Sonar static code analysis

SonarCloud or SonarQube

SonarQube (self-managed) and SonarCloud (hosted) offer static code analysis with hundreds of unique rules to find bugs, vulnerabilities, and more in your code.

Download SonarQube for Free -->Try SonarCloud for Free -->

SonarCloud and SonarQube

SonarCloud and SonarQube are valuable tools to help you write clean, quality code in your projects. Both products rely on the same underlying static analysis engine to find bugs, vulnerabilities, and code smells and generate valuable code quality metrics. So, which product is best for you and your team to write clean code?

Are your team, code, and workflow fully cloud-based?

If you’re looking for a hosted static analysis option, then SonarCloud is a great choice. As a hosted offering, users do not have to worry about installation or maintenance. No need to speak with a sales rep or request a license key - get automatic code analysis results on your private or public projects in minutes! At a high level, SonarCloud offers:

Automatic, zero-configuration, analysis with GitHub for many popular languages
Authentication integration with GitHub, Azure DevOps, Bitbucket and GitLab
Immediate access to new features and functionality
Easily integrate with cloud platforms like GitHub.com or Bitbucket Cloud
Free open source analysis
Usage-based pricing model for private projects

Try SonarCloud for Free -->

refactoring bits of code and quality checks are shown as an abstract of a developers environment.

Looking for a self-managed solution?

If you’re looking for a self-managed static code analysis option, then open-source based SonarQube is a great choice. SonarQube Developer Edition and Enterprise Edition also include additional enterprise features that may be valuable to your organization’s specific use case(s). This functionality falls into five main categories: authentication, governance, executive reporting, multiple repository support, and extensibility. At a high level, SonarQube offers:

Offers a Long-Term Support (LTS) version
Run your instance your way, as a virtual machine, on Docker, or with Kubernetes with vertical and horizontal scaling support
Easy project onboarding with integration to GitHub, GitLab, Azure and Bitbucket; in-cloud and on-premises
Commerical features include executive-level reporting capabilities, security reports including coverage for OWASP Top 10 and CWE Top 25 and more, portfolios support, multiple DevOps platform support and more
Advanced security analysis with deeper SAST
Customers install and maintain their environment
Free open source analysis with Community Edition
A yearly subscription based on lines of code for commercial editions

Download SonarQube Now -->

code review with issues such as bugs, vulnerabilities, security hotspots and code smells.

How are SonarQube and SonarCloud similar?

Open source analysis is always free with SonarQube Community Edition and SonarCloud
No commitment, 14-day free trial offering
Both are based on the same underlying static analysis engine to catch bugs, vulnerabilities, and code smells
Both generate valuable code quality metrics
Quality Gates keep code with issues from being released to production, a key tool in helping you incorporate the Clean as You Code methodology.
IDE Support with SonarLint integration
Efficient and fast SAST analysis
Fast issue resolution and clean remediation guidance
Both products cover essentially the same languages (SonarCloud doesn’t support PL/I, RPG or VB6).
Ability to integrate with CI/CD workflow of most DevOps platforms
And more!

Setting up SonarQube and SonarCloud is easy

Featured Blog post

SonarCloud or SonarQube? - Guidance on Choosing One for Your Team

Learn about the similarities and key differences between SonarCloud and SonarQube and which one is best for your use case.

Read Blog Post

image of the soanrcloud and sonarqube logos

Background image of bits of code connecting to each other

start your clean code journey now

Download SonarQube For Free -->Try SonarCloud For Free -->