SonarQube is an open-source platform for continuous code quality and security inspection that uses AI to detect bugs, vulnerabilities, and code smells across 30+ programming languages. Its AI-powered SonarCloud cloud service and IDE plugins provide instant code quality feedback in developer workflows.
Category
Security
Subcategory
Vulnerability Scanning
Free Tier
SonarQube Community Edition free forever; SonarCloud free for open-source
Paid Plans
Developer Edition from $150/year, Enterprise and Data Center editions available
API Cost
Not available yet
Web AppAPIVS Code ExtensionCLI
● certified · ○ not verified
Compliance data is community-sourced and may be incomplete or out of date. Always verify certifications directly with the vendor's official trust or security page before relying on them.
Self-hostable
Yes
Some data-handling details aren't verified yet. Help verify this data ↗
Continuous code quality inspectionSecurity vulnerability detectionTechnical debt managementCode review automationCI/CD quality gates
// MORE IN VULNERABILITY SCANNING
SecurityVulnerability Scanning
#code-analysis#security
SecurityVulnerability Scanning
#secrets detection#credential scanning
SecurityVulnerability Scanning
#static analysis#sast