SonarQube vs Scanmycode

SonarQube as being market leader offers a very nice and professional solution. Unfortunately, this comes at a hefty price tag.

If you would like to save money, don’t need such a professional, big and complex solution, it might be the case that can fit your SAST/Code Scanning needs for your CI/CD.

Below for comparison, you can take a look at SonarQube rules in comparison to Make an informed decision based on that.

Rules comparison

Rules (

Python – 134 rules
Ruby – 42 rules
PHP – 189 rules
JavaScript – 221 rules

Fig 1. SonarQube rules (Settings->Issue Classes):
Python – 223
Ruby – 84
PHP – 216 (13 Issue Classes)
JavaScript – 169

Fig 2. Issue Classes/Rules can be used along SonarQube, whenever it could be faster, easier to implement (just one click in the interface), it makes sense to use it.

SAST/Code Scanning in CI/CD is an important aspect of Secure SDLC and a great plus/needed for compliance. So the more projects have it, we will fix findings, the better.

It pretty much run SAST analyzers/Linters now only for PHP, Ruby, Python, JS, GO, Secret Scanning (Java can be added) and unify the Report. CI/CD integateable. Many features to dismiss bug, enable/disable certain analyzers and Linters, collaboration etc.

Feel free to use it for Open Source, your personal projects to give it a “spin”.

Below scan in action:

Fig 3. in action