Liquibase vs. SonarQube Server

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Liquibase
Score 8.0 out of 10
Enterprise companies (1,001+ employees)
Liquibase is a database change management tool that extends DevOps best practices to the database, helping teams release software faster and safer by bringing the database change process into existing CI/CD automation. According to the 2021 Accelerate State of DevOps Report, elite performers are 3.4 times more likely to incorporate database change management into their process than low performers. Liquibase value proposition: Liquibase speeds up the development…N/A
SonarQube Server
Score 9.5 out of 10
N/A
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
$720
per year per installation
Pricing
LiquibaseSonarQube Server
Editions & Modules
No answers on this topic
Community
Free
Developer EDITION
starting at $720
per year per installation
Enterprise EDITION
Contact sales for pricing
per year per installation
Data Center EDITION
Contact sales for pricing
per year per installation
Offerings
Pricing Offerings
LiquibaseSonarQube Server
Free Trial
YesYes
Free/Freemium Version
YesYes
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
LiquibaseSonarQube Server
Considered Both Products
Liquibase
Chose Liquibase
flyway use sql for defining change but Liquidbase provides flexibility to specify change in different formats including sql such as xml, yaml and json
Chose Liquibase
With Flyway you need to Write rollback scripts manually. With Liquibase we have a lot of customization with to rollback with options such rollback-one-changeset or rollback-one-update.
Chose Liquibase
Liquibase supports a wide range of database management systems (DBMS) including MySQL, PostgreSQL, Oracle, SQL Server, and more. It is written in Java and offers command-line, XML, YAML, and JSON configurations. where as Alembic is primarily targeted at SQLAlchemy users, which …
Chose Liquibase
There is no real competitor when it comes to what Liquibase does - at least not at the time we considered it three years ago. It was an easy choice in this regard, but we could have said no to it if it made our workload more difficult. But our proof of concept showed there were …
Chose Liquibase
Utilized ADO Repos to create DDL/DML scripts and run thru CI/CD pipeline
Chose Liquibase
We adopted Liquibase to complete our Ci/Cd scenarios. Without Liquibase, DB changes were out to scope in our DevOps scenarios. Log and accountability are more clear now.
Chose Liquibase
Liquibase provide rollback feature more matured than others.
Chose Liquibase
We evaluated none of the ones mentioned in this list.
Chose Liquibase
Liquibase makes it easy to integrate into CI/CD pipelines, keeping the database and code in sync. The switch from one database management system to another is made easier by modeling the structure of the database in DBMS-independent XML rather than SQL. A user-friendly web …
Chose Liquibase
Liquibase is much more powerful compared to Flyway since it is much more flexible in nature. You can apply changes programmatically, works with any kind of database and provides features version controlling database schemas. All these features were missing in Flyway and that's …
Chose Liquibase
To be honest, the option of having a free community plan to start testing in a test environment, followed by taking it in production a few months is a great way to evaluate wether or not to do the subscription based plan.
Chose Liquibase
We didn't try any other products.
Chose Liquibase
I didn't encounter similair or competitor product
Chose Liquibase
Liquibase is preferred over Flyway if your engineers doesn’t have knowledge in the DDL language used in each database product supported. If you only need to support a single database product and your engineers have the skills I would recommend Flyway instead. Liquibase is …
Chose Liquibase
Both liquibase and Flyway help you deploy database changes associated with new application deployments. They will both help with reducing database administration tasks and ensure reliability of the application service. Comparing Liquibase and Flyway, I found liquibase to be …
Chose Liquibase
These other products were for infrastucture as code and not as well-suited for managing database changes; instead Liquibase was more oriented towards it and was easier to pick up its syntax also.
Chose Liquibase
Liquibase is head and shoulders better than relying on SQL Compare alone for deployments. I haven't used Flyway, but based on our evaluation, Liquibase seemed to have a lot of functional overlap for considerably less cost. I would recommend the use of GitHub or BitBucket in …
Chose Liquibase
At the time, Liquibase offered a community version and I think Flyway didn’t. In our case, we did not have any previous experience with any database management tools, so we just went with what was free to try out.
SonarQube Server
Chose SonarQube Server
Some are still under consideration. Pricing is a big component. Some FOSS products have been considered is at par (at least for our needs) or catching up. Although the amazing support in the community weighs hard on the value. So, if it went away...so would some arguments …
Chose SonarQube Server
SonarQube is more focused on code quality, whereas Veracode does a better job of finding security vulnerabilities. We lean towards SonarQube because we are looking for quality.
Chose SonarQube Server
Jenkins and Gitlab are not exact alternatives for SonarQube, however, they do provide functionality for running and executing build pipelines for various languages and generating reports. However, they are not extensible, have no integration with IDEs and not suitable for …
Chose SonarQube Server
SonarQube deployment worked well with our pipeline and had the right integrations with our IDE as well as it worked well with analyzing .NET frameworks when compared to GitHub and GitLab which has some of the functionality and can do some checks, but SonarQube made more sense …
Chose SonarQube Server
SonarQube is a SAST, SOOS focuses on SCA and DAST - both of which we felt were out of scope for our immediate needs. Plus, through plugins SonarQube is able to accomplish some SCA.
