What is most valuable?
There is a large support system in the community. When we have issues we can get answers quickly and easily.
It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed.
It's very flexible.
I am from the application development team and for me, it is very good because it offers a lot of features in terms of code review, quality check, and more.
What needs improvement?
In discussions with the security team, there are many other products that are available that perform better. The security in SonarQube could be better.
SonarQube is more about the quality checks of the source code. It allows us to do a code review but it lacks security. It could perform better.
I would like to have better support for CI/CD as DevOps appliances, in terms of reporting on the issue and to be integrated with the pipeline.
It integrates well but there is always room in this area to improve and to provide reports on the results.
The user experience for the on-premises installation, creating a new project, defining the quality gate, and the user interface could be improved. It wasn't a simple experience.
For how long have I used the solution?
I have been using SonarQube for six months. We implemented it in September of last year.
What do I think about the stability of the solution?
It is very stable. We are still new to this product and learning, but there are times where SonarQube disconnects from the server with no alert or notification, and we have to run it again.
It can be managed by running different scripts. From time to time we have claims that SonarQube is not running on the server and discovered that the server was restarted but SonarQube did not restart.
I don't know if it is a flaw in the product itself or if we can manage it from our infrastructure.
It's stable but could be improved.
What do I think about the scalability of the solution?
I believe that it is scalable, but this is an area that we have not yet explored.
I know that there is an option to add a new rule. For example, if we are creating an application using Java, there is a list of predefined rules to check the quality against.
It's expandable at least in terms of code quality checks.
For now, I am the only user of this solution.
How was the initial setup?
The initial setup wasn't straightforward, but still, it was manageable.
This is an area that can also be improved to make it easier to install and setup. There are many other products that are easy to set up and install.
What about the implementation team?
I called an expert or a technical person who could work on it and manage it.
What's my experience with pricing, setup cost, and licensing?
SonarQube is a free, open-source product.
There are many different packages with different pricing options available. We are able to try what we have and if we need extra features we can upgrade the license.
What other advice do I have?
We will be using this solution for the next year, but we are considering migrating to the cloud.
From my experience, I would rate SonarQube a seven out of ten.