Plans and pricing

/ plans & pricing

The code verification and governance
layer for agentic coding.

No single check catches everything. Sonar guides AI agents before they write, verifies AI-generated code in the inner loop, and solves issues before they compound. A zero trust, multilayered approach from the agent's inner loop to the outer loop.

Code verification and governance for the AI era

Team

Team

Essential capabilities for small teams

Starts at

$34 monthly

Includes

  • Recommended for teams <50 developers
  • 30+ languages
  • Code quality standards
  • Detecting bugs and vulnerabilities
  • Secrets detection
  • AI-driven code fixes
  • Pull request analysis
  • Commercial support available
Compare features ↓
★ Most teams choose this
Enterprise

Enterprise

Mission critical scale & performance.

Annual price

Custom pricing

Team plan plus:

  • Advanced security reports & audit logs
  • OWASP, CWE, PCI DSS, and MISRA C++:2023
  • Unlimited users and projects
  • 40+ languages incl. ABAP, COBOL, Apex
  • SSO, SCIM, CMK/BYOK, IP allowlist
  • Enterprise hierarchy, portfolios, org-wide defaults
  • Customizable portfolio & project dashboards
  • GitHub Advanced Security integration
  • Enterprise SLA
  • Premium support available
Compare features ↓

Extend any plan

Go further with the Sonar Agent Essentials and SonarQube Advanced Security — built on top of Team or Enterprise, not beside them.

Agentic package · Team and Enterprise

Sonar Agent Essentials

Sonar's full agentic verification stack. Guides agents before they write, verifies AI-generated code in the inner loop, and remediates issues before they compound.

Usage-based · Custom pricing


  • Sonar Vortex New

    Guide agents with your architecture and standards before they write, then verify every output in real time inside the inner loop.

    • Inject context and constraints
    • Verify code in the agent loop
  • Remediation Agent

    Opens verified-fix PRs automatically. Build must pass before merge.

  • Integrated with agents using:

    • SonarQube CLI: Unified CLI for agentic workflows. Run analysis from any terminal, CI pipeline, or coding agent.
    • SonarQube MCP Server: Bring code quality and security into your AI workflow. Open source and free.
    • SonarQube agent plugins: Slash commands and quality gates for Claude Code, Gemini, and Kiro.

Works with

  • Claude Code
  • Codex
  • Cursor
  • Copilot

Team and Enterprise

SonarQube Advanced Security

Developer-first security for your first-party, AI-generated, and open source code — powered by advanced SAST and integrated SCA. Available for Team and Enterprise plans.

Team and Enterprise · Custom pricing


  • CVE detection

    Identify known vulnerabilities in open source dependencies, prioritized by severity and exploitability.

  • Malicious package detection

    Block compromised and malicious libraries from entering your supply chain in real time.

  • Dependency-aware taint analysis

    Traces data flow across code boundaries into third-party libraries — uncovering complex vulnerabilities that cross-file analysis alone misses.

  • SBOM Enterprise

    Generate and export a complete software bill of materials for every project.

  • License policy management Enterprise

    Define and enforce open source license policies across all projects and dependencies.

Feature comparison

Compare features

Capability Compare Click a section to expand or collapse SonarQube Team

$34 monthly

Starts at
★ Most teams choose this Enterprise

Custom pricing

Annual price
SonarQube MCP Server Claude Code, Codex, Cursor, Copilot Agent Yes Yes
SonarQube CLI Yes Yes
AI Code Assurance Quality gate for AI-generated code Yes Yes
AI-driven code fixes Yes Yes
Detect issues in AI-generated code Yes Yes
Languages and frameworks supported 30+ 40+
Quality gates and profiles Yes Yes
Architecture management Yes Yes
Technical debt management Yes Yes
Enforce custom coding standards Yes Yes
Test coverage Yes Yes
Pull request and branch analysis Yes Yes
SAST Yes Yes
Taint analysis Yes Yes
Secrets detection Yes Yes
IaC scanning Yes Yes
SCA and Advanced SAST Included in Advanced Security Enterprise subscription
OWASP Top 10, CWE, PCI DSS, STIG, CASA Yes
MISRA C++:2023 compliance Yes
Cyber Resilience Act (CRA) compliance Yes
GitHub Advanced Security integration Yes
Security reports and audit logs Yes
Unlimited users and projects Yes
SSO, SCIM, CMK/BYOK Yes
IP allowlist Yes
Enterprise hierarchy and portfolios Yes
Customizable dashboards Yes
Enterprise SLA Yes
Premium support Add-on Add-on

AI code review that turns your PRs green

Fixes validated against your CI pipeline. Try the full platform free for 14 days.

