Blog post

SonarQube Cloud or SonarQube Server, What's Right for Your Team?

Robert Curlee profile picture.

Robert Curlee

Product Marketing Manager

Date

  • SonarQube Server
  • SonarQube Cloud
Logo of SonarCloud and SonarQube next to each other for comparison.

This blog was originally published on April 28, 2020. Since then, it has been refreshed with updated content, including newly added features as of August 2024.


SonarQube Cloud and SonarQube Server are both valuable tools to help you write clean, high-quality code for your projects. So, which solution is best for you and your team?

SonarCloud and sonarQube comaprison with images of bugs, vulnerabilities, security issues.


The choice boils down to whether you want a self-managed solution or a cloud-based SaaS service that is managed for you. Both solutions give you essentially the same core features at each edition level, whether you're a small team or a large enterprise company. In this blog, I will walk you through the options so you can make an informed decision.


The base: Static analysis for 30+ languages

Both products cover the same 30+ languages and frameworks. They share the same underlying static code analysis engine to catch issues that result in bugs, vulnerabilities, and code smells and generate valuable code quality metrics. The essential distinction: Your existing software development pipeline


The distinction: Where is your CI/CD pipeline?

One of the key differences concerns how each product is hosted and managed. SonarQube Cloud is a fully SaaS offering where Sonar hosts and manages the software for you in the cloud. If your team is already operating in a cloud DevOps platform, where your code and workflow are fully cloud-based (e.g., GitHub.com+Travis), then SonarQube Cloud is a good fit.


SonarQube Cloud readily integrates with cloud-based DevOps platforms: GitHub.com, GitHub Enterprise Cloud, Azure DevOps Services, Bitbucket Cloud, and GitLab.com.  Sonar operates SonarQube Cloud in AWS, which is the easiest path to start scanning your code within minutes. With SonarQube Cloud, Sonar does all the heavy lifting for you, so you don't have to worry about installation, upgrades, or maintenance. As a SaaS offering, SonarQube Cloud gives you immediate access to new features and functionality the moment they are released.

SonarQube Cloud features automatic analysis for over 30 languages to get you up and running fast. This autoscanning feature can be a perfect fit for teams that want actionable code quality metrics without the burden of tool configuration. For some use cases, fully setting up the analysis configuration will yield a better developer experience and 'unlock' more SonarQube Cloud features. 

SonarQube Server, on the other hand, is entirely operated by you in the environment of your choice. You deploy SonarQube Server along with a supported database on your own servers or in a self-managed cloud environment. Once installed, SonarQube Server readily integrates with your self-hosted instance of GitHub, GitLabAzure DevOps, or Bitbucket. If you have a hybrid environment where you store code in the cloud and rely on a locally managed CI/CD pipeline, SonarQube Server can also integrate with the cloud versions of all these DevOps platforms.


Going the SonarQube Server route means you'll be hands-on with installing, upgrading, and maintaining your environment on your terms. On average, we release a new version of SonarQube Server every two months. To stay current with new features, functionality, security updates, and bug fixes, we recommend you upgrade when a new version is released. Speaking of versions, it's important to note that SonarQube Server offers a Long-Term Active (LTA) version. Sonar releases a SonarQube Server LTA version approximately every 18 months. The focus of the LTA is to package all the features of the dot releases in a stable version that we release on a cadence in line with large companies' ability to schedule large upgrades. Critical bug fixes and security updates are also released to the LTA in patches as needed.


For enterprise needs, Sonar recommends the SonarQube Cloud Enterprise plan and SonarQube Server Enterprise Edition (EE), both offering advanced features tailored to your organization's specific use cases. This functionality falls into five main categories: authentication, governance, executive reporting, multiple repository support, and extensibility.


