My team is now comparing SonarQube vs SonarSource as we try to determine which is best for our needs. I just downloaded the latest version of SonarQube community (8.9.1), and having been using the free version of SonarSource, and noticed different rule counts in quality profiles.
For example, the “Sonar way” built in Python profile has 147 rules in SonarCloud, but in the “Sonar way” built in for Python in the SonarQube community edition, we only get 134. Why might this be? Thanks!
Thanks for your question! If I understand your question, you want to compare SonarQube and SonarCloud. Both are SonarSource products. SonarCloud’s rules are always the latest version of SonarQube Developer Edition’s rules. This distinction means you also want a comparison of Community Edition versus Developer Edition of SonarQube.
SonarQube Community Edition is our base version that empowers you to run an analysis on your source code on-site for free and is really powerful when also using our free SonarLint tool. SonarQube Developer Edition has access to more rules than SonarQube Community Edition. Specifically, those for detecting injection vulnerabilities, but this feature is offered for free in SonarCloud. The Developer Edition allows you to have pull request decoration (not a feature in SonarQube Community Edition). Both SonarCloud and SonarQube Developer Edition have branch analysis and extra features with SonarLint. With SonarQube Developer Edition, you pay for these extra features while also being allowed to host yourself on-premises.
Basically, SonarCloud is very similar to SonarQube Developer Edition. In SonarCloud, we publicly host and help configure CI/CD pipeline for you, rather than privately hosting and configuring the server and CI/CD yourself. With SonarCloud, you pay for private projects based on the maximum number of lines of code you expect to use.
I would recommend you to reach out to one of our sales at email@example.com if you need more details so we’ll be able to help you make the right choice.