos · Up to 50 users

$40 per user / month $50 per user / month
Billed annually · 14-day free trial Billed monthly · 14-day free trial
Start free trial
No credit card required
Everything in Core, plus
  • Auto-approve & merge blockingApprove PRs automatically, block merges on issues
  • Auto-applyFix until PR is green
  • Advanced CI failure analysisCircleCI, Buildkite, Bitrise
  • 3rd-party integrationsSlack, Linear, Jira
  • User-defined checks & automations
  • Advanced insights
Comprehensive platform engineering

Enterprise

Unlimited public & private repos · Unlimited users

Contact us
Custom pricing & agreements
Book a demo
Everything in Pro, plus
  • Custom integrations
  • API access
  • Self-hosted GitHub & GitLab
  • Custom deployment options
  • Bring your own LLM API key
  • SSO / SAML
  • Audit logs
  • Dedicated support
  • Custom agreements
Enterprise-ready SOC 2 Certified · ISO 27001 Certified · GDPR Verified · Zero data retention
Trusted by teams at
FAQ

Frequently asked questions

Common questions about Sonar plans, pricing, and lines of code.

How does pricing work for private projects?

Subscribing to a paid plan on SonarQube allows you to create a private organization containing private projects.

There are two paid plans available: Team and Enterprise. You pay upfront for a maximum number of private lines of code to be analyzed in your organization.

SonarQube plan pricing starts at $32 monthly for analysis of up to 100k LOC. Other LOC increments are available, up to 1.9M LOC.

We also offer a free tier that allows you to explore SonarQube using your private projects up to a maximum of 50k LoC.

Do you offer pricing for a self-hosted solution?

Yes. If you prefer to manage your own infrastructure, SonarQube Server is our self-managed static analysis solution.

It's available in three editions — Developer, Enterprise, and Data Center — each priced per instance, per year, based on your lines of code (LOC). View SonarQube Server plans and pricing →

What payment options are available?

For the Team plan, payment is completed online via credit card and will happen automatically every month. For all billing questions, use the Contact Us form.

What is a Line of Code (LOC) on SonarQube?

LOCs are computed by summing up the lines of code of each project analyzed in SonarQube. The LOCs used for a project are the ones found during the most recent analysis of this project.

How are Lines of Code (LOCs) counted towards billing?

Only LOCs from your private projects are counted toward your maximum number of LOCs.

If your project contains branches, we only count the lines of code in your largest branch.

The count is not related to how frequently the source code is analyzed. If your private project has 6K LOCs and you analyze it 100 times in the month, this will be counted as 6K for the billing.

If you are getting close to the threshold, you will be notified to either upgrade your plan or reduce the number of LOCs in your projects.

Please note — in the future, we plan to introduce compute analysis measurements to enable admin monitoring of the volume of analyses made.

When will I be invoiced?

With SonarQube Team plan you will be invoiced once a month, the day of the month after your trial ends. For example if you start your free trial on January 1st, it will last until January 14th and you will be first billed on January 15th for your upcoming month, e.g. January 15th to February 15th.

Which programming languages does SonarQube Cloud support?

SonarQube currently supports the following languages and frameworks in the Team plan: Ansible, Azure Resource Manager, C, C++, CloudFormation, C#, CSS, Docker, Flex, Go, HTML, Java, JavaScript, Kotlin, Kubernetes, Objective-C, PHP, PL/SQL, Python, RPG, Ruby, Rust, Scala, Swift, Terraform, TypeScript, T-SQL, VB.NET, VB6, XML, JSON, YAML and Groovy. Additionally, the Enterprise Plan offers ABAP, COBOL, JCL, RPG, PL/I, and Apex.

Is support available for SonarQube?

Yes.

The SonarQube Enterprise plan includes commercial support (starting at 5M LOC).

For the Team plan commercial support is available to purchase (contact sales).

For the Free plan (as well as Enterprise and Team plans) the Sonar Community is a channel for you to ask questions and receive help from our community members.

Can I try a private project on SonarQube for free?

Yes. The free tier enables you to explore SonarQube with your private project up to a maximum size of 50k LoC. Sign up here.

Can I cancel my subscription?

Of course! There's no commitment. You can delete your paid organization whenever you wish. Or simply downgrade to the free tier if you wish to keep on analyzing some public projects.

Can I try the new enterprise features?

Yes. Please contact sales and request a trial of SonarQube Enterprise features to discover the value they will bring to your organization.

How can I get SCA?

SCA is available with the Advanced Security subscription available to Enterprise plan users. It offers vulnerability detection, license checks, and SBOM visibility. Head here to discover more.

Ready to verify your AI code?

Start with a 14-day Team trial, or talk to sales about Enterprise.

Request trial Contact sales