Top SonarCloud Alternatives

GitHub

github.com

GitHub, Inc. is an American multinational corporation that provides hosting for software development and version control using Git. It offers the distributed version control and source code management (SCM) functionality of Git, plus its own features. It provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project. Headquartered in California, it has been a subsidiary of Microsoft since 2018.GitHub offers its basic services free of charge. Its more advanced professional and enterprise services are commercial. Free GitHub accounts are commonly used to host open-source projects. As of January 2019, GitHub offers unlimited private repositories to all plans, including free accounts, but allowed only up to three collaborators per repository for free. Starting from April 15, 2020, the free plan allows unlimited collaborators, but restricts private repositories to 2,000 actions minutes per month. As of January 2020, GitHub reports having over 40 million users and more than 100 million repositories (including at least 28 million public repositories), making it the largest host of source code in the world.

GitLab

gitlab.com

GitLab is a web-based DevOps lifecycle tool that provides a Git-repository manager providing wiki, issue-tracking and continuous integration and deployment pipeline features, using an open-source license, developed by GitLab Inc. The software was created by Ukrainian developers Dmitriy Zaporozhets and Valery Sizov.The code was originally written in Ruby, with some parts later rewritten in Go, initially as a source code management solution to collaborate within a team on software development. It later evolved to an integrated solution covering the software development life cycle, and then to the whole DevOps life cycle. The current technology stack includes Go, Ruby on Rails and Vue.js. It follows an open-core development model where the core functionality is released under an open-source (MIT) license while the additional functionality is under a proprietary license.

OpenProject

openproject.org

OpenProject is the leading free and open source project management software. As a web-based solution it gives all team members access to all project-related information from anywhere at any time. OpenProject supports your projects throughout the whole life cycle with any chosen project management methodology - agile, traditional or hybrid. The software is available in over 30 languages and is available both on premiseses and in the cloud. It is a perfect match for companies who value data privacy, security and sovereignty. Key functions and use cases: - Project management - Project planing and scheduling - Task management - Agile boards (scrum and kanban) - Time and cost tracking, budget planing - Meetings management

ServiceNow

servicenow.com

ServiceNow (NYSE: NOW) makes the world work better for everyone. Our cloud-based platform and solutions help digitize and unify organizations so that they can find smarter, faster, better ways to make work flow. So employees and customers can be more connected, more innovative, and more agile. And we can all create the future we imagine. The world works with ServiceNow.

Codacy

codacy.com

Codacy Helps Build High Quality, Secure Applications. You can get up and running effortlessly and start increasing quality, test coverage, and security today. Codacy is a plug-and-play solution to quickly onboard and scale your team’s projects without hassle. - Start scanning git repos and code changes in minutes - Predictable user-based pricing model - Works with over 49 languages & frameworks

Geckoboard

geckoboard.com

Geckoboard is a hassle-free tool for building and sharing real-time business dashboards. Designed to help team leads surface live data for their team and across their organization, Geckoboard integrates directly with over 80 different tools and services to help you pull in your data and get a professional-looking dashboard in front of others in a matter of minutes. No coding or training required. Build dashboards directly in your browser with a straightforward, drag-and-drop interface, and bring important numbers, metrics and KPIs out of lifeless reports and spreadsheets. Geckoboard makes your key data more engaging for everyone, with visualizations that anyone can understand at a glance, and that update automatically to always stay up-to-date. Highlight noteworthy changes in certain metrics using status indicators, which draw attention to numbers that are performing above or below expectations, and visually show goals you're working towards, in a click. However your team is working, Geckoboard makes sharing your dashboards simple. Copy and paste a link to a live dashboard that can be viewed in any web browser, or invite your teammates to log in, view and even create their own dashboards. For regular updates, you can schedule screenshots of a dashboard to be sent via email, or posted to a Slack channel at regular intervals. For maximum visibility, Geckoboard has ‘Send to TV’, allowing you to pair your account with a browser on a large screen or TV, and pick which dashboards you’d like displayed on there. It can even loop through several dashboard on one screen. We’ve got easy-to-follow instructions for how to achieve this in an afternoon using affordable off the shelf hardware. Finally, you can keep track of key numbers on-the-go, by logging in to your account on a mobile devices’ browser, where you can access your dashboards, perfectly formatted for smaller screens. Build your first dashboards free for 14 days - no payment details needed.

