We compared SonarQube and GitLab based on our user's reviews in several parameters.
SonarQube and GitLab are both praised for their reasonable pricing, flexibility in licensing, and positive return on investment. SonarQube stands out with its comprehensive code quality features, user-friendly interface, and prompt customer support. Meanwhile, GitLab excels in robust version control, CI/CD pipelines, and collaboration tools, with users highlighting its intuitive interface and strong community support. Areas for improvement include enhancing analysis speed and user interface for SonarQube, as well as improving performance and project management features for GitLab.
Features: SonarQube stands out with features such as support for multiple languages, integration with DevOps pipelines, and accurate vulnerability detection. Meanwhile, GitLab impresses users with its robust version control capabilities, efficient CI/CD pipelines, and strong integration with other development tools.
Pricing and ROI: Regarding setup cost, SonarQube is described as straightforward and easy, with users appreciating its simplicity. On the other hand, GitLab's setup cost is also reported to be easy and straightforward, but no additional details are provided., SonarQube has been highly praised for its ability to improve code quality, detect vulnerabilities, and enhance project efficiency, resulting in cost savings and increased productivity. Similarly, GitLab has also yielded positive returns, satisfying users and proving to be a valuable investment.
Room for Improvement: SonarQube may benefit from improvements in analysis speed, user interface navigation, setup instructions, documentation clarity, occasional performance issues, and integration options. GitLab could enhance its user interface, performance, project management features, code review process, and navigation intuitiveness.
Deployment and customer support: User feedback on SonarQube indicated varying durations for implementation. Some users took 3 months for deployment and 1 week for setup, while others took 1 week for both. In contrast, user feedback on GitLab varied extensively in terms of deployment and setup durations., SonarQube's customer service is praised for its prompt and knowledgeable assistance, while GitLab is commended for consistently providing effective troubleshooting and helpful guidance. GitLab also offers detailed documentation and a strong community for collaboration and problem-solving.
The summary above is based on 84 interviews we conducted recently with SonarQube and GitLab users. To access the review's full transcripts, download our report.
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"A user friendly solution."
"GitLab integrates well with other platforms."
"GitLab is a solution for source code management, container registry, pipelines, testing, and deployment."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"It speeds up our development, it's faster, safer, and more convenient."
"It is a speedy platform compared to the others I have used. I have also enjoyed using the platform as this solution offers a good user experience."
"GitLab's best features are continuous integration and fast deployment."
"It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules."
"Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions."
"Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications."
"The overall quality of the indicator is good."
"My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it."
"There's plenty of documentation available to users."
"Strong code evaluation for budget-minded clients."
"One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside."
"The documentation could be improved to help newcomers better understand things like creating new branches."
"I would like to have some features to support peer review."
"This solution could be improved by adding modifications such as slack notifications."
"The solution could be faster."
"I would like configuration of a YML file to be done via UI rather than a code file."
"Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"The solution should be more cloud-native and have more cloud-native capabilities and features."
"In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."
"The product's user documentation can be vastly improved."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
"Our developers have complained about the Quality Gates and the number of false positives that this product reports."
"The pricing could be reduced a bit. It's a little expensive."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"We could use some team support, but since we are using the community version, it's not available."
GitLab is ranked 7th in Application Security Tools with 70 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. GitLab is rated 8.6, while SonarQube is rated 8.0. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". GitLab is most compared with Microsoft Azure DevOps, Bamboo, AWS CodePipeline, Tekton and TeamCity, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Klocwork. See our GitLab vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
