SonarQube Review

Good code scanning and quality gate features, but the reporting could be improved


What is our primary use case?

I was using SonarQube to scan my code for vulnerabilities as part of the DevOps process.

What is most valuable?

The most valuable features are code scanning and Quality Gates.

What needs improvement?

The reporting can be improved. In particular, the portability report can be better.

I would like to see better integration with the various DevOps tools.

For how long have I used the solution?

I was using SonarQube for between six and ten months.

What do I think about the stability of the solution?

The stability is good.

How are customer service and technical support?

The community support is great. I have not had reason to contact the technical support team from the vendor.

How was the initial setup?

The initial setup is straightforward. I would not say that it is complex and it can be deployed in less than 10 minutes.

What's my experience with pricing, setup cost, and licensing?

I was using the Community Edition, which is available free of charge.

Which other solutions did I evaluate?

I evaluated other products including Veracode and I felt that SonarQube was the best product.

What other advice do I have?

I would rate this solution a seven out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More SonarQube reviews from users
...who work at a Financial Services Firm
...who compared it with Veracode
Add a Comment
Guest