Overview

Codacy

Stacks298

Followers551

Votes248

SonarQube

Stacks1.8K

Followers2.0K

Votes53

GitHub Stars10.0K

Forks2.1K

ESLint

Stacks30.5K

Followers14.0K

Votes28

GitHub Stars26.6K

Forks4.8K

Codacy vs ESLint vs SonarQube: What are the differences?

Key differences between Codacy and ESLint and SonarQube

Language Support: Codacy primarily focuses on supporting popular programming languages like Python, JavaScript, Java, and others, while ESLint is specifically designed for JavaScript code analysis. On the other hand, SonarQube supports a wide range of languages including Java, C#, JavaScript, Python, and more.
Custom Rules: Codacy allows users to create custom code quality rules through its API, enabling teams to address specific coding standards. In contrast, ESLint and SonarQube offer robust libraries of predefined rules but may require additional plugins or configurations to create custom rules based on project requirements.
Reporting and Visualization: Codacy emphasizes real-time code quality feedback and integrates with popular project management tools like Jira and GitHub to streamline issue tracking and resolution. Unlike Codacy, ESLint primarily provides feedback through the command line or integrated development environments (IDEs) and lacks advanced visualization capabilities. SonarQube stands out by offering comprehensive dashboards and in-depth reports that highlight code quality trends and analysis over time.
Scalability and Integration: Codacy is well-suited for smaller teams and startups due to its ease of setup and usage, while ESLint is commonly used in JavaScript-heavy projects or codebases. SonarQube is preferred for larger organizations or enterprises that require comprehensive code quality management across multiple projects and repositories, thanks to its scalability and extensive integration capabilities.
Code Security Analysis: Codacy places a strong emphasis on security scanning by integrating with popular static code analysis tools like Spotbugs, PMD, and others to identify potential vulnerabilities in the codebase. While ESLint offers some security-focused plugins, SonarQube is known for its advanced security analysis features such as detecting security hotspots, injection flaws, and sensitive data exposure.
Cost and Licensing: Codacy offers flexible pricing plans based on the number of users and repositories, making it a cost-effective solution for small to mid-sized teams. ESLint, being an open-source tool, is free to use and can be easily integrated into various development workflows. In contrast, SonarQube offers both community (free) and commercial editions with additional features and support options, catering to the needs of diverse organizations.

In Summary, Codacy, ESLint, and SonarQube differ in language support, custom rules, reporting capabilities, scalability, code security analysis, and cost considerations, catering to various project requirements and team sizes.

Advice on Codacy, SonarQube, ESLint

Carlos

Mar 14, 2020

Needs adviceon

Prettier

ESLint

gulp

Scenario: I want to integrate Prettier in our code base which is currently using ESLint (for .js and .scss both). The project is using gulp.

It doesn't feel quite right to me to use ESLint, I wonder if it would be better to use Stylelint or Sass Lint instead.

I completed integrating ESLint + Prettier, Planning to do the same with [ Stylelint || Sasslint || EsLint] + Prettier.

And have gulp 'fix' on file save (Watcher).

Any recommendation is appreciated.

465k views465k

Comments

Alex

Software Engineer

Aug 7, 2020

Review

you don't actually have to choose between these tools as they have vastly different purposes. i think its more a matter of understanding how to use them.

while eslint and stylelint are used to notify you about code quality issues, to guide you to write better code, prettier automatically handles code formatting (without notifying me). nothing else.

prettier and eslint both officially discourage using the eslint-plugin-prettier way, as these tools actually do very different things. autofixing with linters on watch isnt a great idea either. auto-fixing should only be done intentionally. you're not alone though, as a lot of devs set this up wrong.

i encourage you to think about what problem you're trying to solve and configure accordingly.

for my teams i set it up like this: - eslint, stylelint, prettier locally installed for cli use and ide support - eslint config prettier (code formatting rules are not eslints business, so dont warn me about it) - vscode workspace config: format on save - separate npm scripts for linting, and formatting - precommit hooks (husky)

so you can easily integrate with gulp. its just js after all ;)

159k views159k

Comments

Detailed Comparison

Codacy	SonarQube	ESLint
Codacy automates code reviews and monitors code quality on every commit and pull request on more than 40 programming languages reporting back the impact of every commit or PR, issues concerning code style, best practices and security.	SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.	A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.
Available for cloud and self-hosted repositories;Static code analysis for +40 languages;Analysis for cloud infrastructure-as-code frameworks;Automatic analysis integrated in your CI;Code coverage tracking;Support for linter configuration files;1-click autofixes for GitHub;Static IP addresses for allowlisting Codacy;	Multi-language;Detect tricky issues;Security analysis;Enhance your workflow	-
Statistics
GitHub Stars -	GitHub Stars 10.0K	GitHub Stars 26.6K
GitHub Forks -	GitHub Forks 2.1K	GitHub Forks 4.8K
Stacks 298	Stacks 1.8K	Stacks 30.5K
Followers 551	Followers 2.0K	Followers 14.0K
Votes 248	Votes 53	Votes 28
Pros & Cons
Pros 45 Automated code review 35 Easy setup 29 Free for open source 20 Customizable 18 Helps reduce technical debt Cons 6 No support for private Git or Azure DevOps git	Pros 26 Tracks code complexity and smell trends 16 IDE Integration 9 Complete code Review 2 Difficult to deploy Cons 7 Paid support is poor, techs arrogant and unhelpful 7 Sales process is long and unfriendly 1 Does not integrate with Snyk	Pros 8 Consistent javascript - opinions don't matter anymore 6 Free 6 IDE Integration 4 Customizable 2 Broad ecosystem of support & users
Integrations
GitHub GitLab Slack Bitbucket Jira	Gradle Apache Maven Jenkins TeamCity Appveyor Travis CI Apache Ant Bamboo	JavaScript

What are some alternatives to Codacy, SonarQube, ESLint?

Code Climate

After each Git push, Code Climate analyzes your code for complexity, duplication, and common smells to determine changes in quality and surface technical debt hotspots.

Phabricator

Phabricator is a collection of open source web applications that help software companies build better software.

PullReview

PullReview helps Ruby and Rails developers to develop new features cleanly, on-time, and with confidence by automatically reviewing their code.

Gerrit Code Review

Gerrit is a self-hosted pre-commit code review tool. It serves as a Git hosting server with option to comment incoming changes. It is highly configurable and extensible with default guarding policies, webhooks, project access control and more.

RuboCop

RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide.

CodeFactor.io

CodeFactor.io automatically and continuously tracks code quality with every GitHub or BitBucket commit and pull request, helping software developers save time in code reviews and efficiently tackle technical debt.

Amazon CodeGuru

It is a machine learning service for automated code reviews and application performance recommendations. It helps you find the most expensive lines of code that hurt application performance and keep you up all night troubleshooting, then gives you specific recommendations to fix or improve your code.

Reviewable

A code review tool for GitHub pull requests inspired by Google's internal tool. Powerful diffing and workflow features wrapped in a beautiful UI, with seamless GitHub integration. Free for public repos.

bitHound

With faster deployment cycles, a hundred competing priorities and tight deadlines to juggle– your team has a lot on their plate. Uncover and focus on the critical issues impacting your team, avoid software pitfalls and ship with confidence.