GitLab vs. SonarQube Server

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
GitLab
Score 8.7 out of 10
N/A
GitLab DevSecOps platform enables software innovation by aiming to empower development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. Differentiators, as described by Gitlab: Simplicity: With GitLab, DevSecOps can…
$0
per month per user
SonarQube Server
Score 9.5 out of 10
N/A
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
$720
per year per installation
Pricing
GitLabSonarQube Server
Editions & Modules
GitLab Essential
$0
per month per user
GitLab Premium
$29
per month per user
GitLab Ultimate
$99
per month per user
Community
Free
Developer EDITION
starting at $720
per year per installation
Enterprise EDITION
Contact sales for pricing
per year per installation
Data Center EDITION
Contact sales for pricing
per year per installation
Offerings
Pricing Offerings
GitLabSonarQube Server
Free Trial
YesYes
Free/Freemium Version
YesYes
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeOptionalNo setup fee
Additional Details
More Pricing Information
Community Pulse
GitLabSonarQube Server
Best Alternatives
GitLabSonarQube Server
Small Businesses

No answers on this topic

GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
GitLabSonarQube Server
Likelihood to Recommend
8.8
(0 ratings)
8.8
(0 ratings)
Likelihood to Renew
9.9
(0 ratings)
-
(0 ratings)
Usability
9.0
(0 ratings)
9.1
(0 ratings)
Support Rating
9.1
(0 ratings)
9.0
(0 ratings)
User Testimonials
GitLabSonarQube Server
Likelihood to Recommend
It is well-suited for any project that needs VCS. It's an excellent choice for teams that might be remote or have to collaborate across teams. Plenty of features allow for async working. With its dashboards and reporting features, it is also suitable for nontechnical PMs or stakeholders. It allows for very bespoke customization and can most often do much more than you need it to.
Read full review
Scenarios where SonarQube is well suited:
  1. Large codebase: The tool's static analysis capabilities can help teams quickly identify and fix bugs, vulnerabilities, and code smells in large codebases.
  2. Compliance and security: The tool can check the code against industry standards or regulations, such as OWASP and CWE, and identify any issues that need to be addressed.
  3. Agile development: SonarQube can be integrated with CI/CD pipelines allowing teams to continuously monitor and improve code quality throughout the development process.
  4. Teams using multiple languages: Teams that use multiple programming languages can benefit from using SonarQube, as the tool supports a wide range of languages and can be integrated with a variety of development tools.
Scenarios where SonarQube may be less appropriate:
  1. Small codebase: Organizations with a small codebase may not see the full benefits of using SonarQube, as the tool's static analysis capabilities may be overkill for a smaller codebase.
  2. Limited resources: Organizations with limited resources may find it difficult to set up and configure SonarQube, as the tool can be complex and may require specialized expertise.
  3. Limited integration: Organizations that use development tools or IDEs that are not supported by SonarQube may find it difficult to integrate the tool into their existing development workflow.
  4. Limited scalability: Large organizations with millions of lines of code may find SonarQube's performance and scalability to be an issue. It may take longer for the analysis to finish and the results may not be as accurate.
Read full review
Pros
  • GitLab excels in managing code versions, allowing easy tracking of changes, branch management, and merging contributions.
  • It helps maintain code stability and reliability, saving time and effort in the development or research workflow.
  • Powerful code review features, enabling collaboration and feedback among team members.
  • Robust project management features, including issue tracking, kanban boards, and milestones.
Read full review
  • Generating code quality report
  • Calculates junit coverage of the codebase very efficiently and precisely
  • Highlights the bugs and vulnerabilities in our codebase
  • Informs the user of the improvements which can be done to the code to make it cleaner
  • SonarQube also suggests remediation and resolution of the problems it highlights
Read full review
Cons
  • CI variables management is sometimes hard to use, for example, with File type variables. The scope of each variable is also hard to guess.
  • Access Token: there are too many types (Personal, Project, global..), and it is hard to identify the scope and where it comes from once created.
  • Runners: auto-scaled runners are for the moment hard to put in place, and monitoring is not easy.
Read full review
  • It doesn't provide automatic pull request with fixes
  • It doesn't provide insights about the libraries of the projects
  • The administration management user interface could be simplified
  • It doesn't provide an order to fix issues, like archives with more and frequent commits have top priority
Read full review
Likelihood to Renew
I really feel the platform has matured quite faster than others, and it is always at the top of its game compared to the different vendors like GitHub, Azure pipelines, CircleCI, Travis, Jenkins. Since it provides, agents, CI/CD, repository hosting, Secrets management, user management, and Single Sign on; among other features
Read full review
No answers on this topic
Usability
I find it easy to use, I haven't had to do the integration work, so that's why it is a 9/10, cause I can't speak to how easy that part was or the initial set up, but day to day use is great!
Read full review
It can improve in some user experience and usability parts, like the code view and the way we assign issues it's a bit hidden and not highlighted
Read full review
Reliability and Availability
I've never had experienced outages from GItlab itself, but regarding the code I have deployed to Gitlab, the history helps a lot to trace the cause of the issue or performing a rollback to go back to a working version
Read full review
No answers on this topic
Performance
GItlab reponsiveness is amazing, has never left me IDLE. I've never had issues even with complex projects. I have not experienced any issues when integrating it with agents for example or SSO
Read full review
No answers on this topic
Support Rating
At this point, I do not have much experience with Gitlab support as I have never had to engage them. They have documentation that is helpful, not quite as extensive as other documentation, but helpful nonetheless. They also seem to be relatively responsive on social media platforms (twitter) and really thrived when GitHub was acquired by Microsoft
Read full review
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Read full review
Alternatives Considered
GitHub is an inferior product from most points of view. We had to use it and the teams finds no positives about it. Everything is a downgrade from our previous GitLab solution. GitLab CI\CD is vastly superior to workflows, for example doing a manual node is just "when : manual" in GitLab while you have to do clickops in GitHub to achieve the same. No overview of code in branches is a minus when we tried to figure out what our colleagues are trying to merge as it looked off.
Read full review
SonarQube identifies significant more thing compared to the built-in suggestions in IntelliJ IDEA. The suggestions how to correct issues are also a lot better with SonarQube. IntelliJ IDEA provides great refactoring support to make it easy to refactor the code to solve issues. We use these tools together and they really complement each other.
Read full review
Scalability
I think is very well designed, and like any VCS it works as intended
Read full review
No answers on this topic
Return on Investment
  • GitLab cut down our spent on container, package and infrastructure registry
  • Best thing is we can now have everything in single platform which cost effective too
  • Quality of support is really good and they do have emergency support team as well which is great
Read full review
  • Positive ROI from the standpoint of flagging several issues that would have otherwise likely been unaddressed and caused more time to be spent closer to launch
  • Slightly positive ROI from time-saving perspective (it's an automated check which is nice, but depending on the issues it finds, can take developers time to investigate and resolve)
Read full review
ScreenShots

GitLab Screenshots

Screenshot of GitLab, a comprehensive DevSecOps platform.Screenshot of Security DashboardScreenshot of Merge Request

SonarQube Server Screenshots

Screenshot of Application Status.Screenshot of Portfolio Overview.Screenshot of Taint Analysis.