SonarQube Review

Reasonably priced, provides good code coverage and improves quality

What is our primary use case?

We use SonarQube for determining code coverage, finding bugs, and searching for security-related issues in our development environment.

What is most valuable?

The code coverage feature is very good.

What needs improvement?

When performing the code coverage function, there are a lot of warnings that come up and you may not have time to solve them. You need to have the ability to overrule warnings or issues because it may not be possible to commit the time to resolve them immediately. If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time.

SonarQube needs some improvement in its ability to find security-related issues.

For how long have I used the solution?

I have been using SonarQube for the past seven or eight years.

What do I think about the stability of the solution?

We have not found any bugs or had trouble with stability. We have had some minor hiccups, here and there, but otherwise, we are fine.

What do I think about the scalability of the solution?

We have not found any issues with respect to scalability. 

How are customer service and technical support?

I have not personally been in contact with technical support. I believe that our team recently had contact with them when we migrated to the newer version, and we received help from their support agent.

Which solution did I use previously and why did I switch?

I have also used Veracode and when comparing the two, I find that Veracode is better at finding security-related issues during the static code analysis. At the same time, during my PoC with Veracode, they did not claim to be able to provide everything that SonarQube does. 

How was the initial setup?

I was not involved in the initial setup. However, I do know that it can be set up within one or two days.

What about the implementation team?

We have an in-house team for deployment and maintenance.

What's my experience with pricing, setup cost, and licensing?

I am satisfied with the pricing.

What other advice do I have?

In general, I am very satisfied with SonarQube and I highly recommend it. If you are looking for full coverage and quality improvement then it is the best product to use.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More SonarQube reviews from users
...who work at a Financial Services Firm
...who compared it with Veracode
Add a Comment