SonarQube Primary Use Case

Wang Dayong - PeerSpot reviewer
Senior Software Engineering Manager at Hill

We use the product to review our software codes. We have integrated the product to review our new delivery code.

View full review »
HimanshuSharma - PeerSpot reviewer
General Manager at Dalmia Bharat Group

We do a lot of development. We were previously doing it internally, and then we hired a couple of development partners. So, day in and day out, a lot of changes were happening. We wanted to ensure that whatever changes happened, they undergo some level of quality assessments. That was one of the reasons why we wanted to use it. 

We have started looking into it from the information security side, but it is being used by the core development team.

View full review »
Chetan Jayatheertha - PeerSpot reviewer
Lead DevOps Consultant at itcinfotech

SonarQube provides security vulnerabilities within the cloud. It identifies the code pattern and quality and detects the causes of any particular issues. We use this to minimize a lot of coding errors. I'm a lead dev ops consultant in IT infrastructure.

View full review »
Buyer's Guide
SonarQube
March 2024
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
SG
Lead Engineer at a healthcare company with 10,001+ employees

I have it integrated with our continuous integration server. On a scheduled basis, typically in the middle of the night, it'll do performance scans so that the results are available and viewable by the developers on the website. The scans are done automatically by using a continuous integration server, which is TeamCity.

We are using version 5.6.6. It is a very old version, but that's what we've been using. We haven't gotten around to updating it.

View full review »
SR
Technology Manager at Publicis Sapient

We are using the solution for code quality and security.

View full review »
Devid William - PeerSpot reviewer
Application Security Architect at Banco Votorantim

I work on vulnerability management. I use the security features in SonarQube. I also use Veracode. I use both solutions to verify each other’s results.

View full review »
MarkRyall - PeerSpot reviewer
Strategist Individual Contributor at Peraton

We use SonarQube to find vulnerabilities in the source code, for better code quality, and code security.

View full review »
Jayashree Acharyya - PeerSpot reviewer
Director at PepsiCo

SonarQube is used for in-production scanning of applications. We are only doing unit testing to improve the overall quality of the code.

View full review »
WW
System Quality Assurance Manager at AIS - Advanced Info Services Plc.

We use SonarQube to scan SAS code for quality control in mostly mobile applications, such as iOS and Android applications.

View full review »
Gert Kersten - PeerSpot reviewer
Software Developer at BKWI

We use it to check the code quality of our software.

View full review »
Thomas Boltze - PeerSpot reviewer
Cloud Architecture Head at PagoNxt Merchant Solutions S.L.

Our use case of SonarQube is to analyze code quality and to implement quality dates in our build pipelines.

View full review »
AF
Senior Security Engineer at a financial services firm with 10,001+ employees

We are using SonarQube for many different reasons, but I was interested more in the security metrics based on the new updates for more particular rules.

View full review »
AS
Information Technology Security at a consultancy with 10,001+ employees

We use the solution for the software scan and integrate the application, which is a dependency check for the scan. Our customers send us the already developed solution for functional tests and security scans.

View full review »
NS
Automation Practice Leader at a financial services firm with 10,001+ employees

We're using the enterprise edition of SonarQube. I'm the head of DevOps engineering and we are customers of SonarQube. 

View full review »
BS
IT Developer at PT Oto Multiartha

We use SonarQube to check for vulnerabilities and quality. 

View full review »
LJ
System Analyst // System Architect at a tech services company with 10,001+ employees

We wanted a coding standard. We used to get coverage using SonarQube, so once the coding coverage was more than 80%, it was only then we could get Jenkins to start the build. Otherwise, Jenkins would fail from the build process. SonarQube is the point at which we confirm the DI. It is in the JUnit test cases where the coverage of the source code was more than 80%.

View full review »
Angelo Quaglia - PeerSpot reviewer
Independent Professional at Studio Dott. Ing. Angelo Quaglia

We have many developers and we use SonarQube to ensure that we don't have badly written code. We must have a way to write code that can be understood by different people.

View full review »
DA
Sr DevOps Engineer at incatech

We use the product in our pipeline. We primarily use it for development testing tool.

View full review »
Daniel Antonio Jimenez Quintana - PeerSpot reviewer
IT Systems Architect at Banco Ripley

We use SonarQube for testing and quality assurance. We use this in banks for testing.

We also use SonarQube for security static testing.

View full review »
Jaile Sebes - PeerSpot reviewer
Senior Software Architect at a tech vendor with 10,001+ employees

My main use case for SonarQube is to analyze code quality in various programming projects, particularly focusing on identifying bugs, vulnerabilities, and code smells. I also use it to detect patterns in data clusters and ensure there are no leaks in the codebase.

View full review »
VK
Retail Sales Manager at Pine Labs

I use the solution for static code analysis and to identify vulnerabilities and code smells.

View full review »
reviewer1812603 - PeerSpot reviewer
Works

I have used it to test clients' websites. After testing, it gives a deep overview of website bugs and issues. 

A good point about SonarQube is that it gives you the solutions to resolve your issues. At times, I find the blocker (during times of emergency code deployment) doesn't allow the code to be checked-in to the repository unless the violations are fixed, which should enable the user to bypass the number of lines that should be part of the written method. 

View full review »
Denis Walrave - PeerSpot reviewer
Project Leader / Technical Expert at La francaise des jeux

We primarily use SonarQube for quality control on the software being deployed in our company. We had to control the open-source software we use. We develop software and have to create builds around it. As part of this process, we want to be sure of the security conformity for each module.

It is installed and plugged into a Kubernetes pipeline build system.

View full review »
AN
Project Manager at a manufacturing company with 1,001-5,000 employees

We mainly need to do certain static analyses. While doing the coding, everybody sends a pool request. Before committing the code on the main branch, we need to ensure that the code is up to level. That is basically our way of working to ensure that whatever rules we have configured, whatever gates we have defined, that gets passed before committing the code into the main branch.

View full review »
Yash Brahmani - PeerSpot reviewer
Devops Engineer at BNP Paribas

We use it to check the code quality, and the code review to find out the vulnerabilities about the central codes like simplifications and codes. We also use it for security management.

View full review »
KG
Cyber Security Architect (USDA) at a government with 10,001+ employees

I work for a government agency and we use this tool. It is lightweight and very cost effective as compared to IBM AppScan, but I wouldn't say it's a very good tool for vulnerability assessment. The dashboard is neat and easy to operate and the information on the dashboard makes it easy for the developers to work on. You can have it automated and set up for you to have an automated process every time the code is checked in. 

View full review »
VD
Lead Security Architect at a comms service provider with 1,001-5,000 employees

We use this solution to configure our pipeline using Jenkins. From an integration perspective, it encompasses many languages and this is very useful.

View full review »
MV
Tools manager at a retailer with 10,001+ employees

SonarQube is a code-scanning tool that ensures people follow the right coding standard. It detects any memory leaks or unwanted functions that have been written so developers can optimize the code for better performance. We don't know too much about how our customers use SonarQube because we just set it up for them. We show them how the reporting works and what to do to fix common issues. 

View full review »
RR
Manager at kellton

Our primary use case of SonarQube is getting feedback on code. We are using Spring Boot and Java 8. We are also using SonarLint, which is an Eclipse IDE plugin, to detect vulnerabilities during development. Once the developer finishes the code and commits the code into the Bitbucket code repository, the continuous integration pipeline will automatically run using Jenkins. As part of this pipeline, there is a build unit test and a SonarQube scan. All the parameters are configured as per project requirements, and the SonarQube scan will run immediately once the developer commits the code to the repository. The advantage of this is that we can see immediate feedback: how many vulnerabilities there are, what the code quality is, the code quality metrics, and if there are any issues with the changes that we made. Since the feedback is immediate, the developer can rectify it immediately and can further communicate changes. This helps us with product quality and having less vulnerabilities in the early stages of development. 

This solution is deployed on-premise. 

View full review »
DG
Head of Software Delivery at a tech services company with 51-200 employees

Our primary use case is to analyze source code for software bugs, technical debt, vulnerabilities, and test coverage. It provides an automated gated procedure to ensure that engineers are able to deliver great, secure code to production. 

We plug this process into our process right from the start enabling the IDE integrations so that engineers can scan their code before submission. Following on from that we run the scans on every change that has been submitted for review. 

