SonarQube Review

Prevents vulnerabilities, supports most languages and built-in procedures

How has it helped my organization?

It prevents some vulnerabilities in the production environment.

What is most valuable?

I like that it covers most programming languages for source code review.

I also like the procedures that are already built-in that cover most of the items that already exist.

What needs improvement?

SonarQube does not cover BPM programming language. It only covers the Java layer from BPM WebMethods. When we were faced with this issue with one of your applications, we found that we were not able to scan the BPM code for configurations generated from the WebMethod.

The BPM language is important and should be considered in SonarQube.

It utilizes a lot of resources from the servers. I think this issue should be resolved because it takes approx 20% of the CPU utilization.

Reporting related to SonarQube only exists in the enterprise edition, and not in the Community Edition.

There are no limitations in the lines of code with the Community Edition, but with the Enterprise Version, there are limitations related to the lines of code.

I don't understand why you can use an infinite line code amount with the Community Edition and the Enterprise Edition is limited.

For how long have I used the solution?

We have been dealing with SonarQube for more than one year.

What do I think about the stability of the solution?

It is stable in the system environment processes.

What do I think about the scalability of the solution?

We haven't used it with the microservices or containers to check the scalability. We have used it on a Windows Server or Linux Server.

How are customer service and technical support?

We contacted technical support about the BPM and WebMethod programming language. They supported us with a fast response and provided us with a solution that was not covered on SonarQube.

Which solution did I use previously and why did I switch?

We only use SonarQube with SonarScanner.

How was the initial setup?

The initial setup is simple and straightforward.

What about the implementation team?

I am a consultant and my team completed the system server.

What's my experience with pricing, setup cost, and licensing?

I requested this license for one million lines of code and they accepted this.

I don't know what was already paid.

Which other solutions did I evaluate?

We evaluated Micro Focus Fortify. From a cost perspective, we selected SonarQube. Now we are using the enterprise license as well. 

What other advice do I have?

We are telecommunication customers, who have purchased a license. We are the largest telecommunications company in Saudi Arabia.

I would rate SonarQube an eight out of ten.

Which deployment model are you using for this solution?

Private Cloud
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More SonarQube reviews from users
...who work at a Computer Software Company
...who compared it with Fortify Application Defender
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: August 2021.
535,919 professionals have used our research since 2012.
Add a Comment
ITCS user