A free SonarQube offering has long been at the center of the Sonar solution, helping individual developers and small teams ensure the quality and security of their code. Historically, this offering has been a self-managed Community Edition, requiring our users to install, maintain, store, and manually update themselves.
It’s been exciting and humbling to watch the adoption of Sonar by over 7 million developers and 400k organizations, many of which use our free products. At the same time, we’ve felt that we could do better and give more back to the community that’s supported us for so long. We’ve heard directly from you, our community, that the cost of maintaining your own instances—across financial and developer resources—has become increasingly high.
This brings us to today: we’re announcing a new free tier of SonarQube, hosted in the cloud. This tier goes beyond our current community offering and gives individual developers and small teams many of the same features as our commercial SonarQube offering.
This new SonarQube free tier allows users to scan private repositories (up to 50k lines of code), provides pull request (PR) analysis, supports 30 languages, frameworks, and IaC platforms, and allows up to 5 users. Sonar will also maintain its commitment to the Open Source community by providing free scanning for all public repositories, regardless of their size.
Here’s what else users get with the new free tier –
- Automatic analysis: No extra configuration is required for most languages to receive the results of the first analysis. You can start improving your code in minutes.
- Deeper SAST: Helps developers identify deeply hidden vulnerabilities arising from the interaction between their first-party code and third-party dependencies.
- Advanced secrets detection: Prevent accidental inclusion of sensitive information from public, private, commercial, or enterprise services.
- Fast Upgrades: Seamless upgrade to Team and Enterprise as project needs grow.
The new free tier of SonarQube will be made available in December 2024. Sign up for SonarQube product news.
Other SonarQube Solution Updates
New release cycles and version scheme for SonarQube Community Build
Along with the new SonarQube free tier, we're making some changes to SonarQube Community Edition, which will now be known as SonarQube Community Build. With Community Build, we are accelerating the pace of releases, with monthly builds available to the community (twice as fast as today and more consistent with our cloud offering).
As a result, SonarQube Community Build will adopt a new versioning scheme separate from our commercial versions. Starting with the upcoming release this December, the Community Build will adopt a new Calendar Versioning (CalVer) format. There will no longer be an LTA equivalent version for the Community Build.
Our commercial editions will continue prioritizing the needs of Enterprise customers, including broader language support, more sophisticated quality and security analysis, comprehensive reports, and a high bar for stability and support. Beginning in 2025, our commercial editions will have an annual Long-Term Active (LTA) release cycle rather than the 18-month cycle that we have today.
Functionality and licensing
We’re also making some minor adjustments to the feature set available under SonarQube Community Build. Most notably, advanced dataflow bug detection will no longer be available for .Net; this change will create consistency with other flagship languages. This feature will be available in the SonarQube free tier.
Secrets detection in SonarQube Community Build and SonarQube for IDE will be limited to commonly used secrets. Advanced secrets detection is available in the SonarQube commercial offering, including the new SonarQube free tier.
Up until now, SonarQube Community Build and SonarQube for IDE (formerly SonarLint) have been licensed under the LGPLv3 license. Moving forward, Sonar analyzers, which are bundled in SonarQube Community Build and IDE, will adopt Sonar Source Available License Version 1.0 (SSALv1). This preserves what you love about Sonar, the ability to freely use the product and inspect the security and quality of the analysis engines, while enabling us to release more sophisticated capabilities over time to the community. Additional details about Sonar’s new license can be found on the license page.
In closing
We are thrilled to offer the community a new, improved free tier of SonarQube and increase the launch pace for the SonarQube Community Build. As always, thank you for your continued support and use of Sonar.
To share feedback, please visit our Community forum.