This way we ensure that no core/fundamental issues are added to our codebases. 

View full review »
SG
Lead Engineer at a healthcare company with 10,001+ employees

We're collecting code quality metrics.

View full review »
AJ
DevOps Lead at a marketing services firm with 1,001-5,000 employees

We use SonarQube mostly for code quality testing.

View full review »
Rakesh Thakur - PeerSpot reviewer
Technical Architect at a insurance company with 1,001-5,000 employees

We are application support vendors, and we develop applications for our clients. To maintain code quality, we were using SonarQube, and then we presented that to our clients in order to purchase that. That's where this whole thing got started. 

One thing that we were using it majorly for was our work quality. It usually helped us in automating the review and making it more gate-oriented. Recently we were able to see the latest features like security hotspots and all that.

We were trying to serve two purposes; work quality and code security, with one tool. That's where our inclination was more towards Sonar because other tools generally target code security only.

View full review »
HK
Country Manager Senegal at a financial services firm with 10,001+ employees

We are working on a payment system, and we need it to be secure. We use this solution to analyze our code to ensure that it is clean, easy to understand and maintain, and secure.

View full review »
RP
Infosec Consultant at Anzen Technologies

We used SonarQube for secure code review.

View full review »
AS
Program Manager at a computer software company with 1,001-5,000 employees

We are using SonarQube for code reviews. 

View full review »
BG
Digital Solutions Architect at a tech services company with 1,001-5,000 employees

We are a $4 billion valuation large company and we use the solution for status security, scanning, and code quality. I am currently in the process of building a pipeline for one of my customers and for that we are utilizing this solution for the static analysis.

View full review »
Wang Dayong - PeerSpot reviewer
Senior Software Engineering Manager at Hill

We use SonarQube to scan our security protection.

View full review »
Anshuman Kishore - PeerSpot reviewer
Director Product Development at Mycom Osi

We use SonarQube for determining code coverage, finding bugs, and searching for security-related issues in our development environment.

View full review »
HM
Senior Product Manager at a financial services firm with 10,001+ employees

SonarQube delivers a continuous inspection of code quality.

View full review »
KH
Manager, Software Development Engineering at a computer software company with 51-200 employees

I'm a software development engineer and we are customers of SonarQube. 

View full review »
PC
Engineer at a pharma/biotech company with 201-500 employees

The primary use case of this solution is for static code analysis, and benchmarking our code standards according to our preferences. 

Our builds process through SonarQube and if it passes the required set of requirements we have set, it will then go through to production.

View full review »
Evgen Gulak - PeerSpot reviewer
Head of IT Security Department at a energy/utilities company with 5,001-10,000 employees

We are using SonarQube for static analyzing and finding vulnerabilities in our code.

View full review »
AB
Director IT Security, CISO at a transportation company with 10,001+ employees

I have used SonarQube for static code analysis. I am using it to assess my internal applications.

View full review »
it_user713202 - PeerSpot reviewer
Vice President at a financial services firm with 1,001-5,000 employees

We primarily use this solution for code quality purposes. We have a CICD environment, without a lot of manual steps.

View full review »
JI
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees

Primary use is code standards, or code quality. It's worked out okay. I find it is light on the security side though.

We brought into our CI pipeline to see if we could help our developers fix issues and identify issues sooner.

View full review »
Axel Niering - PeerSpot reviewer
Software Architect Sales Systems at SV Informatik GmbH

We use the tool to check our code. It's used for static quality checks. 

View full review »
LM
Systems Analyst at a manufacturing company with 5,001-10,000 employees

We use the solution to do quality code analysis for keeping track of security hotspots. We also use it to avoid the delivery of problems as the result of new code from our partners who may be developing software for systems, making improvements and carrying out bug corrections. These are the features of SonarQube of which I am aware. 

View full review »
EG
Backend Architect at Sngular

We usually do the development in Java, and when we finish the development, we usually run the SonarQube tests and review the critical level, bugs, and security issues. We also review the license and the web issues and try to solve them, and then pass again through SonarQube.

We usually deploy it in the cloud, but sometimes we also have on-premises solutions.

View full review »
DH
Technical Architect at Dwr Cymru Welsh Water

Our primary use case is to provide more coverage and reduce the reliance on code reviews alone. It also provides confidence and helps begin a path towards continuous improvement.

View full review »
VS
Product Security Architect at a tech services company with 51-200 employees

We use the solution for security vulnerabilities, static code analysis, and a few code quality issues like code smells. We mostly concentrate on security vulnerabilities.

View full review »
Calinescu Tudor - PeerSpot reviewer
Security Project Leader at ATOSS AG

SonarQube can be used to analyze application code. We are testing SonarQube with some of our other products. We use the Sonar Link plugin with Teamscale, which is then applied to the main product we are using.

View full review »
PD
Manager at a wireless company with 11-50 employees

Our primary use is for coding best practice management and quality. Aside from that, we also use it for security.

I'm getting involved in moving this solution forward and positioning it in our enterprise so I haven't gotten to the point where we're nailing down the configuration and release controls yet.

View full review »
NP
Team Lead at CNSI

We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard.

View full review »
TS
Security consultant at a computer software company with 1,001-5,000 employees

We are a security organization, and we deploy security solutions and applications related to network for our clients. We mostly focus on open source products because clients don't like to have proprietary products because of the available budget for their different projects. We try to find the possible solution, and then we deploy the solution for them. Deployments are done on the AWS cloud as well as on-premises.

I came to know that there is a SonarQube solution that is used for clean and secure coding purposes and bug fixes in a large DevOps team. That's why I have deployed SonarQube. Currently, I'm testing SonarQube to demonstrate to my higher department what this tool can do. We are testing this solution for one of our clients, who may use it for two or three use cases during static code analysis and the software development life cycle. 

View full review »
SR
Team Lead at a computer software company with 10,001+ employees

We are using the free version of the SonarQube product. Be warned if you choose this version because it is lacking some of the capabilities and support. It is for this reason that we are currently considering migrating to a commercial solution.  

View full review »
JI
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees

Our primary use for this solution is to improve code quality and reduce technical debt.

View full review »
AJ
DevOps Lead at a marketing services firm with 1,001-5,000 employees

We generally use the solution in order to do static code analysis.

View full review »
AR
CEO at ITShare

We use it for the static analysis of the source code to find issues or vulnerabilities.

View full review »
HT
Information Technology Technical Architect at a insurance company with 51-200 employees

I'm a user also, but I'm also responsible for information security.

I am the principal of security in the office. I'm the one that actually advises people about enhancing or incorporating information security aspects. Right now, we are using a community version. We have yet to subscribe for the enterprise license because we need more disciplined developers first.

Within our organization, there are roughly 14 people using this solution.

We use it to find the scoop, or the use, for peer review for the developers. It will require more time, to get used to it and to get trained. My team is very small and I am part of the development team — I'm in the security team but I'm also part of the development team. I am helping to build this along with the team.

View full review »
RV
Development Team Lead at a financial services firm with 1,001-5,000 employees

I use SonarQube for Google's web services, from a security perspective, as well as Oracle Forms, HTML Forms, and script. 

SonarQube is deployed on-premises. 

View full review »
HT
Information Technology Technical Architect at a insurance company with 51-200 employees

SonarQube can be used for any missing components or component vulnerabilities.

View full review »
FM
Product Manager | Senior Software Developer at RedShift II - Solutions

This solution has the capability to analyze source code in almost all the languages in the market.

View full review »
EG
Senior System Analyst at a tech services company with 1,001-5,000 employees

We are using this solution for analyzing sales, profit, and FI documents. We are using the HR section as well.

View full review »
EK
Director of consultory at a non-tech company with 1,001-5,000 employees

We use SonarQube for testing, reviewing, and ensuring the quality of application code.

View full review »
PP
Head Innovation Hub at a tech services company with 201-500 employees

I have used it in my previous company. In my current company, which I have joined recently, we don't use any of these tools. That's why I want to implement something for the company. I have the Community Edition of SonarQube. I am using one version prior to the latest one.

It was integrated with our build pipeline, and we had also customized the rules for the quality gate. For each release that got through SonarQube, it gave the results in terms of whether it was releasable or not. 

