SonarQube

About

Open-source continuous code inspection platform for detecting bugs, security vulnerabilities, code smells, and technical debt across 35+ programming languages

Sovereignty Score

out of 100

Data completeness32% (Minimal)

Score relies on pessimistic defaults for missing fields

Jurisdictional(25%)

100

Excellent jurisdictional protection with EU-only legal exposure

Jurisdiction: Switzerland (EFTA member)
No foreign parent provider

Ownership(20%)

Significant foreign ownership or control risk

Mixed ownership (>30% non-EU)
Series B funding
Acquisition risk unknown (assumed high) (Submit verified data to improve this score)

Governance(20%)

Centralized control, limited community governance

Single company controls roadmap
Entity control data unknown (assumed >80% single entity) (Submit verified data to improve this score)

Portability(15%)

Some portability options available

SaaS only (no self-host option)

License(10%)

True open source with stable, permissive licensing

Copyleft open source
SaaS service (license stability not tracked)

Community(10%)

Limited community health data or concerning indicators

Bus factor unknown (assumed worst case: 1) (Submit verified data to improve this score)
Project is thriving
Release frequency unknown (assumed stale) (Submit verified data to improve this score)
Issue response time unknown (assumed >30 days) (Submit verified data to improve this score)
10K+ GitHub stars

How missing data affects scores Submit data corrections

Provider

SonarSource S.A.

Quick Facts

Jurisdiction: Switzerland, EFTA
Ownership: Mixed (>30% Non-EU)
Deployment: SaaS