SonarQube Community vs Developer Edition: What's the Difference?

Understanding SonarQube Editions

SonarQube is the most widely deployed static analysis platform in the industry, used by over 7 million developers. Its self-hosted product is available in four editions - Community Build, Developer, Enterprise, and Data Center - each targeting a different organizational profile. For most teams evaluating SonarQube, the decision comes down to a straightforward question: is the free Community Build enough, or do you need to pay for the Developer Edition?

This comparison covers every meaningful difference between the two editions, breaks down the real costs involved, and provides a clear framework for deciding when to upgrade. If you are considering SonarQube for the first time, starting with the Community Build and evaluating its limitations against your workflow is the rational approach - but understanding what you are giving up is essential before committing to that path.

For a broader look at all SonarQube editions and their pricing tiers, see our SonarQube pricing breakdown. For a full review of the platform, see our SonarQube review.

SonarQube Community Build: What You Get for Free

The Community Build (formerly called Community Edition) is SonarQube’s open-source offering. It is completely free to download, install, and run on your own infrastructure. There is no license key required, no usage limits on lines of code or number of projects, and no trial period. It is genuinely free and open source.

Core capabilities included in the Community Build:

• 20+ language analyzers including Java, JavaScript, TypeScript, Python, C#, Go, Kotlin, Ruby, PHP, Scala, HTML, CSS, XML, and infrastructure-as-code formats like Terraform, Kubernetes YAML, Docker, and CloudFormation
• 5,000+ code quality and reliability rules covering bugs, code smells, and maintainability issues
• Basic security analysis using pattern-matching rules that detect common vulnerability patterns
• Quality gates that pass or fail based on configurable thresholds for metrics like coverage, duplication, and issue counts
• CI/CD integration with Jenkins, GitHub Actions, GitLab CI, Azure Pipelines, CircleCI, Bitbucket Pipelines, and other build systems
• SonarLint IDE integration for real-time code analysis in VS Code, IntelliJ IDEA, Eclipse, and Visual Studio (standalone mode only - connected mode requires Developer Edition)
• Unlimited projects and users on a single SonarQube instance
• Community forum support through the SonarSource community

For solo developers, open-source projects, or teams evaluating SonarQube, the Community Build provides a substantial amount of functionality at zero cost. The analysis rules are the same mature, battle-tested rules used in the paid editions - the difference is not in analysis quality on the code it can see, but in what code it can analyze and how it integrates into your workflow.

Critical Limitations of the Community Build

Despite its strengths, the Community Build has several limitations that fundamentally affect how useful it is for professional development teams. These are not minor gaps - they are features that most teams consider essential.

No branch analysis. This is the most impactful limitation. The Community Build can only analyze a single branch - your main branch. You cannot analyze feature branches, pull request branches, release branches, or any other branch. This means developers receive no SonarQube feedback on their code until after it has been merged to main. In a modern pull request workflow where code review happens before merge, this limitation effectively removes SonarQube from the review process. Issues are discovered after the fact rather than during review, which defeats the purpose of shift-left quality practices.

No pull request decoration. Without branch analysis, there is no ability to post inline comments on pull requests. PR decoration is the feature that makes SonarQube visible in the day-to-day developer workflow - it posts quality gate status, new issue details, and coverage changes directly in the PR interface on GitHub, GitLab, Bitbucket, or Azure DevOps. Without it, developers must manually visit the SonarQube dashboard to check for issues. In practice, this friction means most developers on the Community Build never see SonarQube findings until a quality problem has already been merged.

No taint analysis. Taint analysis traces data flow from untrusted user inputs through your application to identify injection vulnerabilities such as SQL injection, cross-site scripting (XSS), and command injection. This is one of the most valuable security analysis capabilities in SonarQube, and it is entirely absent from the Community Build. The free edition includes basic pattern-matching security rules that detect simple vulnerability patterns, but it misses the data-flow-based vulnerabilities that represent the most critical security risks in web applications.

No secrets detection. The Developer Edition includes detection for over 400 patterns of hardcoded credentials, API keys, tokens, and other secrets. The Community Build does not include this capability, leaving a gap that many teams fill with dedicated secret scanning tools.

