I’m new to SonarQube and we would like to implement Sonarqube in our organization CICD pipeline. We are evaluating Community edition vs Enterprise edition with regard to security and other important differences. Any inputs on this will be helpful
Greetings,
A comparison of editions can be found at https://www.sonarsource.com/plans-and-pricing/!
Otherwise, we’d recommend requesting a trial license and getting in touch with a SonarSource sales representative for further discussion.
Colin
Hi Colin,
Please tell me how many developers can use a developer’s edition and Enterprise edition.
I could not find any information about users limit here.
There is no page comparing all versions
- Community Edition
- Developer Edition
- Enterprise
Or is there?
(Terrible website tbh … very hard to find distinct info)
Hi @chm124
Thanks for the honest feedback on our new website.
You can find comparison here: Plans & Pricing | Sonar
If you see on the Developer Edition tab, there are “grey” bullet points, these are not available in Developer Edition. Some of them are in blue in Enterprise Edition, all of them are available in Data Center Edition.
If you want to discuss more about differences / what would fit your needs, I encourage you to reach out to contact@sonarsource.com and explain which company you are part of and what you are looking for, so we can help you in private.
HTH,
Carine
Hello @Carine_Bayon
Thanks for this very quick answer.
I was aware of the link you’ve posted above. That page doesn’t show the CE version. I know what the CE edition lacks when compared to the paid versions - still I don’t get it why you cannot compare all 4 versions on 1 page. (But you don’t have to explain me. We also have a marketing dept. in our company.)
The point is - my manager wants to see the comparison of all the versions, incl. the free one. We have so much code - starting with Dev. edition would already by very pricey.
And yes, sooner or later I will get in contact with some of you folks via email.
Thanks again & have a good day,
Christoph
Hello @chm124
For your manager, here you are: Download | SonarQube
On this page, you have all the differences between the 4 editions (Community to Data Center).
Have a nice day!
Carine
Can I use sonarqube free version within my organization? Without any limitations on LOC?
yes. but that most probably depends on your organization, doesn’t it?
yes
What do you mean by depends on the organization?
I’d second that feedback … a bit.
I remember after it was shoved on us i was
a) scared/surprised by the whale and the red hue 
and
b) realized the deterioration of pricing info as suboptimal
What do i mean with b)? … For the commercial Editions the “Lines of Code”-Barriers are not shown instantly, only the better advertisement e.g. “FROM $20,000” … and in the first Faq " How are the plans licensed?" i can onyl read:
Developer Edition pricing starts at $150/yr for a maximum of 100,000 LOC and can extend to $65K/yr for a maximum of 20M LOC.
Enterprise Edition pricing starts at $20K/yr for a maximum of 1M LOC and can extend to $240K/yr for a maximum of 100M LOC.
(again no clear LoC-Barriers)
The Get in touch under this text leads to the only page that can show these clear loc-barriers but you need to manually change the URL to find out these barriers for develper/enterprise edition (change the last part of URL to the edition you are interested) … i mean this"transparent display of the loc-barriers":
Maybe this feedback is helpful for the ppl who decide about the things you A/B test 
I do not know about the things your organization regulates concerning the usage of Sonarqube (concerning any Software actually, that is what i ment). So i guess — as a fellow user of SQ — that you most probably can use sq free there. But even if that is true, i think, you must check internally.
(but mayb it might be helpful — if you really want to ask more questions concerning your case — that you open your own thread. This one is already rather aged, it smells a bit already 
)
1 Like
To be honest, the pricing per LOC is on self-managed instances absurd to me. Is it 1994? I’m in a recognized brand name enterprise and literally every engineering manager gave a hard NO on that fact alone. Especially when we only even want the paid licenses for the Pull Request integration. We have a couple hundred devs maintaining probably 200 components being constantly committed in a CD environment. We’d plow through that quota pretty fast even if we were only analyzing PRs. It just encourages to write terse, potentially unreadable code and avoid change like the plague. That’s toxic in an agile environment. This customer was lost.
We feel good about our consumption-based pricing model (users who use more should pay more, users who use less should pay less).
And, I want to make sure it’s clear that a license’s Lines of Code limit refers to the total amount of code (more specifically, the sum of the largest branch of each project) analyzed on your SonarQube instance at any given time.
It does not work, for example, by eating up your quota each time you commit code.
If you analyze an application with 10,000 lines of code, add a commit with 100 lines, remove 50 lines, and modify some existing lines, at the end of the day that project is using 10,050 lines of code towards your license limit.
If you analyze 100 pull requests and the application overall grows to 12,000 lines of code… that project is using 12,000 lines of code towards your license limit (even if you changed every line of code in the project).
If you’re already using Community Edition, you can see the total Lines of Code for your instance in the global Administration > System.
That makes a bit more sense than how it appears on the site – I’d suggest improving on that, however, I’d still argue that the model is outdated and promotes terse code over quality code or even actively developed code, particularly when there’s so much templated boilerplate these days which would go against quota. It also becomes particularly problematic with verbose frameworks like NodeJS/React where there is so many lines of code in the repo that never get seen let alone touched so you’re essentially punishing those projects while bringing little to no value at the price of quota.
I think consumption model needs to be re-evaluated and/or evolved/extended. Perhaps offer different models to optimize for different kinds of environments. For example, a shop that has many microservices is going to look different than those that have a few monoliths; maybe a per-project model would be better than LoC. Shops that have a lot of web projects might prefer a model where per LoC per PR would be better for them. And like I said, this is particularly annoying for self hosted because we’re the ones paying for the compute and storage. It would have made more sense for managed hosting since it would be your compute bill not ours. That’s why it comes off really sleezy.