SonarQube Review

Ensures that quality is not compromised between builds

What is our primary use case?

Our primary use case is to provide more coverage and reduce the reliance on code reviews alone. It also provides confidence and helps begin a path towards continuous improvement.

How has it helped my organization?

This has improved our process because it allows us to pick up on a lot of the smaller best practices that might otherwise be missed, in addition to ensuring code quality is not compromised between builds.

What is most valuable?

The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices).

What needs improvement?

A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product with additional cost, also gives the benefit of a single pane of glass view, although we still need white source bolt for 3rd part library scanning. The integration into docker builds could be better as pulling the latest version of the scanner, setting the path and then invoking the scan is an extra overhead to manage between versions of the scanner. An apt-get and scan start with the key passed as a variable would be a nicer implementation. Have not looked into SSL for the management page yet but hoping that goes smoothly.

For how long have I used the solution?

Trial/evaluations only.

What do I think about the stability of the solution?

We have only used this solution for a few weeks, but so far we have had no issues at all.

What do I think about the scalability of the solution?

My impression of the scalability is good, as it appears that it can support a much larger number of projects than we have.

How are customer service and technical support?

We have had no need to contact technical support.

If you previously used a different solution, which one did you use and why did you switch?

I did not use another solution prior to this one.

How was the initial setup?

The setup took a bit of work, but that was because we were combining Docker, Kubernetes, Azure Key Vault, and the Azure PaaS SQL Server.

What about the implementation team?

We took care of the implementation in-house.

What was our ROI?

In terms of ROI, it is difficult to put a number against code quality. For the cost of hosting it, I would say very good if you do not have a solution to start with.

What's my experience with pricing, setup cost, and licensing?

A self-hosted SonarQube on a Kubernetes cluster is very cost efficient if you already have the infrastructure and don’t need the premium features.

Which other solutions did I evaluate?

We evaluated the Checkmark Software Exposure Platform and Veracode, but they were expensive for a first go.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email