No SonarLint connected mode. SonarLint (now called SonarQube for IDE) can run in standalone mode with the Community Build, providing real-time analysis in the IDE using a default rule set. However, connected mode - which synchronizes the IDE rules with your SonarQube server’s quality profiles so developers see the exact same rules locally that the CI pipeline enforces - requires the Developer Edition. Without connected mode, there can be a mismatch between what SonarLint flags in the IDE and what SonarQube reports on the server.

Fewer language analyzers. Languages like C, C++, Objective-C, PL/SQL, ABAP, T-SQL, and Swift are only available in paid editions. If your codebase includes any of these languages, the Community Build cannot analyze them.

Community-only support. There is no direct support channel from SonarSource. You rely on community forums, documentation, and Stack Overflow for troubleshooting issues. For teams running SonarQube in production, this can be a risk when you encounter blocking issues during upgrades or configuration changes.

SonarQube Developer Edition: What the Upgrade Adds

The Developer Edition is the first commercial tier and is the most common upgrade path from the Community Build. It addresses the most painful limitations of the free edition while adding significant security and workflow capabilities.

Branch Analysis

Branch analysis is the single most important feature that the Developer Edition adds. With it, SonarQube analyzes every branch in your repository - feature branches, release branches, hotfix branches, and any other branch you configure. Each branch gets its own quality gate status, and the analysis focuses specifically on the code that was changed in that branch compared to its baseline.

This transforms SonarQube from a post-merge reporting tool into a pre-merge quality gate. Developers can see the impact of their changes on code quality before they merge, and the team can enforce quality standards at the pull request level rather than discovering problems after the code has already entered the main branch.

Pull Request Decoration

With branch analysis enabled, SonarQube can decorate pull requests with analysis results. When a developer opens a PR, SonarQube analyzes the changed code and posts directly in the PR interface:

• Quality gate status (passed or failed)
• New bugs introduced in the changed code
• New vulnerabilities detected
• New code smells
• Code coverage on the new code
• Duplication metrics

This decoration appears in GitHub, GitLab, Bitbucket, and Azure DevOps. For most development teams, this is how they interact with SonarQube in practice - through PR feedback rather than the SonarQube dashboard. Teams configure branch protection rules to require the SonarQube quality gate to pass before a PR can be merged, creating automated enforcement that prevents quality degradation.

Taint Analysis and Security

Developer Edition includes full data-flow-based security analysis. Taint analysis traces user inputs through method calls, variable assignments, and control flow paths to identify where untrusted data reaches dangerous operations (SQL queries, HTML output, file system operations, command execution). This catches vulnerabilities that pattern-matching rules miss because they require understanding the flow of data across multiple methods and files.

The Developer Edition also adds secrets detection for over 400 patterns including AWS keys, database credentials, API tokens, OAuth secrets, and private keys. Issues are flagged with their specific type and remediation guidance.

Additional Language Support

Developer Edition adds analyzers for:

• C and C++
• Objective-C
• Swift
• PL/SQL
• ABAP
• T-SQL

If your codebase includes any of these languages, the Community Build simply cannot analyze them. For organizations with mobile development (Objective-C, Swift) or embedded systems (C, C++), the Developer Edition is the minimum viable option.

SonarLint Connected Mode

Connected mode synchronizes your SonarQube server’s quality profiles with the SonarLint plugin in your IDE. Developers see the exact same rules, severity levels, and configurations in their IDE that the CI pipeline enforces. This eliminates the frustrating experience of writing code that passes local checks but fails the CI quality gate because the rule sets differ.

Connected mode also enables push notifications - when the SonarQube server completes a branch analysis, it can notify the developer’s IDE about new issues found in CI that were not detected locally (for example, cross-file issues that require server-side analysis).

Direct SonarSource Support

Developer Edition includes access to SonarSource’s support team for configuration guidance, troubleshooting, and best practices. For teams running SonarQube in production, having a support channel for blocking issues during upgrades or complex configuration changes reduces operational risk.

