SonarQube Primary Use Case
We use the product to review our software codes. We have integrated the product to review our new delivery code.
View full review »We do a lot of development. We were previously doing it internally, and then we hired a couple of development partners. So, day in and day out, a lot of changes were happening. We wanted to ensure that whatever changes happened, they undergo some level of quality assessments. That was one of the reasons why we wanted to use it.
We have started looking into it from the information security side, but it is being used by the core development team.
View full review »SonarQube provides security vulnerabilities within the cloud. It identifies the code pattern and quality and detects the causes of any particular issues. We use this to minimize a lot of coding errors. I'm a lead dev ops consultant in IT infrastructure.
Buyer's Guide
SonarQube
March 2024
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
SG
reviewer841284
Lead Engineer at a healthcare company with 10,001+ employees
I have it integrated with our continuous integration server. On a scheduled basis, typically in the middle of the night, it'll do performance scans so that the results are available and viewable by the developers on the website. The scans are done automatically by using a continuous integration server, which is TeamCity.
We are using version 5.6.6. It is a very old version, but that's what we've been using. We haven't gotten around to updating it.
View full review »SR
Sirish Reddy
Technology Manager at Publicis Sapient
We are using the solution for code quality and security.
View full review »I work on vulnerability management. I use the security features in SonarQube. I also use Veracode. I use both solutions to verify each other’s results.
View full review »We use SonarQube to find vulnerabilities in the source code, for better code quality, and code security.
View full review »SonarQube is used for in-production scanning of applications. We are only doing unit testing to improve the overall quality of the code.
View full review »WW
Warayuth Wongpaiboonwattana
System Quality Assurance Manager at AIS - Advanced Info Services Plc.
We use SonarQube to scan SAS code for quality control in mostly mobile applications, such as iOS and Android applications.
View full review »We use it to check the code quality of our software.
View full review »Our use case of SonarQube is to analyze code quality and to implement quality dates in our build pipelines.
View full review »AF
reviewer1599105
Senior Security Engineer at a financial services firm with 10,001+ employees
We are using SonarQube for many different reasons, but I was interested more in the security metrics based on the new updates for more particular rules.
View full review »AS
reviewer2180736
Information Technology Security at a consultancy with 10,001+ employees
We use the solution for the software scan and integrate the application, which is a dependency check for the scan. Our customers send us the already developed solution for functional tests and security scans.
NS
Nachu Subramanian
Automation Practice Leader at a financial services firm with 10,001+ employees
We're using the enterprise edition of SonarQube. I'm the head of DevOps engineering and we are customers of SonarQube.
BS
BudiSetiawan
IT Developer at PT Oto Multiartha
We use SonarQube to check for vulnerabilities and quality.
View full review »LJ
reviewer2265651
System Analyst // System Architect at a tech services company with 10,001+ employees
We wanted a coding standard. We used to get coverage using SonarQube, so once the coding coverage was more than 80%, it was only then we could get Jenkins to start the build. Otherwise, Jenkins would fail from the build process. SonarQube is the point at which we confirm the DI. It is in the JUnit test cases where the coverage of the source code was more than 80%.
View full review »We have many developers and we use SonarQube to ensure that we don't have badly written code. We must have a way to write code that can be understood by different people.
View full review »DA
David Alaga
Sr DevOps Engineer at incatech
We use the product in our pipeline. We primarily use it for development testing tool.
View full review »We use SonarQube for testing and quality assurance. We use this in banks for testing.
We also use SonarQube for security static testing.
View full review »My main use case for SonarQube is to analyze code quality in various programming projects, particularly focusing on identifying bugs, vulnerabilities, and code smells. I also use it to detect patterns in data clusters and ensure there are no leaks in the codebase.
VK
Vikram Karanwal
Retail Sales Manager at Pine Labs
I use the solution for static code analysis and to identify vulnerabilities and code smells.
View full review »I have used it to test clients' websites. After testing, it gives a deep overview of website bugs and issues.
A good point about SonarQube is that it gives you the solutions to resolve your issues. At times, I find the blocker (during times of emergency code deployment) doesn't allow the code to be checked-in to the repository unless the violations are fixed, which should enable the user to bypass the number of lines that should be part of the written method.
View full review »We primarily use SonarQube for quality control on the software being deployed in our company. We had to control the open-source software we use. We develop software and have to create builds around it. As part of this process, we want to be sure of the security conformity for each module.
It is installed and plugged into a Kubernetes pipeline build system.
View full review »AN
reviewer1522716
Project Manager at a manufacturing company with 1,001-5,000 employees
We mainly need to do certain static analyses. While doing the coding, everybody sends a pool request. Before committing the code on the main branch, we need to ensure that the code is up to level. That is basically our way of working to ensure that whatever rules we have configured, whatever gates we have defined, that gets passed before committing the code into the main branch.
View full review »We use it to check the code quality, and the code review to find out the vulnerabilities about the central codes like simplifications and codes. We also use it for security management.
View full review »KG
Kiran Gujju
Cyber Security Architect (USDA) at a government with 10,001+ employees
I work for a government agency and we use this tool. It is lightweight and very cost effective as compared to IBM AppScan, but I wouldn't say it's a very good tool for vulnerability assessment. The dashboard is neat and easy to operate and the information on the dashboard makes it easy for the developers to work on. You can have it automated and set up for you to have an automated process every time the code is checked in.
View full review »VD
reviewer1526550
Lead Security Architect at a comms service provider with 1,001-5,000 employees
We use this solution to configure our pipeline using Jenkins. From an integration perspective, it encompasses many languages and this is very useful.
MV
Mohanraj Vellingiri
Tools manager at a retailer with 10,001+ employees
SonarQube is a code-scanning tool that ensures people follow the right coding standard. It detects any memory leaks or unwanted functions that have been written so developers can optimize the code for better performance. We don't know too much about how our customers use SonarQube because we just set it up for them. We show them how the reporting works and what to do to fix common issues.
View full review »RR
Raja_Reddy
Manager at kellton
Our primary use case of SonarQube is getting feedback on code. We are using Spring Boot and Java 8. We are also using SonarLint, which is an Eclipse IDE plugin, to detect vulnerabilities during development. Once the developer finishes the code and commits the code into the Bitbucket code repository, the continuous integration pipeline will automatically run using Jenkins. As part of this pipeline, there is a build unit test and a SonarQube scan. All the parameters are configured as per project requirements, and the SonarQube scan will run immediately once the developer commits the code to the repository. The advantage of this is that we can see immediate feedback: how many vulnerabilities there are, what the code quality is, the code quality metrics, and if there are any issues with the changes that we made. Since the feedback is immediate, the developer can rectify it immediately and can further communicate changes. This helps us with product quality and having less vulnerabilities in the early stages of development.
This solution is deployed on-premise.
View full review »DG
Donovan Greeff
Head of Software Delivery at a tech services company with 51-200 employees
Our primary use case is to analyze source code for software bugs, technical debt, vulnerabilities, and test coverage. It provides an automated gated procedure to ensure that engineers are able to deliver great, secure code to production.
We plug this process into our process right from the start enabling the IDE integrations so that engineers can scan their code before submission. Following on from that we run the scans on every change that has been submitted for review.
This way we ensure that no core/fundamental issues are added to our codebases.
View full review »SG
reviewer841284
Lead Engineer at a healthcare company with 10,001+ employees
We're collecting code quality metrics.
View full review »AJ
reviewer1565832
DevOps Lead at a marketing services firm with 1,001-5,000 employees
We use SonarQube mostly for code quality testing.
View full review »We are application support vendors, and we develop applications for our clients. To maintain code quality, we were using SonarQube, and then we presented that to our clients in order to purchase that. That's where this whole thing got started.
One thing that we were using it majorly for was our work quality. It usually helped us in automating the review and making it more gate-oriented. Recently we were able to see the latest features like security hotspots and all that.
