When we deliver a code, the solution scans the code and reports whether the code has bugs or any other vulnerability issues. Thus the solution helps us identify issues and improve the quality of our code before delivering it to the customer.

We see the security issues in our solutions with the help of the product. It helps us improve the solutions.

The developers have responsibility for unit testing, but it is very important that we check what they have been doing. SonarQube allows us to see the result directly in the pipeline.

The solution has helped us to find flaws in the Syntax and comply with requirements. 

Our developers are learning how to improve their code.

We can see what's being flagged by whatever requirements in the environment that we're going to. SonarCube has these rules that you set up. You can set the rules and adjust them. It allows us to either be at 80% or whatever the case may be. If you set up these conditions that can tighten down the developer's coding.

It improved our website's look and feel. 

We consider it a handy tool that helps to resolve our issues immediately. 

It is a good tool for evaluating technical debt and introducing junior developers to codification standards and good practices. There is an amazing code quality application that defines coding standards. 

The tool is pretty much useful for a technical lead to reduce his efforts in reviewing the codes. The tool has integration with several languages. 

Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications. We can repair vulnerabilities and exploits from outside of the organization.

It prevents some vulnerabilities in the production environment.

It definitely helped our organization in hardening the software, the application itself. This is a part of our process now.

This solution has helped with the integration and building of our CICD pipeline. Without any scans or assessments, the pipeline and build are not complete. One of the good features of SonarQube is the many languages it supports including Java, dotNET, Typescript and HTML CSS. It also allows us to set custom quality gates and rules.

It has helped many of the organizations that I have worked at to improve overall security, quality, and test confidence within the codebases. It also provides this in a speed efficient way. Engineers now feel much more proud of their solution as they gain confidence from these scans and their results. 

Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers. 

We are also able to get reports on our suite and generate a quality rating for ourselves utilizing this data and more. 

We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that.

Code quality improvement, Secure coding pracitices 

This solution figures out and tells you when there are code quality issues.

• Higher code quality. 
• Faster to market.
• Less errors.
  

This has improved our process because it allows us to pick up on a lot of the smaller best practices that might otherwise be missed, in addition to ensuring code quality is not compromised between builds.

SonarQube has not yet had an impact on our organization. In the past, however, I've used it to control the security vulnerabilities and establish standards for API control.

It would be utterly impossible to contemplate Continuous Delivery without including a major focus on ensuring affordable software quality. SonarQube plays a key role in this endeavour and provides Senior Management oversight across multiple project teams and business deliveries. Fits in very well with existing Continuous Integration build pipeline workflows. As we move towards Continuous Delivery ensuring a ‘no surprises’ release management.

Our software quality assessment at an affordable cost (licensing, time and effort). Previous attempts have failed to win the support of the development community (typically overly complex and intrusive and/or not sufficiently timely) without which the initiative will be doomed to failure.

This solution is part of our pipeline. We use GitLab for source control and Jenkins to build management. Jenkins kicks off our SonarQube scans, we use Checkmarx for static code analysis, UrbanCode Deploy, and UrbanCode Release.

Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs.

This product has helped us improve the quality of code within the business and ensure all new developers keep to a similar code convention per project. This can basically be tracked back to saving the company money, because improved quality of the code means less technical debt which means it's easier to extend or add functionality to the code base. The quicker the development team can roll out changes, the less developer hours needed to implement the changes, which the company needs to convert into profits.

SonarQube ensures that we release a good quality of code to our customers. We have incorporated test driven development within the organization. It is also very helpful to bring a DevOps culture within the organisation.

Sonarqube has improved our best practice of pair programming that aligned with the CI pipeline.

SonarQube and SonarLint were adapted as part of the CI development process, i.e., the developers who committed to high severity issues in the repository were immediately notified via mail/Jenkins.

An actual RuntimeException bug was discovered and immediately fixed by using SonarQube with CI.

It was brought in to help with best practices in writing test cases, and each test should pass given all numbers are highlighted on SonarQube.

Executing sonar analysis on a big chunk of code - with an Oracle database does take up a lot of time.

SonarQube simplified some of the processes and made others more complex.

It has improved code quality and helped shift quality left. It also paved the way for implementing Continuous Integration/Continuous Delivery.

This has improved our organization because it has helped to find security vulnerabilities.

Better live process: More automated quality control in the lifecycle of development/testing/deployment/production. This includes the prevention of potential bugs due to ineffective code, as well as keeping a more unified style of solutions. This is thanks to standard solutions offered by the issue tips. It raises code maintainability as well as flexibility, to some extent.

This product helps us to determine the maturity and quality of the coding of our software customers, preventing future crashes in the software. We get users used to developing clean code makes SonarQube a valuable tool. Also, we use it for our internal software development helping us to create a good quality software.

In some instances, the project stakeholders were able to implement quality gate control for code coverage, security alerts, and things like that. It greatly improved the quality of the product. If our test code coverage is 80% and a person commits a change that brings the code coverage to below 80%, that code cannot be merged. We've been able to improve the quality of the products that we produce by using SonarQube. We are using it as a gate.

It is a great tool in a situation where you have a dynamic team, and you sometimes hire staff or subcontractors from other companies. It provided us with the ability to implement quality gates in our project. We could look at the data and see which developers were producing quality code and which developers were not too worried about the quality. It helped us out with our junior devs. I know of a few cases where having this system helped our junior devs in taking their skills one level up because we had set up a hard quality gate.

We use this program as a compliment to our security scans, in addition to Checkmarx.

My team uses just two features - dashboards and CI-build-breaker - for checking code quality and the stability of our code base. For those purpose, SonarQube has done its work greatly. We have seen a decrease of about 25% of issues from since we first started using it a few months ago, and my team code bases are getting better.

The solution has helped us mitigate problems in applications before they were a bigger issue.

It has improved our options for offering products to our clients that can better meet their needs, lower costs, and improves code quality and basic security. 

We have literally thousands of rules and they are of medium effectiveness. The problem is that most people bypass the rules or turn them off. But even that is information to us. The fact that they have to turn the rules off is as much value to us as the rules themselves.

The developers are rejecting the idea that this product is useful.

It had changed the whole attitude of the developers of our team as they can see their code exceptions at compile time. With this, we have delivered a quality product to our stakeholders.

SonarQube lets us find security issues during development and testing so that we can release more secure and higher quality applications.

Quality Gate helps us to merge code that was not covered with tests.

It's enabled us to improve software quality and help us to disseminate best practices.

For the record, what I do with SonarQube is develop a language plugin for a language not previously covered by SonarQube. As such, my experience of running SonarQube is limited to that necessary to have the plugin tested, nothing more.

It allows for better collaboration of our team members on security findings.

I have fallen in love with SonarQube when I could've easily built custom rules checks. However, doing that manually checking takes tons of time.

Individual developers are more concerned about the quality of their work when they see their results in the big picture.