SonarQube Review

Good reporting and works well for code timing, but is lacking in the security space


What is our primary use case?

We primarily use this solution for code quality purposes. We have a CICD environment, without a lot of manual steps.

How has it helped my organization?

This solution figures out and tells you when there are code quality issues.

What is most valuable?

The quantification and reporting features are really good. 

What needs improvement?

The security portion of this solution needs to be improved. They do have a few rules, but I don't think that they are of much use because you cannot position it as a security scanner. I think that there is a lot more that can be done in the security space. I would like to see, for example, more security updates as part of the scan.

The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at.

We would like to be able to perform differential scans for a few modules or a few lines, rather than for the whole source code each time. 

For how long have I used the solution?

Two years.

What do I think about the stability of the solution?

We have been using this for quite a number of applications, and its stability is very good. The scan time is very fast because it is a text-based scan.

What do I think about the scalability of the solution?

We have not had any problems with scalability. We have a big organization with a lot of applications and all of our critical applications are on this platform. We are planning to increase the scope by adding less critical applications over time.

Which solution did I use previously and why did I switch?

We were using some other products, but not on an enterprise level. There were several locally developed applications, but when we tried to consolidate all of these into an enterprise-level solution, we opted for this.

How was the initial setup?

The initial setup was not complex. It is pretty simple and straightforward.

What's my experience with pricing, setup cost, and licensing?

The costs for this application, for the kind of job it does, are pretty decent.

What other advice do I have?

This product is good but it is not meant to be a single solution for all issues.

If you want to have your code scanned and timed then this is a good tool. If you want security to be part of it then you may need multiple tools. Overall, my advice is to use this tool in areas where it is strong.

I would rate this solution a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email