Feature Comparison Table

Feature	Community Build	Developer Edition
Price	Free (open source)	~$150/year (100K LOC)
Languages	20+ (Java, JS, TS, Python, C#, Go, etc.)	27+ (adds C, C++, Obj-C, Swift, PL/SQL, ABAP, T-SQL)
Analysis rules	5,000+	5,000+ (same core rules + language-specific rules for added languages)
Branch analysis	No (main branch only)	Yes (all branches)
Pull request decoration	No	Yes (GitHub, GitLab, Bitbucket, Azure DevOps)
Quality gates	Yes (main branch only)	Yes (all branches + PRs)
Taint analysis	No	Yes
Secrets detection	No	Yes (400+ patterns)
SonarLint connected mode	No (standalone only)	Yes
Security hotspots	Basic	Full review workflow
CI/CD integration	Yes	Yes
Unlimited projects	Yes	Yes
Unlimited users	Yes	Yes
Self-hosted	Yes	Yes
Support	Community forums	SonarSource direct support
Compliance reporting	No	No (requires Enterprise)
Portfolio management	No	No (requires Enterprise)

The features that move from “No” to “Yes” between Community and Developer - branch analysis, PR decoration, taint analysis, secrets detection, and connected mode - are precisely the features that make SonarQube useful in a modern development workflow. Without them, SonarQube functions as a dashboard that reports on code quality after the fact. With them, it becomes an active participant in the code review process.

Pricing: What Developer Edition Actually Costs

SonarQube Developer Edition uses a per-lines-of-code pricing model. The cost depends on the total number of lines of code analyzed across all projects on your SonarQube instance.

License Costs by LOC Tier

LOC Tier	Approximate Annual Cost
Up to 100K LOC	~$150
Up to 250K LOC	~$6,500
Up to 500K LOC	~$13,000
Up to 1M LOC	~$20,000
Up to 2M LOC	~$30,000

Lines of code are counted as the largest branch of each project, excluding blank lines and comments. All projects on the instance are summed to determine your total LOC. For a detailed breakdown of how LOC counting works and strategies to manage costs, see our SonarQube pricing guide.

Hidden Costs of Self-Hosting

Both the Community Build and Developer Edition are self-hosted, which means you need to provide and maintain your own infrastructure. This is a cost that exists regardless of which edition you choose, but it is worth factoring into the upgrade decision.

Infrastructure costs: A production SonarQube instance requires a server with at least 2 CPU cores and 4 GB RAM (recommended: 4-8 cores, 8-16 GB RAM) plus a PostgreSQL database. Cloud hosting costs range from $50-$150/month for small instances to $300-$600/month for mid-size deployments.

Administration time: Ongoing maintenance includes version upgrades (2-4 hours per upgrade), quality profile management (2-4 hours/month), user management (1-2 hours/month), monitoring and troubleshooting (2-4 hours/month), and backup management (1-2 hours/month). Total estimated admin time is 10-20 hours per month.

True annual cost comparison:

Cost Component	Community Build	Developer Edition (100K LOC)	Developer Edition (250K LOC)
License fee	$0	~$150	~$6,500
Infrastructure	~$1,800/year	~$1,800/year	~$3,000/year
Admin labor	~$10,000/year	~$10,000/year	~$12,000/year
Total annual cost	~$11,800	~$11,950	~$21,500

The key insight here is that the Community Build is not free in practice - you still pay for infrastructure and administration. The marginal cost of upgrading to Developer Edition at the 100K LOC tier is approximately $150/year - a negligible amount compared to the infrastructure and admin costs you are already paying. At this tier, there is almost no financial reason to stay on the Community Build if you need branch analysis and PR decoration.

The economics change at higher LOC tiers. At 250K LOC, the license fee becomes a significant portion of the total cost, and the upgrade decision requires more careful consideration.

When the Community Build Is Enough

Despite its limitations, the Community Build genuinely serves certain use cases well. Do not upgrade to the Developer Edition if your situation matches any of these profiles.

You are evaluating SonarQube for the first time. Start with the Community Build to understand the platform, test the analysis quality on your codebase, and determine whether SonarQube is the right tool before investing in a commercial license. You can always upgrade later without losing data.

You use SonarLint as your primary feedback mechanism. If your developers use SonarLint in their IDEs as the main quality tool and treat SonarQube as a secondary dashboard for historical trends, the lack of branch analysis and PR decoration may not matter. SonarLint in standalone mode catches many issues before code is committed, reducing the need for CI-level feedback.

Your codebase is under 50K LOC and you can use SonarQube Cloud instead. SonarQube Cloud (formerly SonarCloud) includes branch analysis and PR decoration in its free tier for up to 50,000 lines of code. If your codebase fits within this limit and you do not have a hard requirement for self-hosted deployment, Cloud Free provides a better experience than the self-hosted Community Build.