Authentication

With SonarQube Cloud and all editions of SonarQube Server, you can authenticate using your existing DevOps platform credentials (GitHub, Bitbucket, Azure, and GitLab). SonarQube Server also allows you to authenticate using third-party tools that support SAML and LDAP protocols. SonarQube Cloud Enterprise offers Single Sign On with SAML.


Additionally, with SonarQube Server Enterprise Edition, automatic provisioning of users and groups through System for Cross-domain Identity Management (SCIM) is available for Okta and Azure AD.


Governance

Sonar's solutions also include aggregating projects into applications (SonarQube Server Developer Edition+) and portfolios (SonarQube Cloud Enterprise plan and SonarQube Server Enterprise Edition+), which are visual dashboards that allow you to organize projects in a manner that tracks your business objectives. Applications allow you to have a single view of all the projects that ship together as a complete app. Portfolios are similar and enable you to aggregate multiple apps and projects around organizational or business objectives. For example, you can create a portfolio to track all your front-end projects or all the projects for a geographical team. 


Executive reporting

With SonarQube Server Enterprise Edition and SonarQube Cloud Enterprise plan, you additionally get executive-level reporting capabilities. These reports work hand-in-hand with your portfolios to give you insight into key metrics such as reliability, maintainability, and releasability. Additionally, there are security reports, including coverage for PCI DSS, OWASP ASVS, OWASP Top 10, CASA, STIG, and CWE Top 25.

SonarQube Portfolio Report

SonarQube Server saw its beginnings well over a decade ago. As the product matured, we identified an 'Enterprise' use case distinct from the 'core' functionality use case centered on developers. It's common for large organizations to have a 'non-developer' audience requiring measurement from a broader perspective and context. To satisfy this need for reporting and business KPIs, we added a set of 'governance' features to SonarQube Server. 


As our customers started adopting the cloud and asking for enterprise features, we started offering these features in the Enterprise plan that was released in the summer of 2024.


DevOps platform support

Sonar solutions serve organizations that require connectivity to multiple DevOps platforms. 


For example, a single SonarQube Server Developer Edition instance can make a single connection each for up to four DevOps platforms (1x GitHub, 1x Bitbucket, 1x GitLab, and 1x Azure DevOps). If you need multiple configurations for a specific DevOps provider (e.g., 2x GitHub Enterprise Server and 1x GitHub.com), you'll need SonarQube Server Enterprise Edition.


SonarQube Cloud also supports multiple DevOps platforms. With SonarQube Cloud Enterprise, several organizations can be grouped together under an enterprise. The enterprise’s organizations may belong to different DevOps platforms. This means you can add all your organizations (no matter which DevOps platform or how many) to your enterprise.


A note on extensibility

Lastly, I'll touch on extensibility. The Sonar community has developed and maintained an expansive and robust library of SonarQube Server plugins. These plugins extend the functionality of SonarQube Server in more fringe areas to cover capabilities Sonar does not plan to support. Examples include additional programming language support, integration with less mainstream SCM engines, and regional language localization.


At this time, SonarQube Cloud is not open for 3rd party plugin contributions from the community.


Wrapping it all up

In summary, if your team is entirely cloud-based, you don't want maintenance hassles and you'd like the fastest access to new features, SonarQube Cloud is an excellent choice. If you're OK with self-hosting and maintenance or see value in the management capabilities, then SonarQube Server would make sense.


Once you've chosen your path, I encourage you to visit our solution summary for full details on how to get started. 


The goal of this article wasn't to exhaustively list all the product differences, as each environment is unique. However, you now have the information relevant to most use cases. If you have further questions, I encourage you to contact our Community Forum. If you need assistance regarding commercial usage, you can submit a question to the team.


Thanks for reading, and happy, clean coding!


Pick a topic to discover more:

How Bad Code Destroys Developer Velocity

Your Guide to Clean Code in Cloud Native Apps

Level Up Your Team's Skills as They Code

try a better way to code

See SonarQube Server EditionsKostenlose 14-Tage-Testversion

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles. 

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.