Sonarcloud is a fixed rate every month or we only pay what we scanned for the month

Hi team,
After investigate some feature in Sonarcloud, compare with Sonarqube, we plan to start trial version to make some testing this solution on our application.
There are still some concern, could you please help advise me:

  • About the monthly payment for Sonarcloud. I was wondering whether a fixed rate will be applied or we will only be charged based on what we scan for earch month?
  • For security report, this feature is availble for Enterprise editition for Sonarqube, how about on Sonarcloud?? Do we still have a report??
  • What is the payment method for this application?? credit card or invoice?
  • For the trial method, 14 trial days apply to each gitlab account or it apply to each domain company name??


Hello @alecsu_huynh,

Welcome to the Community Forum.

I invite you to review the frequently asked questions when scrolling down here: Plans & Pricing | Sonar

Reporting features are only available on SonarQube Enterprise Edition. Feel free to request a free trial here: Request Free Trial | SonarQube Enterprise Edition | SonarQube

Payment is done online by credit card and will happen automatically every month, based on the plan you choose. We also accept purchase orders and wire transfer payments for yearly subscriptions of 1M LOCs or more.

The trial is for an organization which is tied to your GitLab group. In a SonarCloud organization, you can have as many users as you want.

Hope this clarifies,


Hi Luis
Thank you for your clarification
For the point: “Reporting features are only available on SonarQube Enterprise Edition” → how about the security report in SonarCloud? Is it still available??

Hello @alecsu_huynh,

Let me try to clarify. The Analysers used by SonarQube and SonarCloud are the same, so you will find the same vulnerabilities, security hotspots, bugs and code smells in both products.

In SonarCloud, you only can see them in the UI at project level. With SonarQube Enterprise Edition, you see it it in the UI at project level, but in addition you can get [security] reports that can aggregate data from multiple projects. You also get dedicated reports to track application security against categories of the OWASP and CWE Top 25 standards.

I invite you to give a try to SonarQube Enterprise Edition: Try Now Enterprise Edition | Sonar

Best regards,