What is our primary use case?
Our software developers use SonarQube to catch any issues that can be found by using static code analysis. My understanding is that it checks the core complexity by evaluating the coding rules to make sure of things such as the correct classes are private.
How has it helped my organization?
The developers are rejecting the idea that this product is useful.
What is most valuable?
Before you even compile, it can catch known vulnerability issues or patterns.
What needs improvement?
Our developers have complained about the Quality Gates and the number of false positives that this product reports. Their older code is breaking and with the Quality Gate on the pipeline, they are not able to safely release at this point. This means that they have to add a lot of things to the whitelist, so there is room for improvement in this regard.
For how long have I used the solution?
We have been using SonarQube for less than six months. We have not yet onboarded it for production.
What do I think about the stability of the solution?
I have not seen any problems in terms of stability, although it has not been onboarded yet. Once that happens, we may see more problems.
What do I think about the scalability of the solution?
We have not tried to scale yet.
How was the initial setup?
The initial setup involved downloading the open-source code and installing it in a container.
What about the implementation team?
I was responsible for setting up this tool in our company.
What's my experience with pricing, setup cost, and licensing?
We are using the open-source version, which is available free of cost.
Which other solutions did I evaluate?
We evaluated other open-source products and found that SonarQube was the best one of the set.
What other advice do I have?
This product is regularly updated by the open-source community, although the changes are often project-specific and may not help in the general case.
I would rate this solution a five out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)