Interview › Security & DevSecOps
What is the difference between SonarQube and SonarCloud? [Basic]
Answer
SonarQube is typically a self-managed or enterprise-managed server that an organization operates. SonarCloud is SonarSource's hosted SaaS offering, commonly used for cloud-hosted repositories and teams that do not want to operate the platform themselves.
Technical explanation
SonarQube gives more control over hosting, network placement, plugins, data residency, and enterprise integration.
SonarCloud reduces operational overhead and is convenient for GitHub, Bitbucket, Azure DevOps, and open-source workflows.
The choice depends on compliance, data residency, administration model, repository hosting, and cost structure.
Hands-on example
Example decision: for regulated internal code with strict data residency, use self-hosted SonarQube behind SSO. For a small SaaS team already on GitHub Cloud, use SonarCloud and enforce its PR checks through branch protection.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]