A free SonarQube offering has always been an important element of the Sonar solution. Today, we are excited to announce the launch of an improved free tier for SonarQube in the cloud.
This new free tier goes beyond the previous offering, allowing individual developers and small teams to explore the core features of our commercial offerings with their private repositories. Unlike the previous free offering, which only allowed developers to scan their open-source projects, the new offering enables private repository scanning, for up to a maximum of 50k lines of code. We listened to our community and felt this enhancement was crucial to help developers discover the value of SonarQube. As always, users can analyze public projects, with no lines of code limitation.
Our goal with the free tier for SonarQube is to let developers discover all the key features that contribute to clean, secure code, and ultimately better software. Signing up is easy, getting started is fast, and with our broad language support, and integration with most DevOps platforms, you will see meaningful, actionable results in no time, whatever your language, framework, or IaC platform is.
So what’s included? Here’s what you get with the free tier of SonarQube:
- Comprehensive code analysis: detect bugs, vulnerabilities, and security hotspots across 30 languages.
- Scan public and private repositories (up to 50k lines of private code, unlimited public code)
- Pull request (PR) and main branch analysis
- Support for 30 languages, frameworks, and IaC platforms: including Dart, the latest addition
- Integration with most DevOps platforms
- Up to 5 users
- Automatic analysis for GitHub projects: no extra configuration is required for most languages to receive the results of the first analysis. You can start improving your code in minutes
- Deeper SAST: helps developers identify deeply hidden vulnerabilities arising from the interaction between their first-party code and third-party dependencies
- Advanced secrets detection: this prevents the accidental inclusion of sensitive information from public, private, commercial, or enterprise services
- SonarQube for IDE integration to synchronize team settings
- Fast Upgrades: seamless upgrade to Team and Enterprise as project needs grow
Get started with SonarQube free tier in 3 easy steps
Step 1: Sign Up for SonarQube free tier
To begin using the SonarQube free tier, you first need to sign up. Here’s how:
- Choose Your DevOps Platform: When you sign up, you’ll need to select the DevOps platform you want to connect to. SonarQube Cloud supports popular platforms like GitHub, Bitbucket Cloud, GitLab, and Azure DevOps.
- Log In with Existing Credentials: You will sign in using your existing credentials from the chosen DevOps platform. Note that there is no standalone SonarQube account; your account is created and linked to your DevOps platform account. With the Enterprise plan of SonarQube Cloud, you can log in using SSO.
- Import Your Organizations and Repositories: Once logged in, you can import your organizations and repositories from your DevOps platform. Each imported organization becomes a SonarQube organization, and each repository becomes a project within SonarQube Cloud.
Step 2: Set Up Your First Analysis
After importing your projects, and if you use a GitHub repository, SonarQube Cloud will check your imported repository to see if it qualifies for automatic analysis. If it does, the analysis will start automatically and the results will be delivered to you, without the need to configure a CI-based analysis.
Otherwise, if you are using another DevOps platform, or prefer to configure manually:
- Connect Your CI Pipeline: Integration with your CI/CD pipeline allows for automated code checks every time you push changes to your repository. The integration process is straightforward and requires minimal configuration for most languages.
- Review Quality Gate: SonarQube provides a default quality gate with the Free tier called the "Sonar way," which is suitable for most projects.
- Run Your First Analysis: Trigger your first analysis by pushing code to your main branch or creating a pull request. SonarQube Cloud will automatically analyze the code and provide feedback on any issues detected.
Step 3: Explore Key Features
Once you’ve set up your analysis, take advantage of the powerful features the free tier offers:
- IDE Integration: Use SonarQube for IDE, an IDE extension, in connected mode to catch issues in real time as you write code. This helps you fix problems before they even reach your repository.
- Pull Request Analysis: SonarQube Cloud analyzes pull requests to ensure that only clean code is merged into your main branch. This feature provides immediate feedback on the quality of the changes being proposed.
- Main Branch Analysis: Every time you make changes to your main branch, SonarQube will analyze the entire codebase, ensuring ongoing compliance with your quality standards.
Additionally, there are plenty of resources to help you get started:
- Step-by-step guide for analyzing Java application code.
- An active and growing user community, a great place to share experiences and get help.
- Comprehensive documentation covering everything from getting started to exploring features.
Ready to go? Get started here with your favorite DevOps platform and explore all the value of SonarQube.