Best for getting started

Core

Unlimited public & private repos · Up to 50 users

$20 per user / month $25 per user / month

Billed annually · 14-day free trial Billed monthly · 14-day free trial

Get started

No credit card required

Includes

  • Unlimited code reviewsFully customizable review instructions
  • Automatic PR summaries
  • CI failure analysisGitHub Actions, GitLab Pipelines
  • Fixes via commentsAsk Gitar to fix issues on your PRs
  • Interactive agent on your PRs
  • Developer insights
Comprehensive platform engineering

Enterprise

Unlimited public & private repos · Unlimited users

Contact us

Custom pricing & agreements

Book a demo

Everything in Pro, plus

  • Self-hosted GitHub & GitLab
  • Bring your own LLM API key
  • SSO / SAML
  • Custom deployment options
  • Audit logs
  • Dedicated support
  • Custom agreements
  • Custom integrations
  • API access

FAQ

Frequently asked questions

Common questions about Sonar plans, pricing, and lines of code.

How does pricing work for private projects?

Subscribing to a paid plan on SonarQube allows you to create a private organization containing private projects.

There are two paid plans available: Team and Enterprise. You pay upfront for a maximum number of private lines of code to be analyzed in your organization.

SonarQube plan pricing starts at $32 monthly for analysis of up to 100k LOC. Other LOC increments are available, up to 1.9M LOC.

We also offer a free tier that allows you to explore SonarQube using your private projects up to a maximum of 50k LoC.

Do you offer pricing for a self-hosted solution?

Yes. If you prefer to manage your own infrastructure, SonarQube Server is our self-managed static analysis solution.

It's available in three editions — Developer, Enterprise, and Data Center — each priced per instance, per year, based on your lines of code (LOC). View SonarQube Server plans and pricing →

What payment options are available?

For the Team plan, payment is completed online via credit card and will happen automatically every month. For all billing questions, use the Contact Us form.

What is a Line of Code (LOC) on SonarQube?

LOCs are computed by summing up the lines of code of each project analyzed in SonarQube. The LOCs used for a project are the ones found during the most recent analysis of this project.

How are Lines of Code (LOCs) counted towards billing?

Only LOCs from your private projects are counted toward your maximum number of LOCs.

If your project contains branches, we only count the lines of code in your largest branch.

The count is not related to how frequently the source code is analyzed. If your private project has 6K LOCs and you analyze it 100 times in the month, this will be counted as 6K for the billing.

If you are getting close to the threshold, you will be notified to either upgrade your plan or reduce the number of LOCs in your projects.

Please note — in the future, we plan to introduce compute analysis measurements to enable admin monitoring of the volume of analyses made.

When will I be invoiced?

With SonarQube Team plan you will be invoiced once a month, the day of the month after your trial ends. For example if you start your free trial on January 1st, it will last until January 14th and you will be first billed on January 15th for your upcoming month, e.g. January 15th to February 15th.

Which programming languages does SonarQube Cloud support?

SonarQube currently supports the following languages and frameworks in the Team plan: Ansible, Azure Resource Manager, C, C++, CloudFormation, C#, CSS, Docker, Flex, Go, HTML, Java, JavaScript, Kotlin, Kubernetes, Objective-C, PHP, PL/SQL, Python, RPG, Ruby, Rust, Scala, Swift, Terraform, TypeScript, T-SQL, VB.NET, VB6, XML, JSON, YAML and Groovy. Additionally, the Enterprise Plan offers ABAP, COBOL, JCL, RPG, PL/I, and Apex.

Is support available for SonarQube?

Yes.

The SonarQube Enterprise plan includes commercial support (starting at 5M LOC).

For the Team plan commercial support is available to purchase (contact sales).

For the Free plan (as well as Enterprise and Team plans) the Sonar Community is a channel for you to ask questions and receive help from our community members.

Can I try a private project on SonarQube for free?

Yes. The free tier enables you to explore SonarQube with your private project up to a maximum size of 50k LoC. Sign up here.

Can I cancel my subscription?

Of course! There's no commitment. You can delete your paid organization whenever you wish. Or simply downgrade to the free tier if you wish to keep on analyzing some public projects.

Can I try the new enterprise features?

Yes. Please contact sales and request a trial of SonarQube Enterprise features to discover the value they will bring to your organization.

How can I get SCA?

SCA is available with the Advanced Security subscription available to Enterprise plan users. It offers vulnerability detection, license checks, and SBOM visibility. Head here to discover more.

Unsubscribe