You only need main-branch quality tracking. If your workflow does not depend on PR-level feedback - for example, if you use SonarQube to track quality trends over time and generate reports rather than to enforce quality gates on individual pull requests - the Community Build provides the analysis depth you need.

Security scanning is handled by a dedicated tool. If you already run Semgrep, Snyk, or another security-focused tool for vulnerability detection, the absence of taint analysis in the Community Build may not be a gap. You can use SonarQube for code quality and your dedicated security tool for vulnerability scanning.

You are running a proof-of-concept to justify budget. Deploy the Community Build, demonstrate the value of static analysis to stakeholders, and then request budget for the Developer Edition once the team sees the quality improvements. The upgrade path is seamless.

When to Upgrade to Developer Edition

The following situations indicate that the Community Build is no longer sufficient and the Developer Edition is justified.

Your team uses pull request workflows. If your development process involves opening pull requests, having them reviewed, and merging after approval, then branch analysis and PR decoration are essential. Without them, SonarQube findings are invisible during the review process. Developers discover issues only after merge - or never discover them at all because they do not check the dashboard. If your team uses PRs (and in 2026, that is nearly every professional development team), the Developer Edition is the minimum viable option.

Developers are not checking the SonarQube dashboard. This is the most common symptom that indicates a need for PR decoration. If your team has the Community Build deployed but developers rarely visit the SonarQube UI, the tool is not delivering value. PR decoration brings findings to where developers already work - the pull request interface - and eliminates the friction of context-switching to a separate dashboard.

You need security vulnerability detection beyond basic patterns. If your application handles user input - web applications, APIs, mobile backends - taint analysis is a significant security upgrade. Pattern-matching rules catch simple vulnerability patterns like hardcoded passwords, but they miss data-flow-based vulnerabilities like SQL injection through parameterized queries, XSS through template rendering, and command injection through subprocess calls. These are the vulnerabilities that appear in OWASP Top 10 and CWE Top 25, and detecting them requires the Developer Edition’s taint analysis engine.

Your codebase includes C, C++, Objective-C, or Swift. These languages are not supported in the Community Build. If any portion of your codebase uses these languages, the Community Build cannot analyze it, and the Developer Edition is the minimum required tier.

You want to enforce quality gates on new code before merge. The “Clean as You Code” methodology - SonarQube’s recommended approach - depends on analyzing new code in each PR and blocking merges that do not meet quality standards. This requires branch analysis and PR-level quality gates, which are Developer Edition features. Without them, quality gate enforcement only applies retroactively to the main branch.

Your organization is growing and needs consistent standards. As teams scale, the importance of automated quality enforcement grows. Manual code review cannot consistently catch the same classes of issues across dozens of developers and hundreds of PRs per week. Developer Edition’s branch analysis and quality gates provide consistent, automated enforcement that scales with the team.

Cost Analysis: Is the Upgrade Worth It?

The value proposition of the Developer Edition depends on your team size, codebase size, and development velocity.

For a Small Team (5 Developers, 100K LOC)

At the 100K LOC tier, the Developer Edition license costs approximately $150/year. Combined with the infrastructure and admin costs you are already paying to run the Community Build, the total incremental cost of upgrading is negligible. For this profile, the question is not whether you can afford the Developer Edition - it is whether you can justify not having branch analysis and PR decoration for the cost of a single team lunch.

Verdict: Upgrade. The cost is trivial and the workflow improvement is substantial.

For a Mid-Size Team (20 Developers, 250K LOC)

At the 250K LOC tier, the Developer Edition license costs approximately $6,500/year. The true cost including infrastructure and admin is approximately $21,500/year, compared to approximately $11,800/year for the Community Build. The incremental cost of upgrading is roughly $9,700/year.

At 20 developers generating 50-100 PRs per week, the Developer Edition’s branch analysis and PR decoration provide feedback on every PR. If SonarQube prevents even 5-10 bugs per month from reaching production - and at 50-100 PRs per week, this is a conservative estimate - the cost savings easily exceed the license fee. A single production bug in a web application typically costs $2,000-$10,000 to diagnose, fix, test, and deploy.

Verdict: Upgrade. The ROI is strong at this team size and PR volume.

