SonarQube Review

It easily ties into our continuous integration pipeline, but it is light on the security side

What is our primary use case?

Primary use is code standards, or code quality. It's worked out okay. I find it is light on the security side though.

We brought into our CI pipeline to see if we could help our developers fix issues and identify issues sooner.

How has it helped my organization?

  • Higher code quality. 
  • Faster to market.
  • Less errors.

What is most valuable?

  • The issues it identifies.
  • How easily it ties into our continuous integration pipeline.
  • It is very good at identifying technical debt.

What needs improvement?

As far as code quality goes, I like it. It doesn't seem to do well when it comes to vulnerabilities on the security side. It may be that we don't have the right plugins, or we don't have the right add-ons.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It seems to be very stable. I haven't had many issues with it. 

We just upgraded to the 6.7 version, which has been performing well.

What do I think about the scalability of the solution?

We haven't had any issues to date. We haven't had a huge number of projects to date. We're slowly slowing the uptake from some of our internal teams, but it seems to be fairly scalable.

How is customer service and technical support?

I haven't had to use technical support.

How was the initial setup?

The initial setup was fairly straightforward.

What's my experience with pricing, setup cost, and licensing?

The price point on SonarQube is good.

Which other solutions did I evaluate?

We are looking into corporate security and a couple different tooling options for doing data code analysis and security scanning.

We have looked into a few options: 

  • We are looking at IBM AppScan.
  • I am going to be running a small PoC next week with Veracode. I started doing a bit of research on Veracode, and I saw how it ties in compared with SonarQube.

What other advice do I have?

We are looking at using another product to compliment it for security reasons.

Most important criteria when selecting a vendor:

  • Usability of the product
  • Responsiveness when we have issues.
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment