SonarQube Other Advice

Steven Gomez
Lead Engineer at a pharma/biotech company with 1,001-5,000 employees
I would rate SonarQube as a nine out of ten. Once you start drilling down through the menus, it tells you a lot of stuff about your code in one view. That's really quite neat. That shows you a view of maintainability. They have a maintainability view that shows bubbles for all the different code modules, and yours is beside the bubble. This represents the amount of "code smells," which is actually kind of a common definition. The bigger the bubble, the more your code smells. This shows where more attention is needed or it's a bubble that's kind of drifting out of control. I have one graph here where there are probably 50 bubbles. There's one axis that shows technical death, meaning the amount of work that it's going to take to get the smells under control. The other axis is lines of code, which is obviously a very common thing to look at. On this particular graph, there are a whole bunch of bubbles down in the lower-left corner, which means you have a lot of small manageable things. If you hover over the bubble, it tells you what module it is. How many lines of code. Technical death and manpower estimate, things like that. View full review »
Phil Denomme
Manager at a wireless company with 11-50 employees
From experience, you should just size the scale of what you're trying to do to the maturity of the organization. View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
My advice for anybody interested in implementing this solution is to start with the community version and try it out. It doesn't take long to see value in it, and it's very straightforward, easy, and intuitive to use. There are add-ons that are available for purchase that we have not tried, although we're quite content with what we have right now. I would rate this solution an eight out of ten. View full review »
Find out what your peers are saying about SonarQube, Veracode, Micro Focus and others in Application Security. Updated: November 2019.
378,950 professionals have used our research since 2012.
ScalaCon4d53
Scala Contractor at a tech services company with 10,001+ employees
My advice is to focus on quality, not on tools. Work on the quality of your code and get a quality culture, but don't require the use of a tool. SonarQube is an okay tool. I'd suggest it as a default tool, but I wouldn't rave about it. In all of my previous jobs, there has been somebody using SonarQube. They're usually very positive. I don't share that positiveness, but the reasons for that are that I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it. I don't rate any tool higher than a five or six, ever. JUnit is the only tool that gets a rating of ten. On a scale of one to ten, where ten is JUnit, I would rate SonarQube as about a five or a six. View full review »
Inframan677
IT Infrastructure Head / Facilities Manager - ITIL V3 Certified ,Vmware Vsphere5 at a financial services firm with 51-200 employees
I would rate this product somewhere between six and seven. It works for many clients, but if the user need and application is super critical, people should go with commercial products like Micro Focus. If the deployment is less critical, they can go with that as SonarQube, or another open source software solution. View full review »
Kiran Gujju
Cyber Security Architect (USDA) at a government with 10,001+ employees
SonarQube is a very good tool. It is lightweight and very cost effective as compared to IBM AppScan. The dashboard is really neat and easy to operate. It gives a lot of information that makes it very easy for the developers. You can get it set up as an automated process every time the code is checked in. I would say, however, that it is not a vulnerability assessment tool. The dev and security team use this solution very closely. Fifteen to twenty people in total use it. I would rate this solution an eight out of ten. View full review »
ViPres97886
Vice President at a financial services firm with 1,001-5,000 employees
This product is good but it is not meant to be a single solution for all issues. If you want to have your code scanned and timed then this is a good tool. If you want security to be part of it then you may need multiple tools. Overall, my advice is to use this tool in areas where it is strong. I would rate this solution a six out of ten. View full review »
Hervé KAMDEM
Country Manager Senegal at a financial services firm with 10,001+ employees
This is a very nice product and I would recommend it. It is one of the best tools on the market to analyze your code. If more rules for security were added then we would not have to use Checkmarx or other tools. SonarQube is very nice, but just missing some security rules. I would rate this solution a seven out of ten. View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
We are looking at using another product to compliment it for security reasons. Most important criteria when selecting a vendor: * Usability of the product * Responsiveness when we have issues. View full review »
AppSecAn0945
Application Security Analyst at a agriculture
I would suggest trying the product. I like its useability because it has a simple approach. We use this solution in conjunction with Jenkins, and we have a two-week deployment cycle. I would rate this solution a seven out of ten. View full review »
BvsReddy
Company Director at Alwyn Technologies
We advise all of our developers to have this solution in place. That way, whenever they are developing, the will get live tracking with respect to the quality of their code. I would rate this solution a seven out of ten. View full review »
senarch0997
Senior Architect Information Security & Privacy at a tech services company with 501-1,000 employees
On a scale from one to ten with ten being the best, I would rate this product around an 8. If SonarQube makes some improvements with the security features, I would also probably use the product much more. View full review »
Find out what your peers are saying about SonarQube, Veracode, Micro Focus and others in Application Security. Updated: November 2019.
378,950 professionals have used our research since 2012.
Sign Up with Email