We were trying to serve two purposes; work quality and code security, with one tool. That's where our inclination was more towards Sonar because other tools generally target code security only.
View full review »HK
Hervé KAMDEM
Country Manager Senegal at a financial services firm with 10,001+ employees
We are working on a payment system, and we need it to be secure. We use this solution to analyze our code to ensure that it is clean, easy to understand and maintain, and secure.
View full review »RP
Rushikesh Patil
Infosec Consultant at Anzen Technologies
We used SonarQube for secure code review.
View full review »AS
Anuja S
Program Manager at a computer software company with 1,001-5,000 employees
We are using SonarQube for code reviews.
View full review »BG
reviewer1537167
Digital Solutions Architect at a tech services company with 1,001-5,000 employees
We are a $4 billion valuation large company and we use the solution for status security, scanning, and code quality. I am currently in the process of building a pipeline for one of my customers and for that we are utilizing this solution for the static analysis.
View full review »We use SonarQube to scan our security protection.
View full review »We use SonarQube for determining code coverage, finding bugs, and searching for security-related issues in our development environment.
View full review »HM
reviewer973425
Senior Product Manager at a financial services firm with 10,001+ employees
SonarQube delivers a continuous inspection of code quality.
View full review »KH
reviewer1643052
Manager, Software Development Engineering at a computer software company with 51-200 employees
I'm a software development engineer and we are customers of SonarQube.
View full review »PC
reviewer1390020
Engineer at a pharma/biotech company with 201-500 employees
The primary use case of this solution is for static code analysis, and benchmarking our code standards according to our preferences.
Our builds process through SonarQube and if it passes the required set of requirements we have set, it will then go through to production.
View full review »We are using SonarQube for static analyzing and finding vulnerabilities in our code.
View full review »AB
reviewer1422195
Director IT Security, CISO at a transportation company with 10,001+ employees
I have used SonarQube for static code analysis. I am using it to assess my internal applications.
View full review »We primarily use this solution for code quality purposes. We have a CICD environment, without a lot of manual steps.
View full review »JI
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
Primary use is code standards, or code quality. It's worked out okay. I find it is light on the security side though.
We brought into our CI pipeline to see if we could help our developers fix issues and identify issues sooner.
We use the tool to check our code. It's used for static quality checks.
View full review »LM
reviewer1593939
Systems Analyst at a manufacturing company with 5,001-10,000 employees
We use the solution to do quality code analysis for keeping track of security hotspots. We also use it to avoid the delivery of problems as the result of new code from our partners who may be developing software for systems, making improvements and carrying out bug corrections. These are the features of SonarQube of which I am aware.
EG
ErnestoGonzalez
Backend Architect at Sngular
We usually do the development in Java, and when we finish the development, we usually run the SonarQube tests and review the critical level, bugs, and security issues. We also review the license and the web issues and try to solve them, and then pass again through SonarQube.
We usually deploy it in the cloud, but sometimes we also have on-premises solutions.
View full review »DH
Daniel Hall
Technical Architect at Dwr Cymru Welsh Water
Our primary use case is to provide more coverage and reduce the reliance on code reviews alone. It also provides confidence and helps begin a path towards continuous improvement.
View full review »VS
reviewer1258632
Product Security Architect at a tech services company with 51-200 employees
We use the solution for security vulnerabilities, static code analysis, and a few code quality issues like code smells. We mostly concentrate on security vulnerabilities.
SonarQube can be used to analyze application code. We are testing SonarQube with some of our other products. We use the Sonar Link plugin with Teamscale, which is then applied to the main product we are using.
View full review »PD
Phil Denomme
Manager at a wireless company with 11-50 employees
Our primary use is for coding best practice management and quality. Aside from that, we also use it for security.
I'm getting involved in moving this solution forward and positioning it in our enterprise so I haven't gotten to the point where we're nailing down the configuration and release controls yet.
NP
Purushothaman K
Team Lead at CNSI
We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard.
TS
reviewer1411233
Security consultant at a computer software company with 1,001-5,000 employees
We are a security organization, and we deploy security solutions and applications related to network for our clients. We mostly focus on open source products because clients don't like to have proprietary products because of the available budget for their different projects. We try to find the possible solution, and then we deploy the solution for them. Deployments are done on the AWS cloud as well as on-premises.
I came to know that there is a SonarQube solution that is used for clean and secure coding purposes and bug fixes in a large DevOps team. That's why I have deployed SonarQube. Currently, I'm testing SonarQube to demonstrate to my higher department what this tool can do. We are testing this solution for one of our clients, who may use it for two or three use cases during static code analysis and the software development life cycle.
View full review »SR
reviewer1407126
Team Lead at a computer software company with 10,001+ employees
We are using the free version of the SonarQube product. Be warned if you choose this version because it is lacking some of the capabilities and support. It is for this reason that we are currently considering migrating to a commercial solution.
View full review »JI
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
Our primary use for this solution is to improve code quality and reduce technical debt.
View full review »AJ
reviewer1565832
DevOps Lead at a marketing services firm with 1,001-5,000 employees
We generally use the solution in order to do static code analysis.
View full review »AR
Ahmed Rabea
CEO at ITShare
We use it for the static analysis of the source code to find issues or vulnerabilities.
HT
Hilman Tehrani
Information Technology Technical Architect at a insurance company with 51-200 employees
I'm a user also, but I'm also responsible for information security.
I am the principal of security in the office. I'm the one that actually advises people about enhancing or incorporating information security aspects. Right now, we are using a community version. We have yet to subscribe for the enterprise license because we need more disciplined developers first.
Within our organization, there are roughly 14 people using this solution.
We use it to find the scoop, or the use, for peer review for the developers. It will require more time, to get used to it and to get trained. My team is very small and I am part of the development team — I'm in the security team but I'm also part of the development team. I am helping to build this along with the team.
View full review »RV
reviewer1023003
Development Team Lead at a financial services firm with 1,001-5,000 employees
I use SonarQube for Google's web services, from a security perspective, as well as Oracle Forms, HTML Forms, and script.
SonarQube is deployed on-premises.
View full review »HT
Hilman Tehrani
Information Technology Technical Architect at a insurance company with 51-200 employees
SonarQube can be used for any missing components or component vulnerabilities.
View full review »FM
FilipeMarcelino
Product Manager | Senior Software Developer at RedShift II - Solutions
This solution has the capability to analyze source code in almost all the languages in the market.
View full review »EG
Elham-Gharegozloo
Senior System Analyst at a tech services company with 1,001-5,000 employees
We are using this solution for analyzing sales, profit, and FI documents. We are using the HR section as well.
View full review »EK
reviewer1192836
Director of consultory at a non-tech company with 1,001-5,000 employees
We use SonarQube for testing, reviewing, and ensuring the quality of application code.
View full review »PP
reviewer1620009
Head Innovation Hub at a tech services company with 201-500 employees
I have used it in my previous company. In my current company, which I have joined recently, we don't use any of these tools. That's why I want to implement something for the company. I have the Community Edition of SonarQube. I am using one version prior to the latest one.
It was integrated with our build pipeline, and we had also customized the rules for the quality gate. For each release that got through SonarQube, it gave the results in terms of whether it was releasable or not.
SLA was another use case. We internally had a rule that in case there are severity defects, they need to be fixed. If there is a false positive, it needs to be justified. That's the way it was used.
CV
reviewer1472997
CTO at a computer software company with 11-50 employees
There are two versions: a free, open-source community version, and a subscription-based version.We use the community version, not the enterprise version.
We are a very small organization. In total, there are four of us who use this solution. We will keep using SonarQube, with some additions, in the future.
Firstly, we use SonarQube to evaluate code for M&A projects. Secondly, we use it to detect vulnerabilities while performing security audits. Our third use case is the detection of violation of programming practices towards code refactoring and code maintenance.
