We compared SonarQube and GitLab based on our user's reviews in several parameters.
SonarQube and GitLab are both praised for their reasonable pricing, flexibility in licensing, and positive return on investment. SonarQube stands out with its comprehensive code quality features, user-friendly interface, and prompt customer support. Meanwhile, GitLab excels in robust version control, CI/CD pipelines, and collaboration tools, with users highlighting its intuitive interface and strong community support. Areas for improvement include enhancing analysis speed and user interface for SonarQube, as well as improving performance and project management features for GitLab.
Features: SonarQube stands out with features such as support for multiple languages, integration with DevOps pipelines, and accurate vulnerability detection. Meanwhile, GitLab impresses users with its robust version control capabilities, efficient CI/CD pipelines, and strong integration with other development tools.
Pricing and ROI: Regarding setup cost, SonarQube is described as straightforward and easy, with users appreciating its simplicity. On the other hand, GitLab's setup cost is also reported to be easy and straightforward, but no additional details are provided., SonarQube has been highly praised for its ability to improve code quality, detect vulnerabilities, and enhance project efficiency, resulting in cost savings and increased productivity. Similarly, GitLab has also yielded positive returns, satisfying users and proving to be a valuable investment.
Room for Improvement: SonarQube may benefit from improvements in analysis speed, user interface navigation, setup instructions, documentation clarity, occasional performance issues, and integration options. GitLab could enhance its user interface, performance, project management features, code review process, and navigation intuitiveness.
Deployment and customer support: User feedback on SonarQube indicated varying durations for implementation. Some users took 3 months for deployment and 1 week for setup, while others took 1 week for both. In contrast, user feedback on GitLab varied extensively in terms of deployment and setup durations., SonarQube's customer service is praised for its prompt and knowledgeable assistance, while GitLab is commended for consistently providing effective troubleshooting and helpful guidance. GitLab also offers detailed documentation and a strong community for collaboration and problem-solving.
The summary above is based on 84 interviews we conducted recently with SonarQube and GitLab users. To access the review's full transcripts, download our report.
"Git hosting has an integration with ACD which is why we liked this solution in the first place."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"It speeds up our development, it's faster, safer, and more convenient."
"The important feature is the entire process of versioning source code maintenance and easy deployment. It is a necessity for the CI/CD pipeline."
"CI/CD is valuable for me."
"It is very useful for reviews. We are using branch merging operations and full reset operations. It is also very useful for merging our code and tracking another branch. The graph diagrams of Git are very useful. Its interface is straightforward and not too complex for us."
"We use the Git repository and tagging feature. We are a product-based company and use this solution to move to a forward or backward tag."
"The solution offers a very good community edition."
"The most valuable features are code scanning and Quality Gates."
"If you want to have your code scanned and timed then this is a good tool."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"I like that it covers most programming languages for source code review."
"SonarQube is good for checking and maintaining code quality."
"There's plenty of documentation available to users."
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"Merge conflicts and repository maintenance could improve. If there is someone new to the system they would not know if there is a conflict."
"I would like configuration of a YML file to be done via UI rather than a code file."
"I've noticed an area for improvement in GitLab, particularly needing to go through many steps to push the code to the repository. Resolving that issue would make the product better. My team quickly fixed it by writing a small script, then double-clicking or enabling the script to take care of the issue. However, that quick fix was from my team and not the GitLab team, so in the next release, if an automatic deployment feature would be available in GitLab, then that would be good because, in Visual Studio, you can do that with just one click of a button."
"GitLab would be improved with the addition of templates for deployment on local PCs."
"The solution does not have many built-in functions or variables so scripting is required."
"We would like to generate document pages from the sources."
"It could have more security integrations and the ability to check the vulnerability of the code. I don't think it is a responsibility of Gitlab, but it would be nice to have more options to integrate with."
"GitLab could improve by having more plugins and better user-friendliness."
"The handling of the contents of Docker container images could be better."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"The product needs to integrate other security tools for security scanning."
"Lacks sufficient visibility and documentation."
"I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
GitLab is ranked 7th in Application Security Tools with 70 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. GitLab is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, Tekton and TeamCity, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Klocwork. See our GitLab vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
