Home
DevOps
Build, Test, Deploy
Code Review

Codacy vs ESLint vs SonarQube

Need advice about which tool to choose?Ask the StackShare community!

Codacy
297
551
+ 1
248
ESLint
30K
13.7K
+ 1
28
SonarQube
1.7K
2K
+ 1
53

Codacy vs ESLint vs SonarQube: What are the differences?

Key differences between Codacy and ESLint and SonarQube

  1. Language Support: Codacy primarily focuses on supporting popular programming languages like Python, JavaScript, Java, and others, while ESLint is specifically designed for JavaScript code analysis. On the other hand, SonarQube supports a wide range of languages including Java, C#, JavaScript, Python, and more.

  2. Custom Rules: Codacy allows users to create custom code quality rules through its API, enabling teams to address specific coding standards. In contrast, ESLint and SonarQube offer robust libraries of predefined rules but may require additional plugins or configurations to create custom rules based on project requirements.

  3. Reporting and Visualization: Codacy emphasizes real-time code quality feedback and integrates with popular project management tools like Jira and GitHub to streamline issue tracking and resolution. Unlike Codacy, ESLint primarily provides feedback through the command line or integrated development environments (IDEs) and lacks advanced visualization capabilities. SonarQube stands out by offering comprehensive dashboards and in-depth reports that highlight code quality trends and analysis over time.

  4. Scalability and Integration: Codacy is well-suited for smaller teams and startups due to its ease of setup and usage, while ESLint is commonly used in JavaScript-heavy projects or codebases. SonarQube is preferred for larger organizations or enterprises that require comprehensive code quality management across multiple projects and repositories, thanks to its scalability and extensive integration capabilities.

  5. Code Security Analysis: Codacy places a strong emphasis on security scanning by integrating with popular static code analysis tools like Spotbugs, PMD, and others to identify potential vulnerabilities in the codebase. While ESLint offers some security-focused plugins, SonarQube is known for its advanced security analysis features such as detecting security hotspots, injection flaws, and sensitive data exposure.

  6. Cost and Licensing: Codacy offers flexible pricing plans based on the number of users and repositories, making it a cost-effective solution for small to mid-sized teams. ESLint, being an open-source tool, is free to use and can be easily integrated into various development workflows. In contrast, SonarQube offers both community (free) and commercial editions with additional features and support options, catering to the needs of diverse organizations.

In Summary, Codacy, ESLint, and SonarQube differ in language support, custom rules, reporting capabilities, scalability, code security analysis, and cost considerations, catering to various project requirements and team sizes.

Advice on Codacy, ESLint, and SonarQube
Carlos Benavides
| 7 upvotes · 448.8K views
Needs advice
on
ESLintESLintSass Lint Sass Lint
and
StylelintStylelint

Scenario: I want to integrate Prettier in our code base which is currently using ESLint (for .js and .scss both). The project is using gulp.

It doesn't feel quite right to me to use ESLint, I wonder if it would be better to use Stylelint or Sass Lint instead.

I completed integrating ESLint + Prettier, Planning to do the same with [ Stylelint || Sasslint || EsLint] + Prettier.

And have gulp 'fix' on file save (Watcher).

Any recommendation is appreciated.

See more
Replies (3)
Amaro Mariño
Senior Frontend Developer at Landbot.io · | 6 upvotes · 162.8K views
Recommends
on
ESLintESLint

In the case of .js files I would recommend using both Eslint and Prettier.

You can set up Prettier as an Eslint rule using the following plugin:

https://github.com/prettier/eslint-plugin-prettier

And in order to avoid conflicts between Prettier and Eslint, you can use this config:

https://github.com/prettier/eslint-config-prettier

Which turns off all Eslint rules that are unnecessary or might conflict with Prettier.

See more
Alex Spieslechner
Software Engineer · | 5 upvotes · 149.8K views
Recommends
on
ESLintESLintPrettierPrettierStylelintStylelint

you don't actually have to choose between these tools as they have vastly different purposes. i think its more a matter of understanding how to use them.

while eslint and stylelint are used to notify you about code quality issues, to guide you to write better code, prettier automatically handles code formatting (without notifying me). nothing else.

prettier and eslint both officially discourage using the eslint-plugin-prettier way, as these tools actually do very different things. autofixing with linters on watch isnt a great idea either. auto-fixing should only be done intentionally. you're not alone though, as a lot of devs set this up wrong.

i encourage you to think about what problem you're trying to solve and configure accordingly.

for my teams i set it up like this: - eslint, stylelint, prettier locally installed for cli use and ide support - eslint config prettier (code formatting rules are not eslints business, so dont warn me about it) - vscode workspace config: format on save - separate npm scripts for linting, and formatting - precommit hooks (husky)

so you can easily integrate with gulp. its just js after all ;)

See more
Alexis Villegas Torres
Software Engineer at SpeedUrWeb · | 5 upvotes · 162.4K views
Recommends
on
StylelintStylelint

