SonarQube Review

Effective security scanning, uncomplicated installation , and reliable

What is our primary use case?

We are a $4 billion valuation large company and we use the solution for status security, scanning, and code quality. I am currently in the process of building a pipeline for one of my customers and for that we are utilizing this solution for the static analysis.

What is most valuable?

The fact that the solution does security scanning is valuable. This is primarily why we use it. For code quality, we could utilize other tools, such as unit test coverage, which it gives you too, but having a more comprehensive tool is useful.

What needs improvement?

Having a tool that is comprehensive in nature is very useful because otherwise, we have to run through multiple tools in order to get the entire viewpoint of a particular set of code. For example, we use SonarQube in combination with Nexus, which is another product that gives us some other information. I guess when it comes to the gamut of things that we are looking for including static code quality, static testing, and dynamic testing of security. Having performance regression would be a helpful add on or ability to be able to do during the scan. 

In an upcoming release, I would like to see the dynamic security testing feature available. I would like to point out that they could already offer this feature but I have not been that deep into the solution to know yet.

For how long have I used the solution?

I have been using the solution for approximately one year.

What do I think about the stability of the solution?

I have not run into any bugs or glitches. However, I have only been using it for a short time.

What do I think about the scalability of the solution?

The pipeline that I am currently building is being used by the platforms team, which is approximately three people. We use the solution as part of the automated code review process. As far as a larger perspective of who is actually benefiting from it, the development team is about 35 people.

How are customer service and technical support?

I have not needed to use technical support.

How was the initial setup?

The set up was very easy.

What other advice do I have?

I would recommend to those wanting to implement this solution to read the documentation, they are clear and easy to follow.

I rate SonarQube a nine out of ten.

Which deployment model are you using for this solution?

Private Cloud

Which version of this solution are you currently using?

Latest community version
**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More SonarQube reviews from users
...who work at a Computer Software Company
...who compared it with Fortify Application Defender
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
536,244 professionals have used our research since 2012.
Add a Comment
ITCS user