SonarCloud vs SonarQube

Hi Sonar Community,

We are a small software company and we are planning to onboard Sonar as a code review tool. Now based on what we have seen so far, the pricing for SonarQube and SonarCloud seems identical (yearly vs monthly x12 ) .
So what exactly is the difference between the 2 of them?
Just that the code review is run on our server (Sonarqube) and on Sonar servers (Sonarcloud) ?

Any help is greatly appreciated :slight_smile:

3 Likes

Hi Juliana,

Thanks for asking the question :slight_smile: I’ll try to answer as much as I can :slight_smile:

I would say it depends on your needs and configuration.
Let’s try to answer some questions that might be interesting for you :

Where do you host your code ?

From your past posts in this community, it seems that your code is hosted on GitHub.com

  • SonarQube is meant to be integrated with on-premise solutions like GitHub Enterprise or BitBucket Server for example

  • SonarCloud is meant to be integrated with cloud solutions like GiHub.com or BitBucketCloud for example

How do you want to maintain SonarQube/SonarCloud and upgrade to the latest versions, rules etc ?

  • For SonarQube, you will install it, along with the database and you can update it when we release approximately every 2 months if you want to get the latest features we implement.

  • For SonarCloud, you will benefit from all the features that we deploy continuously automatically.

Pricing & Features

  • SonarQube comes with different editions : Community edition is free, and comes with language analysers for 15 languages and SonarLint. Developer Edition and above editions are commercial solutions that come with branch and PR analysis, smart notifications for SonarLint. Enterprise edition is designed for enterprises needs such as Governance for example. See more details here.

  • SonarCloud is designed for developers, is free for your free GitHub organizations and BitBucketCloud teams, comes with branch and PR analysis, 20+ languages and integration with SonarLint as well. Be aware that we want to move forward with SonarCloud as a cloud service, and provide tight integration with GitHub, BitBucket Cloud and Azure Devops for project setup, launching analysis and integration with cloud CI/CD tools like BitBucket Pipelines, etc… which you may not find in SonarQube, as it is designed as an on-premise product. Also, there are no features for governance in SonarCloud.
    You have to pay for private organizations and you can see more details here

On top of these main topics, there are differences as well on Support, third-party integration, source code hosting…

I would recommend you to reach out to one of our sales at contact@sonarsource.com if you need more details so we’ll be able to help you make the right choice :slight_smile:

Have a great day !

8 Likes

Hi Juliana,

To complement Aurélie’s points, one of the questions you should ask yourself essentially is: where is you build pipeline (your Continuous Integration environment) currently running? (independently from SonarQube/SonarCloud)

  • If your whole toolchain is already using online services (e.g. GitHub+Travis, or Bitbucket Pipelines, or Azure Pipelines online) then it likely means SonarCloud is a good fit (you’ll be leveraging native integrations we offer with these online tools, and wouldn’t have to maintain an on-prem installation when you’re used to consuming online services).
  • If you build/test/package your application(s) on-prem, than fitting in an on-prem product like SonarQube likely makes more sense, as you’d likely want to avoid having a CI setup that spans across on-prem and cloud, with all of the technical considerations that this might imply (e.g. firewalls, NATs etc.).

A quick note too, to make it very clear from a static code analysis benefit point of view engine: SonarCloud runs the same Static Code Analysis engine as SonarQube Developer Edition.

Totally agree with Aurélie that, should you have any specific requirement/doubt, contacting SonarSource directly is a good way to clarify things (as was opening this topic in the first place). Mid-term our Product Marketing folks are also working on having clearer guidance available online to guide through our product offering.

Whatever best fits your needs, enjoy the product!

6 Likes

There are also some subtle distinctions between how SonarQube and SonarCloud work that may or may not be important to you. One example is that SonarQube supports inline annotations in GitHub Pull Requests while SonarCloud does not.

@aurelie @NicoB
Thanks for the headsup. We decided to go with SonarQube finally as it suited our needs better. Unfortunately we have been facing some serious issues.

@edwagner
I think PR comments have been dropped and all reports are in the checks section.

If you’ve landed on this old thread looking for a comparison -> We recently published a blog post that expands on this topic to give additional guidance on SonarQube vs. SonarCloud.

3 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.