SonarQube Review

Cost-effective with good out-of-the-box features

What is our primary use case?

I have used SonarQube for static code analysis. I am using it to assess my internal applications.

What is most valuable?

I like the by-default policies that are they, as they seem to cover most of what I need. I see that as an essential feature.

What needs improvement?

The interface could be a little better and should be enhanced.

More support for integration with third-party products would be an improvement.

For how long have I used the solution?

I have been using SonarQube for more than five years.

What do I think about the stability of the solution?

I have not faced any bugs or glitches in SonarQube.

How are customer service and technical support?

I have not been in contact with technical support, although my teams would have definitely reached out.

How was the initial setup?

I would not say that the initial setup was complex, although it was not smooth enough. This was a mixed, hybrid set up because every environment has its own applications to deploy. That said, it was not so critical that we were no able to manage it.

What about the implementation team?

We have an in-house team in charge of maintenance. I have four people who are on payroll and an augmented staff of three more.

What's my experience with pricing, setup cost, and licensing?

SonarQube is an open-source product that can be used free of charge. It is a cost-effective solution.

Which other solutions did I evaluate?

You cannot really compare this product to commercial solutions. However, the features that it provides out of the box are very good.

When it comes to other technologies, such as the Checkmarx of the world, they are better than SonarQube. This is something that they should look at as this project evolves.

What other advice do I have?

This product is leading its class in the open-source community. It is absolutely a product that I can recommend. I think that digital organizations that have budget constraints should look at this technology, and then they can evolve it as per their needs.

In the future, I may look into deploying SonarQube in a hybrid model.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More SonarQube reviews from users
...who work at a Computer Software Company
...who compared it with Fortify Application Defender
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: August 2021.
535,919 professionals have used our research since 2012.
Add a Comment
ITCS user