Chose SonarQube Server
SonarQube identifies significant more thing compared to the built-in suggestions in IntelliJ IDEA. The suggestions how to correct issues are also a lot better with SonarQube. IntelliJ IDEA provides great refactoring support to make it easy to refactor the code to solve issues. …
Chose SonarQube Server
Getting SonarQube instead of the other tools we tested was an easy choice. Snyk was way too much limited to only Docker images and dependency analysis at that time. And Checkmarx was very hard to adapt to our needs : configuring custom quality gates was way too much of a …
Chose SonarQube Server
SonarQube is much improved version as compared to SonarLint and Findbugs or any other software we found in similar category. It's open source and can be easily integrated with code pipeline.
Chose SonarQube Server
We decided to use SonarQube for the following reasons:
  1. Multi-language support: SonarQube supported all the languages used in our codebase while some of the other tools did not.
  2. Customizable quality profiles: SonarQube allowed teams to create custom quality profiles that aligned …
Chose SonarQube Server
I have used GitHub more that fortify so I am more familiar with GitHub for checking for vulnerabilities. I have noticed GitHub is good for checking different packages within your project but as far as checking code Quality and coverage Sonar is the better one in my opinion. …
Chose SonarQube Server
Visual Studio has some nice code analysis tools, most which can be activated at development time.
But they have some shortcomings and using an external tool allows catching issues that were not seen during development.
Using this dual approach makes for a more robust application …
Chose SonarQube Server
I have used other tools like SoapUI and Postman, but their working and use case are totally different from the SonarQube, so basically cannot compare SonarQube with them. We use SonarQube in our project to basically calculate the code quality report mostly. In that report, we …
Chose SonarQube Server
I personally evaluated klocwork in a previous company and it worked well for Static Code Analysis for C++ applications but the Java support was not as good as SonarQube.

Also the overall tooling and integrations provided by SonarQube is stellar and very other competitors can …
Chose SonarQube Server
Setting up with Azure devops is easier.
Scans results and depth of tweaking/whitelisting code snippets is easier with SonarQube.
Chose SonarQube Server
SonarQube is an open-source. It's a scalable product. The costs for this application, for the kind of job it does, are pretty descent. Pipeline scan is more secured in SonarQube. Its a very good tool and its support multiple languages. Its main core competency is of static code …
Chose SonarQube Server
SonarQube contains all of their features. Findbugs has very limited capabilities. It is just a static code analyser and does not check for a continous code quality and also not possible to integrate its plugin azure devops .net pipelines and more importantly SonarQube ui is …
Chose SonarQube Server
Sonar Qube doesn't do as good of a job of finding security vulnerabilities as dedicated SAST software, but it does more for code quality that the developers want to see. A comparison of Sonar Qube to something like Veracode or Fortify isn't apples to apples since they're not …
Chose SonarQube Server
We found SonarQube right at the beginning of our research process and found that it met most of our needs. SonarQube fit very nicely into our TFS continuous integration process. We seamlessly integrated the SonarQube steps into our TFS process via the Microsoft Marketplace. …
Chose SonarQube Server
Gitlab, if you have the right license, ships with a static analysis tool. It integrates better with Gitlab, but didn't seem to have the same quality output that Sonarqube did. Sonarqube's community version is plenty suitable for day to day analysis operations.
Best Alternatives
LiquibaseSonarQube Server
Small Businesses
DBeaver
DBeaver
Score 9.2 out of 10
GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
DBeaver
DBeaver
Score 9.2 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
DBeaver
DBeaver
Score 9.2 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
LiquibaseSonarQube Server
Likelihood to Recommend
8.0
(0 ratings)
8.8
(0 ratings)
Likelihood to Renew
9.1
(0 ratings)
-
(0 ratings)
Usability
9.1
(0 ratings)
9.1
(0 ratings)
Support Rating
7.4
(0 ratings)
9.0
(0 ratings)
Implementation Rating
9.1
(0 ratings)
-
(0 ratings)
User Testimonials
LiquibaseSonarQube Server
Likelihood to Recommend
Any Codebase that does schema or table changes all the time for development or where Development and code is mostly in the database or SQL liquibase is a must. In a codebase where the database is pretty static or is just a place to dump data, liquibase is probably too much. You also need to have a team for it to really make sense. Doing a solo or small team project doing full version control on the database is probably more overhead than it is worth.
Read full review
Scenarios where SonarQube is well suited:
  1. Large codebase: The tool's static analysis capabilities can help teams quickly identify and fix bugs, vulnerabilities, and code smells in large codebases.