GL
Gustavo Lugo
Chief Solutions Officer at CleverIT B.V.
I am now working in a consultancy company and I work with different clients in different industries. For this reason I implement, for example, a delivery pipeline with the process whereby we need to validate the quality gate of the quality code. Meaning, the developer creates the unit testing and the code coverage, but grants the code coverage for a specific person. In other cases, we used to see what the technical depth was to see if if there are any bugs in the applications - the web application, mobile application and different languages, like, C-Sharp, JavaScript or Java, et cetera.
We deploy SonarQube on-premise on a Linux server and our pipelines were created with GitLab and Azure DevOps. Meaning that Azure DevOps and GitLab are the tools that do the build and release process.
We use Microsoft Azure and Google Cloud Platform a little.
SM
Subhendu Mahapatra
Manager at Dassault Systèmes
Our primary use case for this solution is security testing using the FindSecBugs plugin.
View full review »PJ
reviewer1078050
Staff DevOps Specialist at a computer software company with 201-500 employees
It is mainly used as part of the CI/CD pipeline through Azure DevOps and Jenkins to do static code analysis.
We have the enterprise version. In terms of deployment, on-premise is the best description because they have their own cloud, but it is not a real cloud. It is like VMware.
View full review »NB
reviewer1592490
Security Engineer at a computer software company with 201-500 employees
I use this solution for our staging environment to review the security issues before going live or into production.
View full review »KV
reviewer1158774
Senior Technical Architect at a tech services company with 501-1,000 employees
We are using SonarQube for scanning our services for issues as part of our IT department.
View full review »BR
BvsReddy
Company Director at Alwyn Technologies
My primary use for this solution is to perform static code analysis.
View full review »LZ
AppSecAn0945
Application Security Analyst at a agriculture with 501-1,000 employees
We use this solution in the development of our travel programs.
View full review »RB
Rodolfo Barzola
Senior Solutions Architec at OSENTERPRISE SAC
We are using this solution to check and monitor application code to ensure security quality.
View full review »HJ
Inframan677
IT Infrastructure Head / Facilities Manager - ITIL V3 Certified ,Vmware Vsphere5 at a financial services firm with 51-200 employees
We use this SonarQube solution for code quality and as a basic security issues solution for our clients.
SV
reviewer1073967
Project Manager, Senior Architect at a computer software company with 1,001-5,000 employees
We decided to implement the solution to keep up to date with testing, security, and other issues with developments, such as bugs.
View full review »SK
Steven Klusener
Independent Consultant at Klusener Consultancy
We use this solution for auditing our system.
View full review »JS
reviewer1357878
DevSecOps Lead at a tech services company with 11-50 employees
Our software developers use SonarQube to catch any issues that can be found by using static code analysis. My understanding is that it checks the core complexity by evaluating the coding rules to make sure of things such as the correct classes are private.
View full review »LD
reviewer1689996
Software Engineer at a tech services company with 11-50 employees
I use SonarQube for testing software.
View full review »RP
RakeshPal
Senior Manager at Digichorus Technologies
We are using it for scanning our web applications, some internal applications and using it for code reviews.
View full review »KN
reviewer1108275
Security at a tech services company with 51-200 employees
We use SonarQube to help with our software development and testing. At the moment, we're mainly using it for static analysis and code inspection. We have an on-premises server and we connect to it from there.
Our main use case is testing software for security weaknesses, but we also use it to help eliminate code smells and to make sure our code is compliant with established coding standards.
HM
reviewer1587588
Founder at a tech services company with 11-50 employees
We use it as a gatekeeper for our external developers to follow the rules. If they don't comply with the rules within the source code, they cannot commit.
View full review »TL
TibinLukose
Software Engineer at Adfolks
I was using SonarQube to scan my code for vulnerabilities as part of the DevOps process.
View full review »Buyer's Guide
SonarQube
March 2024
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.