SLA was another use case. We internally had a rule that in case there are severity defects, they need to be fixed. If there is a false positive, it needs to be justified. That's the way it was used.

View full review »
CV
CTO at a computer software company with 11-50 employees

There are two versions: a free, open-source community version, and a subscription-based version.We use the community version, not the enterprise version.

We are a very small organization. In total, there are four of us who use this solution. We will keep using SonarQube, with some additions,  in the future.

Firstly, we use SonarQube to evaluate code for M&A projects. Secondly, we use it to detect vulnerabilities while performing security audits. Our third use case is the detection of violation of programming practices towards code refactoring and code maintenance. 

View full review »
GL
Chief Solutions Officer at CleverIT B.V.

I am now working in a consultancy company and I work with different clients in different industries. For this reason I implement, for example, a delivery pipeline with the process whereby we need to validate the quality gate of the quality code. Meaning, the developer creates the unit testing and the code coverage, but grants the code coverage for a specific person. In other cases, we used to see what the technical depth was to see if if there are any bugs in the applications - the web application, mobile application and different languages, like, C-Sharp, JavaScript or Java, et cetera.

We deploy SonarQube on-premise on a Linux server and our pipelines were created with GitLab and Azure DevOps. Meaning that Azure DevOps and GitLab are the tools that do the build and release process.

We use Microsoft Azure and Google Cloud Platform a little.

View full review »
SM
Manager at Dassault Systèmes

Our primary use case for this solution is security testing using the FindSecBugs plugin.

View full review »
PJ
Staff DevOps Specialist at a computer software company with 201-500 employees

It is mainly used as part of the CI/CD pipeline through Azure DevOps and Jenkins to do static code analysis.

We have the enterprise version. In terms of deployment, on-premise is the best description because they have their own cloud, but it is not a real cloud. It is like VMware.

View full review »
NB
Security Engineer at a computer software company with 201-500 employees

I use this solution for our staging environment to review the security issues before going live or into production.

View full review »
KV
Senior Technical Architect at a tech services company with 501-1,000 employees

We are using SonarQube for scanning our services for issues as part of our IT department.

View full review »
BR
Company Director at Alwyn Technologies

My primary use for this solution is to perform static code analysis.

View full review »
LZ
Application Security Analyst at a agriculture with 501-1,000 employees

We use this solution in the development of our travel programs.

View full review »
RB
Senior Solutions Architec at OSENTERPRISE SAC

We are using this solution to check and monitor application code to ensure security quality.

View full review »
HJ
IT Infrastructure Head / Facilities Manager - ITIL V3 Certified ,Vmware Vsphere5 at a financial services firm with 51-200 employees

We use this SonarQube solution for code quality and as a basic security issues solution for our clients.

View full review »
SV
Project Manager, Senior Architect at a computer software company with 1,001-5,000 employees

We decided to implement the solution to keep up to date with testing, security, and other issues with developments, such as bugs.

View full review »
SK
Independent Consultant at Klusener Consultancy

We use this solution for auditing our system.

View full review »
JS
DevSecOps Lead at a tech services company with 11-50 employees

Our software developers use SonarQube to catch any issues that can be found by using static code analysis. My understanding is that it checks the core complexity by evaluating the coding rules to make sure of things such as the correct classes are private.

View full review »
LD
Software Engineer at a tech services company with 11-50 employees

I use SonarQube for testing software.

View full review »
RP
Senior Manager at Digichorus Technologies

We are using it for scanning our web applications, some internal applications and using it for code reviews.

View full review »
KN
Security at a tech services company with 51-200 employees

We use SonarQube to help with our software development and testing. At the moment, we're mainly using it for static analysis and code inspection. We have an on-premises server and we connect to it from there.

Our main use case is testing software for security weaknesses, but we also use it to help eliminate code smells and to make sure our code is compliant with established coding standards.

View full review »
HM
Founder at a tech services company with 11-50 employees

We use it as a gatekeeper for our external developers to follow the rules. If they don't comply with the rules within the source code, they cannot commit. 

View full review »
TL
Software Engineer at Adfolks

I was using SonarQube to scan my code for vulnerabilities as part of the DevOps process.

View full review »
Buyer's Guide
SonarQube
March 2024
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.