Try our new research platform with insights from 80,000+ expert users

Polaris Platform vs SonarQube comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Polaris Platform
Average Rating
8.0
Reviews Sentiment
3.2
Number of Reviews
1
Ranking in other categories
Software Composition Analysis (SCA) (12th), Static Code Analysis (12th), Dynamic Application Security Testing (DAST) (9th)
SonarQube
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
134
Ranking in other categories
Application Security Tools (1st), Static Application Security Testing (SAST) (1st), Software Development Analytics (1st)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Polaris Platform is designed for Software Composition Analysis (SCA) and holds a mindshare of 1.8%, down 1.9% compared to last year.
SonarQube, on the other hand, focuses on Application Security Tools, holds 16.9% mindshare, down 26.3% since last year.
Software Composition Analysis (SCA) Market Share Distribution
ProductMarket Share (%)
Polaris Platform1.8%
Black Duck SCA11.9%
Snyk10.5%
Other75.8%
Software Composition Analysis (SCA)
Application Security Tools Market Share Distribution
ProductMarket Share (%)
SonarQube16.9%
Checkmarx One9.9%
Snyk5.6%
Other67.6%
Application Security Tools
 

Featured Reviews

Alina-Eugenia Negulescu - PeerSpot reviewer
Head of Procurement and Vendor Manger at twoday
Company consistently identifies security vulnerabilities with current solution but considers moving to a more developer-oriented tool due to complexity and costs
I wouldn't recommend it for small and medium customers, both in terms of the complexity and organizational processes and operational processes around it. I wouldn't go with Black Duck. It's not straightforward as it is with more developer-oriented and plug-and-play versions, so it requires a bit of knowledge and documentation to set it up. On the support part, in the past, we had some issues regarding the availability of the information on the knowledge portal. That was particularly due to the fact that when they integrated their knowledge hub or knowledge portal different kind of documentation, they have not adapted the text. There were circular references on the documentation that was misleading and confusing our people rather than helping them.
KH
Sr Software Engineering Supervisor at Mozarc Medical
Gains control over rule customization and achieves reliable vulnerability assessment
The deployment process took me about 2 or 3 hours to deploy SonarQube Server (formerly SonarQube), although I do not remember exactly since it was done about 2 years back. Currently, about 10 of my developers are using SonarQube Server (formerly SonarQube) in my company. I do not have plans to increase the usage of SonarQube Server (formerly SonarQube) in the future as there will not be any requirement to increase. I am a senior software engineer and supervisor at Mozark Medical. My corporate email address is karthik.k.a.r.t.h.i.k.h.a.r.p.a.n.h.a.l.l.i@mozarkmedical.com. Overall, I would rate SonarQube Server (formerly SonarQube) as a 9 out of 10.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We have detected security vulnerabilities, which is absolutely one big benefit."
"We have detected security vulnerabilities, which is absolutely one big benefit."
"The solution's user interface is very user-friendly."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"Before you even compile, it can catch known vulnerability issues or patterns."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"This solution has helped with the integration and building of our CICD pipeline."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
 

Cons

"I wouldn't recommend it for small and medium customers, both in terms of the complexity and organizational processes and operational processes around it."
"I wouldn't recommend it for small and medium customers, both in terms of the complexity and organizational processes and operational processes around it."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"SonarQube could be improved by implementing inter-procedural code analysis capabilities, allowing for a more comprehensive detection of defects and vulnerabilities across the entire codebase."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"There isn't a very good enterprise report."
"I think SonarQube Server (formerly SonarQube) should improve by integrating a new feature that includes AI. As soon as I see that they've got a new feature that integrates AI that is not as generative as other GenAI platforms that actually generate the code and help developers develop faster, I believe that capability is lacking."
"It would be helpful if notifications could go out to an extra person."
"There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution."
"A better design of the interface and add some new rules."
 

Pricing and Cost Advice

Information not available
"We have a license with 125,000 lines of code. We did not purchase a lot of lines but it is specific to our code environment."
"There is both a free and licensed version. The free version has limitations on development languages and support."
"SonarQube price is a little bit higher than Kiuwan's. Kiuwan also gives a little bit of flexibility in terms of pricing."
"It's an open-source solution, with no additional costs."
"Some of the plugins that were previously free are not free now."
"My guess is that we have a yearly subscription. We use it quite extensively, so a monthly license wouldn't make sense. Yearly subscriptions are usually cheaper. In addition to the standard licensing fee, there is just the cost of running the hardware where it is hosted."
"We are using the Developer Edition and the cost is based on the amount of code that is being processed."
"The licence is standard open source licensing"
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
881,733 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Manufacturing Company
10%
Financial Services Firm
10%
Comms Service Provider
9%
Financial Services Firm
14%
Manufacturing Company
14%
Computer Software Company
13%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business41
Midsize Enterprise24
Large Enterprise79
 

Questions from the Community

What is your experience regarding pricing and costs for Polaris Platform?
In my opinion, I think that it's a very good product for mature companies. It is quite expensive compared with competitors, with other providers of similar services of application security manageme...
What needs improvement with Polaris Platform?
I wouldn't recommend it for small and medium customers, both in terms of the complexity and organizational processes and operational processes around it. I wouldn't go with Black Duck. It's not str...
What is your primary use case for Polaris Platform?
The product teams use them under supervision from the security department. I'm not extremely familiar with the details on how the product teams are using it, but I think they have integrated it int...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Comparisons

 

Also Known As

No data available
Sonar, SonarQube Cloud
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Information Not Available
Snowflake, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.
Find out what your peers are saying about Black Duck, Snyk, Veracode and others in Software Composition Analysis (SCA). Updated: February 2026.
881,733 professionals have used our research since 2012.