SonarQube Review

Supports multiple program languages, highly scalable, and has open-source version


What is our primary use case?

We are using the solution for code quality and security.

What is most valuable?

The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language. The quality profile rules that it provides based on the architect are set across the board, this provides continuity. Being able to fix all the application vulnerabilities before it reaches production is a huge benefit.

What needs improvement?

There are times that we have the database crash. However, this might be an issue with how we have configured it and not a software issue. Apart from this, I do not see any issues with the solution.

For how long have I used the solution?

I have been using the solution for approximately eight years.

What do I think about the scalability of the solution?

The scalability depends on the use case. You cannot install it with minimal resources and expect it to run thousands of jobs. It is scalable based on your environment. How big is your project? How many APIs do you want to scan? How many APIs per minute, etc. Based on that information you need to first decide upfront how much memory or how much storage you want to give to it. You need to have clear data with you and then use the resources to design accordingly. I think it is highly scalable and can operate seamlessly if you give it the environment that is sufficient. You cannot expect magic from it.

We have some projects that have 150 users with ten teams using the solution.

How are customer service and technical support?

We had to contact technical support back several years ago because we had an issue with one of the new SQL plugins which ended up being resolved. The support is not required anymore because they have very good documentation that meets our needs.

How was the initial setup?

The initial setup is straightforward.

What's my experience with pricing, setup cost, and licensing?

I do not know the price of the solution since I have not been involved in purchasing licenses. However, this solution requires a license and we have enterprise-level licenses for our organization and for our client.

The beauty of this solution is the free open-source version is capable enough in doing pretty much what an enterprise-level version can do. The enterprise-level has only a few more options, such as better reporting and generating PDFs. If you have a small-scale project or if you do not have a high budget, I think open-source will do wonders.

What other advice do I have?

For those wanting to implement this solution, I would suggest it is the best tool. It has a big open-source community where you learn any language. There are many extra plugins you can apply to scan in your code. It has support for Android, iOS, COBOL, Java, JavaScript databases, and more. It has everything you need.

I rate SonarQube a nine out of ten.

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More SonarQube reviews from users
...who work at a Computer Software Company
...who compared it with Fortify Application Defender
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: August 2021.
535,919 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest