SonarQube Initial Setup

Steven Gomez
Lead Engineer at a pharma/biotech company with 1,001-5,000 employees
The initial setup was complex because we were using the Community Edition. We did have some issues with the compatibility of the different components. For example, there is the server itself, but then you can plug in different packages, like the C++ package. We've also experimented a little bit with Python metrics, but unfortunately we don't have a project that's really under that control yet, to really get a feel for how that works. Configuration issues were pretty complicated, but once we got things up and running, it's been extremely stable, it was kind of maintenance-free, now, although we have a time issue. Of the scans that it does, it could be somewhat time-consuming, so originally some of the developers would say, "Well we want to be able to do that on our desktop." I told them, "I don't think you know what you're asking for, here." But as an alternative, we have it set up with our continuous integration server, which we use in TeamCity by the way. In the middle of the night, it automatically runs a scan for them, while they're in bed at home asleep so their results will be ready the next morning. This way, whatever they have most recently checked in, they can see the results right there. And then it runs in the background so it doesn't matter how long it takes per se, it gets it done by the next time they come in. That's part of what continuous integration does, it does things for you that years ago people would do themselves, and never get around to it. View full review »
Phil Denomme
Manager at a wireless company with 11-50 employees
It's pretty straightforward. It's a very easy thing to get up and running. It's the workflow side that you have to be careful about. Make sure that you don't overwhelm everybody with a report with a gazillion lines. Your real gems are in a very small percentage of it. So that's the configuration side, and that's what we're working on now. I've found that you have to tailor SonarQube's power to the maturity of the organization. Otherwise, you get a report with 2,000 items in it and it's hard to find the ones that are critical. This leads to data overflow and analysis paralysis at that rate. View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
The initial setup was fairly straightforward. It's well documented and the documentation is easy to read. We rolled it out to one server that was used as a POC, which was later moved into a production environment. We then rolled out a second one for Dev to test doing upgrades, which we do on a regular basis. Every time a new LTS (Long Term Support) version comes out then we run an upgrade. Only one person is required in order to handle the maintenance. It is easy to maintain. View full review »
Find out what your peers are saying about SonarQube, Veracode, Micro Focus and others in Application Security. Updated: October 2019.
378,124 professionals have used our research since 2012.
ScalaCon4d53
Scala Contractor at a tech services company with 10,001+ employees
In all the companies that I've worked with, nobody has ever had a problem with the initial setup. It takes time to set up. It's a big thing and you do it, but it's just a project. View full review »
Inframan677
IT Infrastructure Head / Facilities Manager - ITIL V3 Certified ,Vmware Vsphere5 at a financial services firm with 51-200 employees
Implementation is easy and very straightforward. We do a POC with our client and based on that we make a comparison to the client's needs and available solutions. We compare that with any of the open source options and with any of the premium commercial tools. We go with the one that makes sense. But the implementation of this product is not complex especially as we have experience with it. View full review »
Kiran Gujju
Cyber Security Architect (USDA) at a government with 10,001+ employees
Compared to other tools, the initial setup was straightforward. The deployment of the tool didn't take long at all. You need to take intrinsic care but setting up this tool is pretty easy. One can do it in a couple of hours. The dashboard is really neat and easy to operate. It gives a lot of information that makes it very easy for the developers. We haven't ever used more than one resource for operations. View full review »
Daniel Hall
Technical Architect at a energy/utilities company with 1,001-5,000 employees
The setup took a bit of work, but that was because we were combining Docker, Kubernetes, Azure Key Vault, and the Azure PaaS SQL Server. View full review »
ViPres97886
Vice President at a financial services firm with 1,001-5,000 employees
The initial setup was not complex. It is pretty simple and straightforward. View full review »
Hervé KAMDEM
Country Manager Senegal at a financial services firm with 10,001+ employees
This initial setup of this solution is not basic, but it is not complex. If you have some experience in IT then you should be able to do it. We have this tool integrated with Jenkins. One or two days is enough for deployment. There is some configuration to do, which takes time, but it is not difficult to deploy. Three or four staff are enough for deployment and maintenance. View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
The initial setup was fairly straightforward. View full review »
AppSecAn0945
Application Security Analyst at a agriculture
The setup is not complex. There are some issues during setup with the plugins because they are not well documented. View full review »
BvsReddy
Company Director at Alwyn Technologies
This solution is not as easy to install as SonarLint. View full review »
Find out what your peers are saying about SonarQube, Veracode, Micro Focus and others in Application Security. Updated: October 2019.
378,124 professionals have used our research since 2012.
Sign Up with Email