Codecov

codecov.io

Codecov is the leading, dedicated code coverage solution. Try Codecov for free now to help your developers find untested code and deploy changes with confidence.

GitClear

gitclear.com

Code. Learn. Repeat. Next-level software developer metrics, powered by a code review tool unlike any other. GitClear helps engineering teams work together to track Google DORA stats, reduce tech debt and ship faster.

Jellyfish

jellyfish.co

Jellyfish is the leading Engineering Management Platform, providing complete visibility into engineering organizations, the work they do, and how they operate. By analyzing engineering signals from Git and Jira and contextual business data from roadmapping, incident response, HR, calendar, and collaboration tools, Jellyfish enables engineering leaders to align engineering decisions with business initiatives and deliver the right software, efficiently, on time. With Jellyfish, engineering leaders can focus their teams on what matters most to the business, driving strategic decisions and delivering results.

Assembla

assembla.com

Assembla is the most secure version control and project collaboration platform in the world. We provide secure cloud hosting for Subversion, Perforce and Git repositories with integrated project management for more than 5,500 customers around the globe. Assembla helps development teams meet and even exceed HIPAA, SOC 2, PCI and GDPR compliance standards with our best practice VCS. Embrace agile, meet compliance, and stay innovative while managing all of your projects and source code from a central control point with industry-leading compliance and security.

Snyk

snyk.io

Snyk (pronounced sneak) is a developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure all from a single platform. Snyk’s developer security solutions enable modern applications to be built securely, empowering developers to own and build security for the whole application, from code & open source to containers & cloud infrastructure. Secure while you code in your IDE: find issues quickly using the scanner, fix issues easily with remediation advice, verify the updated code. Integrate your source code repositories to secure applications: integrate a repository to find issues, prioritize with context, fix & merge. Secure your containers as you build, throughout the SDLC: start fixing containers as soon as your write a Dockerfile, continuously monitor container images throughout their lifecycle, and prioritize with context. Secure build and deployment pipelines: Integrate natively with your CI/CD tool, configure your rules, find & fix issues in your application, and monitor your applications. Secure your apps quickly with Snyk’s vulnerability scanning and automated fixes - Try for Free!

Planisware

planisware.com

Planisware is the editor of the Enterprise Project Portfolio Management (EPPM) software Planisware V6 (formerly known as OPX2) targeting multiple industries – including energy, medical devices, high-tech, aerospace & defense, chemicals, government, pharmaceutical, and automotive. Over the past five years, Planisware has regularly been reviewed by analysts in the project and portfolio management (PPM) space, such as Info-Tech Research Group, Gartner, Forrester Research and the European Business School.

Harness

harness.io

Harness Continuous Delivery is a software delivery solution that automatically deploy, verify, and roll back artifacts without toil. Harness uses AI/ML to manage, verify, and roll back your deployments so you don't have to suffer through software deployments. Deliver software faster, with visibility and control Eliminate scripting and manual deployments with Argo CD-as-a-Service and powerful, easy-to-use pipelines. Empower your teams to deliver new features, faster – with AI/ML for automated canary and blue/green deployments, advanced verification, and intelligent rollback. Check all the boxes with enterprise-grade security, governance, and granular control powered by the Open Policy Agent. Now, you can easily leverage automated canary and blue-green deployments for faster, safer, and more efficient rollouts. We take care of the setup so you can enjoy the benefits. Additionally, you have the option to automatically rollback to a previous version when bad deployments are detected by applying machine learning to data and logs from observability solutions. No more staring at the console for hours.

Semgrep

semgrep.dev

Semgrep is a highly customizable application security platform built for security engineers and developers. Semgrep scans first and third-party code to find security issues unique to an organization, with an emphasis on surfacing actionable, low-noise, and developer friendly results at lightning speed. Semgrep's focus on confidence rating and reachability means that security teams can feel comfortable engaging developers directly in their workflows (e.g surfacing findings in PR comments), and Semgrep integrates seamlessly with CI and SCM tooling to automate these policies. With Semgrep, security teams can shift left and scale their programs with zero impact on developer velocity. With 3400+ out-of-the-box rules and the ability to easily create custom rules, Semgrep accelerates the time it takes to implement and scale a best-in-class AppSec program - all while adding value from Day 1.