For a Large Team (50+ Developers, 500K LOC)

At the 500K LOC tier, the Developer Edition license costs approximately $13,000/year. The true cost including infrastructure and admin is approximately $31,000/year. At this team size, the per-developer cost is under $620/year - far less than any per-seat alternative.

At 50+ developers, manual code review alone cannot consistently enforce quality standards across the volume of PRs generated. Automated quality gates become a necessity, not a luxury. The Developer Edition pays for itself through prevented production bugs, reduced security incidents, and consistent quality enforcement.

Verdict: Upgrade. At this scale, the Community Build is not a viable option for a professional development organization.

The Cloud Alternative: SonarQube Cloud

Before upgrading from the Community Build to the Developer Edition, consider whether SonarQube Cloud (formerly SonarCloud) might be a better path.

SonarQube Cloud Free includes branch analysis and PR decoration for up to 50,000 lines of code - the two features most teams want when they consider upgrading from the Community Build. If your codebase fits within 50K LOC, Cloud Free gives you the Developer Edition’s most important features at zero cost and with zero infrastructure management.

SonarQube Cloud Team starts at EUR 30/month and scales with lines of code. For codebases under 500K LOC, Cloud Team is often cheaper than self-hosted Developer Edition when you factor in infrastructure and administration costs. You also eliminate the operational burden of server maintenance, database management, and version upgrades.

When Cloud makes more sense than self-hosted Developer Edition:

• Your codebase is under 500K LOC
• You do not have regulatory requirements for on-premises deployment
• Your team does not have dedicated DevOps capacity for SonarQube administration
• You want branch analysis and PR decoration with the lowest possible total cost
• You prefer predictable monthly billing over annual license fees plus variable infrastructure costs

When self-hosted Developer Edition is necessary:

• Your organization requires data sovereignty (source code cannot leave your infrastructure)
• You operate in an air-gapped environment
• You need custom SonarQube plugins
• You already have infrastructure and DevOps capacity with spare bandwidth

For more on this decision, see our detailed SonarQube vs SonarCloud comparison.

Alternatives to Consider

If you are debating between the Community Build and Developer Edition, it is worth evaluating whether a different tool might serve your needs better - especially if you are looking for cloud-native options that eliminate self-hosting overhead entirely.

CodeAnt AI ($24-$40/user/month)

CodeAnt AI is a Y Combinator-backed platform that bundles AI-powered PR reviews, SAST scanning (OWASP Top 10), secrets detection, infrastructure-as-code security, dead code detection, and DORA metrics into a single tool. At $24/user/month for the Basic plan and $40/user/month for the Premium plan, it provides broader coverage than SonarQube Developer Edition - including AI-driven code review capabilities that SonarQube does not offer.

For a 20-developer team, CodeAnt AI costs $5,760-$9,600/year depending on the plan. This is comparable to SonarQube Developer Edition at the 250K LOC tier ($6,500/year license only) but includes features like AI PR summaries, one-click auto-fixes, and engineering dashboards that SonarQube requires the Enterprise Edition or additional tools to provide. CodeAnt AI also supports all four major git platforms including Azure DevOps.

The trade-off is that SonarQube has a deeper and more mature rule set for static analysis - 5,000+ rules refined over nearly two decades versus CodeAnt AI’s newer analysis engine. Teams that prioritize analysis depth and rule maturity will still prefer SonarQube. Teams that want a broader, all-in-one platform with AI capabilities may find CodeAnt AI to be a better fit.

Other Alternatives

Codacy offers code quality, SAST, SCA, and secrets detection at $15/user/month with predictable per-seat pricing and zero infrastructure management. It is the most direct SonarQube replacement for teams that want to eliminate self-hosting. See our SonarQube alternatives guide for a full comparison.

DeepSource provides static analysis with a sub-5% false positive rate and AI-powered Autofix at $30/user/month. It is a strong option for teams that prioritize signal quality over raw rule count.

Semgrep is the leading open-source SAST engine with 10,000+ community rules, free for up to 10 contributors. If security scanning is your primary concern, Semgrep provides deeper security analysis than either SonarQube edition.

For a comprehensive list of options, see our SonarQube alternatives and free SonarQube alternatives guides.

Upgrade Path: Moving from Community to Developer

If you decide to upgrade, the process is straightforward and non-disruptive.

