SonarQube Review

Provides great code coverage; code security scanning could be improved

What is our primary use case?

We're using the enterprise edition of SonarQube. I'm the head of DevOps engineering and we are customers of SonarQube. 

What is most valuable?

The most important feature is the software quality gate. When that's implemented we're able to streamline the product's quality. The other good features are SonarQube's code quality scanning and code coverage. If we use it effectively, we can capture the software code bugs early in the software development. It also helps us to identify the test coverage for the code that we're writing. It's a very, very important feature for the software developers and testers. 

What needs improvement?

There is room for improvement in the code security space which is not as extensive as it could be. There are other products on the market which are much better in terms of code security scanning. I'd also like to see improvement in support which is quite expensive. 

For how long have I used the solution?

I've been using this solution for six years. 

What do I think about the stability of the solution?

The product is stable although maintenance is a little cumbersome. 

What do I think about the scalability of the solution?

The product is scalable but there are some concerns. You need to regularly do a cleanup of the lines of codes that are being scanned, otherwise the license will run out. We were not initially aware of having to do that. We have around 700 users in the company and we have three or four people involved with maintenance. 

How are customer service and technical support?

There's a problem with the technical support because it's offered as a separate paid package and doesn't come by default with the license. Most other products in the market include  technical support with the software. There are various other products in the market, which are much better and offer support without any additional costs.

What's my experience with pricing, setup cost, and licensing?

Licensing costs could be lower. We paid around 60,000 Singapore Dollars for our 20 million lines of code.

What other advice do I have?

SonarQube is a very good tool for code quality.

I rate this solution a seven out of 10.  

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More SonarQube reviews from users
...who work at a Computer Software Company
...who compared it with Fortify Application Defender
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: August 2021.
535,919 professionals have used our research since 2012.
Add a Comment
ITCS user