We are a small software company and we are planning to onboard Sonar as a code review tool. Now based on what we have seen so far, the pricing for SonarQube and SonarCloud seems identical (yearly vs monthly x12 ) .
So what exactly is the difference between the 2 of them?
Just that the code review is run on our server (Sonarqube) and on Sonar servers (Sonarcloud) ?
Thanks for asking the question I’ll try to answer as much as I can
I would say it depends on your needs and configuration.
Let’s try to answer some questions that might be interesting for you :
Where do you host your code ?
From your past posts in this community, it seems that your code is hosted on GitHub.com
SonarQube is meant to be integrated with on-premise solutions like GitHub Enterprise or BitBucket Server for example
SonarCloud is meant to be integrated with cloud solutions like GiHub.com or BitBucketCloud for example
How do you want to maintain SonarQube/SonarCloud and upgrade to the latest versions, rules etc ?
For SonarQube, you will install it, along with the database and you can update it when we release approximately every 2 months if you want to get the latest features we implement.
For SonarCloud, you will benefit from all the features that we deploy continuously automatically.
Pricing & Features
SonarQube comes with different editions : Community edition is free, and comes with language analysers for 15 languages and SonarLint. Developer Edition and above editions are commercial solutions that come with branch and PR analysis, smart notifications for SonarLint. Enterprise edition is designed for enterprises needs such as Governance for example. See more details here.
SonarCloud is designed for developers, is free for your free GitHub organizations and BitBucketCloud teams, comes with branch and PR analysis, 20+ languages and integration with SonarLint as well. Be aware that we want to move forward with SonarCloud as a cloud service, and provide tight integration with GitHub, BitBucket Cloud and Azure Devops for project setup, launching analysis and integration with cloud CI/CD tools like BitBucket Pipelines, etc… which you may not find in SonarQube, as it is designed as an on-premise product. Also, there are no features for governance in SonarCloud.
You have to pay for private organizations and you can see more details here
On top of these main topics, there are differences as well on Support, third-party integration, source code hosting…
I would recommend you to reach out to one of our sales at contact@sonarsource.com if you need more details so we’ll be able to help you make the right choice
If your whole toolchain is already using online services (e.g. GitHub+Travis, or Bitbucket Pipelines, or Azure Pipelines online) then it likely means SonarCloud is a good fit (you’ll be leveraging native integrations we offer with these online tools, and wouldn’t have to maintain an on-prem installation when you’re used to consuming online services).
If you build/test/package your application(s) on-prem, than fitting in an on-prem product like SonarQube likely makes more sense, as you’d likely want to avoid having a CI setup that spans across on-prem and cloud, with all of the technical considerations that this might imply (e.g. firewalls, NATs etc.).
A quick note too, to make it very clear from a static code analysis benefit point of view engine: SonarCloud runs the same Static Code Analysis engine as SonarQube Developer Edition.
There are also some subtle distinctions between how SonarQube and SonarCloud work that may or may not be important to you. One example is that SonarQube supports inline annotations in GitHub Pull Requests while SonarCloud does not.
@aurelie@NicoB
Thanks for the headsup. We decided to go with SonarQube finally as it suited our needs better. Unfortunately we have been facing some serious issues.
@edwagner
I think PR comments have been dropped and all reports are in the checks section.
If you’ve landed on this old thread looking for a comparison -> We recently published a blog post that expands on this topic to give additional guidance on SonarQube vs. SonarCloud.