  2. Compliance and security: The tool can check the code against industry standards or regulations, such as OWASP and CWE, and identify any issues that need to be addressed.
  3. Agile development: SonarQube can be integrated with CI/CD pipelines allowing teams to continuously monitor and improve code quality throughout the development process.
  4. Teams using multiple languages: Teams that use multiple programming languages can benefit from using SonarQube, as the tool supports a wide range of languages and can be integrated with a variety of development tools.
Scenarios where SonarQube may be less appropriate:
  1. Small codebase: Organizations with a small codebase may not see the full benefits of using SonarQube, as the tool's static analysis capabilities may be overkill for a smaller codebase.
  2. Limited resources: Organizations with limited resources may find it difficult to set up and configure SonarQube, as the tool can be complex and may require specialized expertise.
  3. Limited integration: Organizations that use development tools or IDEs that are not supported by SonarQube may find it difficult to integrate the tool into their existing development workflow.
  4. Limited scalability: Large organizations with millions of lines of code may find SonarQube's performance and scalability to be an issue. It may take longer for the analysis to finish and the results may not be as accurate.
Read full review
Pros
  • Liquibase provides a clear error log that allows us to pinpoint what to troubleshoot.
  • The service does not deploy bad data, which helps us keep our databases clean.
  • Liquibase works with GitHub Actions as well as AWS Codebuild and AWS Lambda. The flexibility allows us to deploy the service in many different ways.
Read full review
  • Generating code quality report
  • Calculates junit coverage of the codebase very efficiently and precisely
  • Highlights the bugs and vulnerabilities in our codebase
  • Informs the user of the improvements which can be done to the code to make it cleaner
  • SonarQube also suggests remediation and resolution of the problems it highlights
Read full review
Cons
  • Reducing Compatibility issues, when we upgraded Liquibase from 4.2 to 4.9. The same changeset which we were able to run on successfully using 4.2, part of it was now failing when tried to deploy using 4.9
  • We are not able to see detailed logs (for different changes) in uDeploy when deploying changes through Liquibase
  • Liquibase should rollback the if any one of the changes fails.
Read full review
  • It doesn't provide automatic pull request with fixes
  • It doesn't provide insights about the libraries of the projects
  • The administration management user interface could be simplified
  • It doesn't provide an order to fix issues, like archives with more and frequent commits have top priority
Read full review
Likelihood to Renew
We are and will continue using Liquibase and it has become an integral part of our portfolio offering, any new product is by default adopting Liquibase stack.
Read full review
No answers on this topic
Usability
the database deployments helped teams with a increased productivity,
faster delivery and low risk.
Read full review
It can improve in some user experience and usability parts, like the code view and the way we assign issues it's a bit hidden and not highlighted
Read full review
Support Rating
Liquibase's customer support team has been very instrumental in helping us drive the whole Database CI/CD initiative. We have always received very quick resolution to our queries or any roadblock we hit. Right from setting up Liquibase in our environment to this date the Liquibase team has always helped us deliver quality and innovative solutions.
Read full review
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Read full review
Implementation Rating
Build process takes a toll.
Read full review
No answers on this topic
Alternatives Considered
In my previous project and organization I have used Flyway for database change management and version control similar to Liquibase which I am currently using. Comparing it with Flyway, Liquibase provides more feature flexibility and enhancements to handle complex workflows with rollback capability and its usage of contexts and labels allow us to target changes to specific environments, which Flyway doesn’t support natively. Also Liquibase provides way to compare different schema and generate changelogs for syncing environments automatically where in it allows to have declarative schema management by using XML/YAML/SQL script format.
Read full review
SonarQube identifies significant more thing compared to the built-in suggestions in IntelliJ IDEA. The suggestions how to correct issues are also a lot better with SonarQube. IntelliJ IDEA provides great refactoring support to make it easy to refactor the code to solve issues. We use these tools together and they really complement each other.
Read full review
Return on Investment
  • We are still in the early phases, where the costs are potentially greater than the benefit. Trying to get Liquibase integrated into a pipeline has taken time investment and required some trial and error.
  • We are still a relatively small shop with a relatively small number of schema changes (perhaps 1 every week or so). As such, we aren't at a place where we couldn't have managed control of this without a tool. However, there is no doubt that investing in a tool at this stage was the right move. Now we have established guidelines and a pattern for how to do schema changes in a way that will make things easily scalable as we continue to grow.
Read full review
  • Positive ROI from the standpoint of flagging several issues that would have otherwise likely been unaddressed and caused more time to be spent closer to launch
  • Slightly positive ROI from time-saving perspective (it's an automated check which is nice, but depending on the issues it finds, can take developers time to investigate and resolve)
Read full review
ScreenShots

SonarQube Server Screenshots

Screenshot of Application Status.Screenshot of Portfolio Overview.Screenshot of Taint Analysis.