Codacy VS SonarQube

Codacy

Automatically reviews code style, security, duplication, complexity, and coverage on every change while tracking code quality throughout your sprints.

SonarQube

SonarQube, a core component of the Sonar solution, is an open source, self-managed tool that systematically helps developers and organizations deliver Clean Code.

Landing page //
2023-08-27

Codacy automates code reviews and monitors code quality on every commit and pull request reporting back the impact of every commit or pull request, issues concerning code style, best practices, security, and many others. It monitors changes in code coverage, code duplication and code complexity. Saving developers time in code reviews thus efficiently tackling technical debt. JavaScript, Java, Ruby, Scala, PHP, Python, CoffeeScript and CSS are currently supported. Codacy is static analysis without the hassle.

Landing page //
2023-07-12

SonarQube, a core component of the Sonar solution, is an open source, self-managed tool that systematically helps developers and organizations deliver Clean Code. SonarQube integrates into the developers' CI/CD pipeline and DevOps platform to detect and help fix issues in the code while performing continuous inspection of projects.

Supported by the Sonar Clean as You Code methodology, only code that meets the defined quality standard can be released to production. SonarQube analyzes the most popular programming languages, frameworks, and infrastructure technologies and supports over 5,000 Clean Code rules.

Trusted by 7 million developers and 400,000 organizations globally to clean more than half a trillion lines of code, Sonar has become integral to delivering better software.

Explore our pricing and request an evaluation: https://www.sonarsource.com/plans-and-pricing/

Codacy

Categories	Code Coverage Code Quality Static Code Analysis Code Analysis
Website	codacy.com
Pricing URL	Official Codacy Pricing
Details $	-

Edit details

SonarQube

Categories	Code Analysis Code Review Code Coverage Code Quality Clean Code Open Source Security
Website	sonarsource.com
Pricing URL	-
Details $	freemium $150.0 / Annually

Edit details

Codacy videos

+ Add

Using Codacy for automated code reviews

SonarQube videos

+ Add

What is SonarQube?

Category Popularity

0-100% (relative to Codacy and SonarQube)

Codacy

SonarQube

Code Coverage

39 39%

Code Coverage

61% 61

Code Analysis

29 29%

Code Analysis

71% 71

Code Quality

48 48%

Code Quality

52% 52

Code Review

23 23%

Code Review

77% 77

User comments

Share your experience with using Codacy and SonarQube. For example, how are they different and which one is better?

Reviews

These are some of the external sources and on-site user reviews we've used to compare Codacy and SonarQube

Codacy Reviews

Ten Best SonarQube alternatives in 2021

Codacy automates code opinions and monitors code quality on each sprint. The main issues it covers concern code style, best practices, and security. In addition, it monitors adjustments in code insurance, code duplication, and code complexity. She was saving developers time in code opinions, consequently successfully tackling technical debt. JavaScript, Java, Ruby, Scala,...

Source: duecode.io

SonarQube Reviews

5 Best DevSecOps Tools in 2023

Whereas OWASP ZAP scans your website once it has been deployed (known as dynamic code scanning), SonarQube/SonarCloud is a product/service that will scan the source code itself before it is deployed and alert on any possible security issues related to the source code. This is known as static code scanning. It looks for things that can be exploited. Things such as not...

Source: devopsauthority.tech

Ten Best SonarQube alternatives in 2021

Other critical elements to bear in mind even as mastering alternatives to SonarQube embody Integration and initiatives. We have compiled a listing of SonarQube alternatives that reviewers voted for because of the excellent standard options to employ instead of SonarQube.

Source: duecode.io

TOP 40 Static Code Analysis Tools (Best Source Code Analysis Tools)

It is possible to integrate it into Visual Studio, IntelliJ IDEA, and other widespread IDE. The results of the analysis can be imported into SonarQube.

Source: www.softwaretestinghelp.com

Top 4 Open Source Security Testing Tools to Test Web Application

Though written in Java, it can analyze over twenty different programming languages. It can easily integrate with continuous integration tools like Jenkins server, etc. The results will be populated to the SonarQube server with ‘green’ and ‘red lights’.

Source: www.softwaretestinghelp.com

11 Interesting Tools for Auditing and Managing Code Quality

SonarQube is the most popular code quality and security analysis tool in the market. With the support of the open-source community, Sonarqube presently can analyze and produce outputs for over 25 programming languages, which are higher than most tools in the market.

Source: geekflare.com

Social recommendations and mentions

Based on our record, Codacy should be more popular than SonarQube. It has been mentiond 4 times since March 2021. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.

Codacy mentions (4)

What is the best way to set a cookie (without setcookie?)
I'm trying to use Codacy to review my code. One of the issues is regarding the use of the "setcookie" function. Source: over 2 years ago
Converting vstest coverage files in github actions?
Does anyone have an example on how to get this conversion done on github actions where I can convert the *.coverage file into a *.xml file for uploading to codacy.com. Source: over 2 years ago
PHP Static Analysis Tools Review
Online analysisFinally, if you want a simple way to analyze your code without having to manually configure everything locally, you can use an online code review service such as Codacy (shameless plug here). We already integrate some of the mentioned detection tools in this article and we are working every day to improve the service. The other main benefit of using automated code review tools is to allow you to... - Source: dev.to / almost 3 years ago
Top 10 ways to perform fast code reviews
Because you care and because you always want to be better, automation is a great way to optimize your review workflow process. Go ahead and do a quick search on Google for automated code reviews and see who better fits your workflow. You'll find Codacy on your Google search and we hope you like what we do. - Source: dev.to / about 3 years ago

SonarQube mentions (1)

Google: C++20, How Hard Could It Be
Even for Java, C# and JS we do enforce such kind of rules, e.g. https://sonarqube.org. - Source: Hacker News / over 1 year ago

What are some alternatives?

When comparing Codacy and SonarQube, you can also consider the following products

CodeClimate - Code Climate provides automated code review for your apps, letting you fix quality and security issues before they hit production. We check every commit, branch and pull request for changes in quality and potential vulnerabilities.

CodeFactor.io - Automated Code Review for GitHub & BitBucket

Checkmarx - The industry’s most comprehensive AppSec platform, Checkmarx One is fast, accurate, and accelerates your business.

ESLint - The fully pluggable JavaScript code quality tool

Coverity Scan - Find and fix defects in your Java, C/C++ or C# open source project for free

Snyk - Snyk helps you use open source and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and much more.

Codacy vs CodeClimate

Codacy vs CodeFactor.io

Codacy vs Checkmarx

Codacy vs ESLint

Codacy vs Coverity Scan

Codacy vs Snyk

SonarQube vs CodeClimate

SonarQube vs CodeFactor.io

SonarQube vs Checkmarx

SonarQube vs ESLint

SonarQube vs Coverity Scan

SonarQube vs Snyk