SonarQube Review

Ensures a high quality of code, but would be improved with better support for security


What is our primary use case?

We are working on a payment system, and we need it to be secure. We use this solution to analyze our code to ensure that it is clean, easy to understand and maintain, and secure.

What is most valuable?

SonarQube is good for checking and maintaining code quality.

What needs improvement?

It would be nice is SonarQube analyzed external libraries, in addition to our current code.

I would like to see more options for security, beyond the basics like SQL injection.

For how long have I used the solution?

Five years.

What do I think about the stability of the solution?

The stability of this solution is quite good.

What do I think about the scalability of the solution?

I think that scalability is fine. We have a large number of users at my company.

The majority of the users for this solution are architects, but some technical managers use it too.

If you previously used a different solution, which one did you use and why did you switch?

We use this solution in parallel with Checkmarx because both of them are good for different things. SonarQube is good for code quality, whereas Checkmarx is more for security.

How was the initial setup?

This initial setup of this solution is not basic, but it is not complex. If you have some experience in IT then you should be able to do it.

We have this tool integrated with Jenkins.

One or two days is enough for deployment. There is some configuration to do, which takes time, but it is not difficult to deploy.

Three or four staff are enough for deployment and maintenance.

What was our ROI?

We have seen a return of investment, for sure. It is integrated with jobs on Jenkins and helps to provide stability. 

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution.

What other advice do I have?

This is a very nice product and I would recommend it. It is one of the best tools on the market to analyze your code.

If more rules for security were added then we would not have to use Checkmarx or other tools. SonarQube is very nice, but just missing some security rules.

I would rate this solution a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email