Open Source SonarQube Alternatives

Alternatives list

1. 

   

   Codacy

    25 likes

   Automatically reviews code style, security, duplication, complexity, and coverage on every change while tracking code quality throughout your sprints.

   Cost / License

   • Free Personal
   • Open Source

   Origin

   • Portugal
   • EU

   Platforms

   • Online
   • Self-Hosted
   • Software as a Service (SaaS)

   

   

   

   +5

   

   More about Codacy  

   

   Is Codacy a good alternative to SonarQube?

    

   |

   1comment

   Expand

   Codacy vs SonarQube Comments

    

   Guest

   Positive comment•Jan 27, 2017

   1

   Measure evaluation of the code quality over time.

   Review by a new / low-activity user.

   

   

   • Codacy is Free Personal and Open SourceSonarQube is Freemium and Open Source
2. 

   

   Shellcheck

    5 likes

   A simple tool for finding bugs in shell scripts.

   Cost / License

   • Free
   • Open Source (GPL-3.0)

   Origin

   • Norway

   Platforms

   • Online
   • Visual Studio Code
   • Vim
   • Sublime Text
   • GNU Emacs
   • Atom

   

   More about Shellcheck  

   

   Is Shellcheck a good alternative to SonarQube?

    
4. 

   

   Cppcheck

    23 likes

   Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect.

   Cost / License

   • Free
   • Open Source (GPL-3.0)

   Origin

   • Sweden
   • EU

   Platforms

   • Windows
   • Linux
   • PortableApps.com
   • Eclipse

   

   More about Cppcheck  

   

   Is Cppcheck a good alternative to SonarQube?

    
5. 

   

   SlowQL

    1 like

   SlowQL is a production-focused offline SQL static analyzer that catches security vulnerabilities, performance regressions, reliability issues, compliance risks, cost inefficiencies, and code quality problems before they reach production.

   Cost / License

   • Free
   • Open Source

   Origin

   • Canada

   Platforms

   • Docker
   • Windows
   • Mac
   • Linux

   

   More about SlowQL  

   

   Is SlowQL a good alternative to SonarQube?

    
6. 

   

   Flawfinder

    3 likes

   Flawfinder examines C/C++ source code and reports possible security weaknesses ("flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.

   Cost / License

   • Free
   • Open Source (GPL-2.0)

   Origin

   • United States

   Platforms

   • Windows
   • Linux

   

   Is Flawfinder a good alternative to SonarQube?

    
7. 

   

   PhpMetrics

    1 like

   PhpMetrics provides metrics about PHP project and classes, with beautiful and readable HTML report.

   Cost / License

   • Free
   • Open Source (MIT)

   Platforms

   • Self-Hosted

   

   

   More about PhpMetrics  

   

   Is PhpMetrics a good alternative to SonarQube?

    
9. 

   

   Skylos

    1 like

   High-precision Python SAST & Dead Code Remover. Finds unused functions, secrets, and security flaws with hybrid static analysis + local LLM agents. Privacy-first & low noise. MCP server for SAST too.

   Cost / License

   • Freemium
   • Open Source (Apache-2.0)

   Origin

   • Singapore

   Platforms

   • Mac
   • Windows
   • Linux
   • Online
   • Python
   • Visual Studio Code

   

   More about Skylos  

   

   Is Skylos a good alternative to SonarQube?

    
10. 

    

    VisualCodeGrepper

     Like

    VCG is an automated code security review tool that handles C/C++, Java, C#, VB and PL/SQL. It has a few features that should hopefully make it useful to anyone conducting code security reviews, particularly where time is at a premium:

    Cost / License

    • Free
    • Open Source (GPL-3.0)

    Platforms

    • Windows

    

    More about VisualCodeGrepper  

    

    Is VisualCodeGrepper a good alternative to SonarQube?

     
11. 

    

    Semgrep

     Like

    Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or...

    Cost / License

    • Freemium
    • Open Source (LGPL-2.1)

    Origin

    • United States

    Platforms

    • Mac
    • Windows
    • Linux

    

    Is Semgrep a good alternative to SonarQube?

     
12. 

    

    Exlint

     Like

    Exlint is a an open source project that enables developers to centralize their open source coding standards and policies, so that configuring repositories becomes as easy as typing one command.

    Cost / License

    • Free
    • Open Source

    Origin

    • Israel

    Alerts

    • Discontinued

    Platforms

    • Self-Hosted
    • Software as a Service (SaaS)

    

    

    

    +1

    

    More about Exlint  

    

    Is Exlint a good alternative to SonarQube?

     
13. 

    

    Opengrep

     Like

    We’re excited to introduce Opengrep, an open-source static code analysis engine built to ensure code security testing remains truly open and accessible to everyone. 🚀

    Cost / License

    • Free
    • Open Source (LGPL-2.1)

    Platforms

    • Mac
    • Linux

    

    

    

    +2

    

    More about Opengrep  

    

    Is Opengrep a good alternative to SonarQube?