Pura vida! Well, I had a similar issue and at the end I decided to use Stylelint + Prettier for that job, in our case, we wanted that our linting process includes the SCSS files and not only the JS file, base on that we concluded that using only ESLint to do both things wasn't the best option, so, we integrated prettier with Stylelint, and for that we used a neat plugin that allowed us to use Prettier inside Stylelint here is the link, https://github.com/prettier/stylelint-prettier#recommended-configuration, I hope that this can help you, hasta pronto!, :)

See more
Manage your open source components, licenses, and vulnerabilities
Learn More
Pros of Codacy
Pros of ESLint
Pros of SonarQube
  • 45
    Automated code review
  • 35
    Easy setup
  • 29
    Free for open source
  • 20
    Customizable
  • 18
    Helps reduce technical debt
  • 14
    Better coding
  • 13
    Best scala support
  • 11
    Faster Employee Onboarding
  • 10
    Duplication detector
  • 10
    Great UI
  • 9
    PHP integration
  • 6
    Python inspection
  • 5
    Tools for JVM analysis
  • 5
    Many integrations
  • 4
    Github Integration
  • 3
    Must-have for Java
  • 3
    Easy Travis integration
  • 3
    Items can be ignored in the UI
  • 3
    Asdasdas
  • 2
    Gitlab
  • 0
    Asdas
  • 8
    Consistent javascript - opinions don't matter anymore
  • 6
    Free
  • 6
    IDE Integration
  • 4
    Customizable
  • 2
    Focuses code review on quality not style
  • 2
    Broad ecosystem of support & users
  • 26
    Tracks code complexity and smell trends
  • 16
    IDE Integration
  • 9
    Complete code Review
  • 1
    Difficult to deploy

Sign up to add or upvote prosMake informed product decisions

Cons of Codacy
Cons of ESLint
Cons of SonarQube
  • 6
    No support for private Git or Azure DevOps git
    Be the first to leave a con
    • 7
      Sales process is long and unfriendly
    • 7
      Paid support is poor, techs arrogant and unhelpful
    • 1
      Does not integrate with Snyk

    Sign up to add or upvote consMake informed product decisions

    - No public GitHub repository available -

    What is Codacy?

    Codacy automates code reviews and monitors code quality on every commit and pull request on more than 40 programming languages reporting back the impact of every commit or PR, issues concerning code style, best practices and security.

    What is ESLint?

    A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.

    What is SonarQube?

    SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.

    Need advice about which tool to choose?Ask the StackShare community!

    What companies use Codacy?
    What companies use ESLint?
    What companies use SonarQube?

    Sign up to get full access to all the companiesMake informed product decisions

    What tools integrate with Codacy?
    What tools integrate with ESLint?
    What tools integrate with SonarQube?

    Sign up to get full access to all the tool integrationsMake informed product decisions

    Blog Posts

    How Codacy Analyzes 30 Billion Lines of Code Per Day
    May 1 2019 at 12:25AM

    Codacy

    DockerAmazon EC2Scala+8
    6
    2754
    How LendingHome Scaled Their Marketplace To $750M In Real Esta...
    Sep 2 2016 at 3:23AM

    LendingHome

    JavaScriptGitGitHub+43
    18
    5306
    What are some alternatives to Codacy, ESLint, and SonarQube?
    Code Climate
    After each Git push, Code Climate analyzes your code for complexity, duplication, and common smells to determine changes in quality and surface technical debt hotspots.
    Better Code Hub
    Better Code Hub runs the first analysis of any GitHub repository with the default configuration. This default configuration is based on the programming languages reported by GitHub and supported by Better Code Hub. Better Code Hub further uses heuristics and commonly used conventions.
    Codecov
    Our patrons rave about our elegant coverage reports, integrated pull request comments, interactive commit graphs, our Chrome plugin and security.
    Coveralls
    Coveralls works with your CI server and sifts through your coverage data to find issues you didn't even know you had before they become a problem. Free for open source, pro accounts for private repos, instant sign up with GitHub OAuth.
    codebeat
    codebeat helps you prioritize issues and identify quick wins. It provides immediate and continuous feedback on complexity and duplication
    See all alternatives

    Related Comparisons

    Codacy vs Code Climate vs PullReviewESLint vs RuboCop vs SonarQubeCode Climate vs ESLint vs SonarQubeCodacy vs CodeFactor.ioCoverity Scan vs GitCop vs SonarQube

    Trending Comparisons

    Django vs Laravel vs Node.jsBootstrap vs Foundation vs Material-UINode.js vs Spring BootFlyway vs LiquibaseAWS CodeCommit vs Bitbucket vs GitHub

    Top Comparisons

    Postman vs Swagger UIHipChat vs Mattermost vs SlackBitbucket vs GitHub vs GitLabBootstrap vs Materialize