Unsure what SonarQube edition we should get - asking for recommendations

SonarQube Server / Community Build
,
1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Noone yet
  • how is SonarQube deployed: zip, Docker, Helm
    Not yet
  • what are you trying to achieve
    Receiving information on which edition is suitable for my organization
  • what have you tried so far to achieve this
    General research in froums, google, etc.
    Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Regarding the information on the website of related to SonarQube, it seems that for our use case (code-smell-hints and metrics for the whole code base) at least at first the community edition would be enough. Here are some questions upfront:

  1. Is it true that there is no limit on lines of code with the Community Edition?
  2. Is it correct (source: StackOverflow) that the Community Edition is also allowed for commercial use? Does an external thesis already count as commercial use if it can potentially provide the company with valuable information?
  3. Does the company’s proprietary code get exposed in SonarQube (which we definitely do not want)? Are there any differences in this regard with the Community Edition?
  4. Suppose we try the Community Edition and find that it is not sufficient. In this case, is it easy to upgrade to the Developer Edition while keeping the existing configurations and work that has been done with the Community Edition? Or would be all work so far lost and you would need to start from scratch again?

I would appreciate an input.

best regards
Aby

2

Hi Aby,

Welcome to the community!

Yes, it’s true.

Commercial use is encouraged! External, internal, thesis, production code, valuable, useless… go for it!

Regarding source code, all editions work the same: the code is uploaded as part of the analysis report. The current/latest version of the code is displayed in SonarQube as context for reporting issues, coverage, and duplications. Without the context of the code, it would be very difficult indeed for you to understand many of the issues we report.

Now, regarding “exposed”… that’s a bit of a loaded word. It gets displayed in the SonarQube interface. It’s only as exposed as you allow it to be. If your instance is not public on the internet, and your project permissions are appropriately restricted, then I’d say the code is not “exposed”.

Yes, absolutely. In fact, we kinda rely on that. :smiley:

To upgrade from one edition to another - within the same version - all you do is configure the new instance, let’s say Developer Edition, to point to your Community Edition database. Then you turn off Community Edition and turn on Developer Edition.

To do a version upgrade and an edition upgrade at the same time, you simply follow the upgrade guide.

 
HTH,
Ann

1 Like