Step 1: Purchase a Developer Edition license from SonarSource based on your LOC tier. You can check your current LOC count in the SonarQube administration panel under System Info.

Step 2: Apply the license key in SonarQube Administration. Go to Administration, then Configuration, then License Manager, and enter your new license key. The Developer Edition features become available immediately.

Step 3: Configure branch analysis. In your CI/CD pipelines, add the sonar.branch.name parameter to your SonarScanner configuration. SonarQube will begin analyzing all branches that pass through your CI pipeline.

Step 4: Set up PR decoration. In SonarQube Administration, configure the connection to your git platform (GitHub, GitLab, Bitbucket, or Azure DevOps) by providing the platform URL, authentication credentials, and project mappings. Once configured, SonarQube will automatically post comments on pull requests.

Step 5: Enable SonarLint connected mode. Distribute configuration instructions to your development team so they can connect their IDE’s SonarLint plugin to the SonarQube server. This ensures rule synchronization between the IDE and CI pipeline.

Step 6: Review and adjust quality gates. With branch analysis enabled, you can now set quality gate conditions that apply to new code on each branch and PR. The recommended approach is to set strict conditions on new code (zero new bugs, zero new vulnerabilities, minimum 80% coverage on new code) while accepting existing technical debt as a baseline that is addressed incrementally.

The entire upgrade process typically takes 1-2 hours for the initial configuration, plus an additional hour for each CI pipeline that needs the branch analysis parameter added. No data migration is required, and no downtime is necessary.

Frequently Overlooked Differences

Beyond the headline features, several smaller differences between the editions affect day-to-day usage.

Security hotspot review workflow. Both editions detect security hotspots, but the Developer Edition provides a more structured review workflow with options to mark hotspots as “safe,” “fixed,” or “to fix” with audit trail tracking. The Community Build’s security hotspot handling is more basic.

Issue resolution tracking. Developer Edition provides more granular tracking of how issues were resolved - whether they were fixed in code, marked as false positive, or accepted as technical debt. This resolution tracking feeds into quality gate conditions and historical trend analysis.

Analysis speed. The Developer Edition does not inherently analyze faster than the Community Build on a per-scan basis. However, branch analysis scans focus only on changed code (comparing against the baseline), which means individual PR scans are typically faster than full-project scans on the main branch. This makes the feedback loop tighter for developers waiting for PR analysis results.

Quality gate granularity. Developer Edition allows quality gate conditions to be applied specifically to new code on branches and PRs, not just the overall project state. This enables the “Clean as You Code” approach where new code must meet strict standards even if the existing codebase has accumulated technical debt.

Final Recommendation

The decision between SonarQube Community Build and Developer Edition depends on one fundamental question: does your team use pull request workflows?

If yes - and in 2026, nearly every professional team does - the Developer Edition is worth the investment. Branch analysis and PR decoration are not luxury features. They are the mechanism by which SonarQube delivers value in a modern development workflow. Without them, SonarQube becomes a dashboard that developers rarely visit, and the quality insights it generates go unactioned. At the 100K LOC tier, the license cost is approximately $150/year - a negligible expense that unlocks transformative workflow improvements.

If no - if you use SonarQube primarily for periodic quality reporting or as a learning tool - the Community Build may be sufficient. Individual developers, proof-of-concept deployments, and teams that rely on SonarLint for real-time feedback can get meaningful value from the Community Build without paying for a commercial license.

Before upgrading, consider SonarQube Cloud. The Cloud Free tier includes branch analysis and PR decoration for up to 50K LOC at zero cost, eliminating both the license fee and the infrastructure overhead. If your codebase is small enough and you do not require self-hosted deployment, Cloud Free may be the best of both worlds.

If you are evaluating multiple tools, compare the total cost of ownership - not just the license fee. Self-hosted SonarQube Developer Edition at $6,500/year (250K LOC) actually costs approximately $21,500/year when you include infrastructure and administration. Cloud-native alternatives like CodeAnt AI at $24-$40/user/month or Codacy at $15/user/month include infrastructure, support, and features that SonarQube charges extra for or restricts to higher editions. The right choice depends on whether you value SonarQube’s unmatched analysis depth or the operational simplicity and broader feature set of cloud-native platforms.

For more SonarQube guidance, explore our guides on SonarQube pricing, whether SonarQube is free, SonarQube vs SonarCloud, and SonarQube alternatives.