SonarQube Review

Nice display and reporting of issues but needs more of a focus on security

What is our primary use case?

My primary use for this solution is to perform static code analysis.

What is most valuable?

The most valuable feature is the display of issues, like in Jira. That is very helpful for us to track our coding.

What needs improvement?

Improvements could be made in terms of security. 

I would like to see dynamic code analysis in the next version of the software.

For how long have I used the solution?

Between one and two years.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

Scalability is good; we currently have five users but we will definitely be increasing our usage of this solution.

How are customer service and technical support?

We have not required technical support for this solution.

How was the initial setup?

This solution is not as easy to install as SonarLint. 

What's my experience with pricing, setup cost, and licensing?

We are using the free, unlicensed version.

Which other solutions did I evaluate?

We evaluated other solutions including Cobra Static Code Analyzer, but we were not satisfied with their customer support in the open source community.

What other advice do I have?

We advise all of our developers to have this solution in place. That way, whenever they are developing, the will get live tracking with respect to the quality of their code.

I would rate this solution a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email