Code Climate Velocity

codeclimate.com

Code Climate Velocity is a Software Engineering Intelligence Platform. From day one, Velocity maximizes engineering impact for all levels at large organizations by providing data-driven visibility into Engineering Teams’ capacity, delivery, quality, culture, costs, and progress toward key goals. Velocity by Code Climate uses trusted and actionable insights to enable Engineering and DevOps teams to drive change, predictability, and deliver business impact using a single platform.

Code Climate Quality

codeclimate.com

Velocity synthesizes the data from your repos to give you full visibility and empowers your team for continuous delivery.

Embold

embold.io

Embold supports developers and development teams by finding critical code issues before they become roadblocks. It is the perfect tool to analyze, diagnose, transform, and sustain your software efficiently. With the use of A.I. and machine learning technologies, Embold can immediately prioritize issues, suggest ways to best solve them, and re-factor software where necessary. Run it within your current Dev-Ops stack, on premise or in the cloud privately or publicly.

Plandek

plandek.com

Plandek is an intelligent analytics platform to enable technology teams to deliver quality software, faster and more predictably. Plandek enables technology teams to track and drive their improvement and share understandable KPIs with stakeholders. It works by mining data from delivery teams’ toolsets, to provide intelligent insight across the end-to-end software delivery process. Plandek is recognised as a top global vendor in the Value Stream Management space by Gartner and Forrester and is used by enterprise clients globally to improve the effectiveness of their software delivery.

DeepSource

deepsource.com

The Code Health Platform. Build maintainable and secure software with the power of static analysis and AI. DeepSource continuously analyzes source code changes to find and fix issues categorized as security, performance, anti-patterns, and bug-risks. DeepSource integrates with GitHub, GitLab, Bitbucket, and Azure DevOps and runs analysis on every commit and pull request, discovers and fixes potential issues before they make it to production.

Duecode

duecode.io

Decision-making advisor for software development. A new and better way to measure technical debt & code quality. Perfect for Engineering leaders and non-tech managers.

Kantree

kantree.io

Kantree is a truly flexible work management platform to unleash collective intelligence. By giving full control over the way teams manage their projects and processes, Kantree allows you to take advantage of the talent and domain knowledge for your team members. It helps them to organize, plan and manage their work on a visual, collaborative and easy to use software. With as much freedom as spreadsheets, teams feel more confident and deliver more efficiently.

Screenful

screenful.com

Screenful is the easiest way to get visual dashboard and automated team status reports to keep every stakeholder updated on the status of a project. Screenful integrates with most common task management tools like Jira or Trello, GitLab and Asana, and builds reports and insights based on your projects and tasks. It’s an out-of-the-box dashboard with minimal setup needed from the user. WIth Screenful dashboards, users can track things like team velocity, task/issue lead & cycle times, current bottlenecks, and get a high level view across all of their projects. Consider it as the dashboards in steroids of your favourite task management tool!

Qodana Cloud

qodana.cloud

Qodana is a code quality monitoring platform that allows you to evaluate the integrity of code you own, contract, or purchase.

CodeScan

codescan.io

CodeScan Shield addresses code quality, security, and compliance liabilities with two automated modules: CodeScan and OrgScan. CodeScan provides static code analysis for total visibility into code health from the moment it’s written through production. OrgScan governs organizational policies by enforcing the security and compliance rules mandated for your Salesforce environment. Together, they ensure the code that makes up your Salesforce environment and the way the environment is being utilized will always meet high standards. The result is strengthened data security, streamlined DevSecOps processes, and an assurance of meeting compliance standards—avoiding potentially thousands of dollars in fines and lost opportunities. CodeScan Shield protects your Salesforce org from both the inside and outside. CodeScan provides dashboards and reports for consistent code visibility, while also alerting developers the moment new errors are introduced. OrgScan analyzes Salesforce policies to ensure the organization remains compliant with client-mandated specifications and guidelines. Violations are flagged and recorded in an interactive dashboard. Progress is tracked for policy reviews. Collectively, these features ensure admins maintain governance control within their organization. CodeScan Shield is part of AutoRABIT’s complete DevSecOps platform. Enabling Salesforce DevOps teams with CodeScan Shield’s powerful technology produces high-quality, secure applications and updates at speed.

