We compared SonarQube and GitLab based on our user's reviews in several parameters.
SonarQube and GitLab are both praised for their reasonable pricing, flexibility in licensing, and positive return on investment. SonarQube stands out with its comprehensive code quality features, user-friendly interface, and prompt customer support. Meanwhile, GitLab excels in robust version control, CI/CD pipelines, and collaboration tools, with users highlighting its intuitive interface and strong community support. Areas for improvement include enhancing analysis speed and user interface for SonarQube, as well as improving performance and project management features for GitLab.
Features: SonarQube stands out with features such as support for multiple languages, integration with DevOps pipelines, and accurate vulnerability detection. Meanwhile, GitLab impresses users with its robust version control capabilities, efficient CI/CD pipelines, and strong integration with other development tools.
Pricing and ROI: Regarding setup cost, SonarQube is described as straightforward and easy, with users appreciating its simplicity. On the other hand, GitLab's setup cost is also reported to be easy and straightforward, but no additional details are provided., SonarQube has been highly praised for its ability to improve code quality, detect vulnerabilities, and enhance project efficiency, resulting in cost savings and increased productivity. Similarly, GitLab has also yielded positive returns, satisfying users and proving to be a valuable investment.
Room for Improvement: SonarQube may benefit from improvements in analysis speed, user interface navigation, setup instructions, documentation clarity, occasional performance issues, and integration options. GitLab could enhance its user interface, performance, project management features, code review process, and navigation intuitiveness.
Deployment and customer support: User feedback on SonarQube indicated varying durations for implementation. Some users took 3 months for deployment and 1 week for setup, while others took 1 week for both. In contrast, user feedback on GitLab varied extensively in terms of deployment and setup durations., SonarQube's customer service is praised for its prompt and knowledgeable assistance, while GitLab is commended for consistently providing effective troubleshooting and helpful guidance. GitLab also offers detailed documentation and a strong community for collaboration and problem-solving.
The summary above is based on 84 interviews we conducted recently with SonarQube and GitLab users. To access the review's full transcripts, download our report.
"The user interface is really good so that helps with huge teams who need to collaborate."
"The stability is good."
"GitLab is being used as a repository for our codebase and it is a one stop DevOps tool we use in our team."
"The most valuable feature of GitLab is the automatic merging of code."
"Git hosting has an integration with ACD which is why we liked this solution in the first place."
"The most valuable feature of GitLab is its security."
"The solution's service delivery model is fantastic."
"GitLab's best features are continuous integration and fast deployment."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"We have worked with the support from SonarQube and we have had good experiences."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"GitLab can improve by integrating with more tools, such as servers with Docker."
"As GitLab is not perfect, what needs improvement in the solution is the Wiki feature of the groups or the repertories because currently, it's not searchable by default. You'll need an indexing service such as Elasticsearch to make it searchable, and that requires too much work, so for me, it's the main feature that should be improved in GitLab. In the next version of the solution, from the top of my head, the documentation could be improved. Besides the Wiki, it would be good if there's documentation that would be automatically generated based on the code repository. In other words, there should be some tutorials from GitLab for developers in the next release."
"Some of the scripts that we encountered in GitLab were not fully functional and threw up errors."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"The user interface could be more user-friendly. We do most of our operations through the website interface but it could be better."
"The price of GitLab could improve, it is high."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"There could be better integration with other products."
"It should be user-friendly."
"SonarQube is not development-centric like Snyk."
"An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
GitLab is ranked 7th in Application Security Tools with 70 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. GitLab is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, Tekton and TeamCity, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Klocwork. See our GitLab vs. SonarQube report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