OX Security

ox.security

Security should be an integral part of the software development process, not an afterthought. Founded by Neatsun Ziv and Lion Arzi, two former Check Point executives, OX is the first and only Active Application Security Posture Management (ASPM) Platform, consolidating disparate application security tools (ASPM+AST and SSC) into a single console. By merging best practices from risk management and cybersecurity with a user-centric approach tailored for developers, it offers complete security, prioritization, and automated remediation of security issues throughout the development cycle, enabling organizations to release secure products quickly.

CodeThreat

codethreat.com

Prevent the software flaws as early as possible in SDLC with CodeThreat SAST Platform. CodeThreat statically tests your code and helps you locate, prioritize and mitigate security weaknesses without pre-compilation. Self-Hosted Scan Center will help you to mitigate issues faster with real-time actions in your software development pipelines.

GoRetro

goretro.ai

GoRetro is a user-friendly, fun and customizable agile retrospective tool that leverages sprint data and team sentiment to drive continuous improvement. Thousands of scrum teams from Fortune 500 companies, banks, government agencies, and innovative startups use GoRetro to make their retrospectives fun, engaging and effective. How? By making sure you have frictionless meeting experience, while giving you facilitation superpowers so you can achieve maximum engagement and participation all wrapped with enterprise grade security (SOC-2 Type II and ISO 27001 certified). But that’s not all. With our deep data integration, we drive continuous team improvement. Say goodbye to juggling countless spreadsheets and tabs. Take control of your data from your existing tools and previous sprint retrospectives to speed up decision making and become a data-driven unit. GoRetro is free to try and will always have a free plan!

The Code Registry

thecoderegistry.com

The Code Registry is the world's first AI-powered code intelligence and insights platform, designed to safeguard and optimize software assets for businesses. By providing an independent, secure replication of code repositories and delivering in-depth analysis and reporting, The Code Registry empowers business leaders and senior IT experts to manage their development teams and software budgets more effectively. With a focus on security, efficiency, and transparency, The Code Registry is setting a new standard in code management and analysis. By signing up to any of our subscription tiers you will have complete access to; > Independent secure automated Code Vault back-ups > Full code security scans > Open Source dependency and licence detection > Code Complexity Analysis > AI Quotient™ > Full Git History > Proprietary 'code-to-replicate' code valuation > Automated comparison reporting. The Code Registry. Know Your Code™

Apiiro

apiiro.com

Apiiro is the leader in application security posture management (ASPM), unifying risk visibility, prioritization, and remediation with deep code analysis and runtime context. Get complete application and risk visibility: Apiiro takes a deep, code-based approach to ASPM. Its Cloud Application Security Platform analyzes source code and pulls in runtime context to build a continuous, graph-based inventory of application and software supply chain components. Prioritize with code-to-runtime context: With its proprietary Risk Graph™️, Apiiro contextualizes security alerts from third-party tools and native security solutions based on the likelihood and impact of risk to uniquely minimize alert backlogs and triage time by 95%. Fix faster and prevent risks that matter: By tying risks to code owners, providing LLM-enriched remediation guidance, and embedding risk-based guardrails directly into developer tools and workflows, Apiiro improves remediation times (MTTR) by up to 85%. Apiiro's native security solutions include API security testing in code, secrets detection and validation, software bill of materials (SBOM) generation, sensitive data exposure prevention, software composition analysis (SCA), and CI/CD and SCM security.

Cycode

cycode.com

Cycode is the only end-to-end software supply chain (SSC) security solution to provide visibility, security, and integrity across all phases of the SDLC. Cycode integrates with all of your software delivery pipeline tools and infrastructure providers to enable complete visibility and hardened security posture through consistent governance and security policies. Cycode further reduces the risk of breaches with a series of scanning engines that look for issues like hardcoded secrets, IAC misconfigurations, code leaks and more. Cycode’s patented knowledge graph tracks code integrity, user activity, and events across the SDLC to find anomalies and prevent code tampering.