SonarQube Primary Use Case

Steven Gomez
Lead Engineer at bioMerieux, Inc.
We're collecting code quality metrics. View full review »
Team Lead at a computer software company with 10,001+ employees
We are using the free version of the SonarQube product. Be warned if you choose this version because it is lacking some of the capabilities and support. It is for this reason that we are currently considering migrating to a commercial solution. View full review »
Hilman Tehrani
Information Technology Technical Architect at a insurance company with 51-200 employees
SonarQube can be used for any missing components or component vulnerabilities. View full review »
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,986 professionals have used our research since 2012.
Phil Denomme
Manager at a wireless company with 11-50 employees
Our primary use is for coding best practice management and quality. Aside from that, we also use it for security. I'm getting involved in moving this solution forward and positioning it in our enterprise so I haven't gotten to the point where we're nailing down the configuration and release controls yet. View full review »
Yash Brahmani
Devops Engineer at a financial services firm with 10,001+ employees
We use it to check the code quality, and the code review to find out the vulnerabilities about the central codes like simplifications and codes. We also use it for security management. View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
Our primary use for this solution is to improve code quality and reduce technical debt. View full review »
Engineer at a pharma/biotech company with 201-500 employees
The primary use case of this solution is for static code analysis, and benchmarking our code standards according to our preferences. Our builds process through SonarQube and if it passes the required set of requirements we have set, it will then go through to production. View full review »
Tariq Saraj
Sr. Information Security Engineer at a tech services company with 1,001-5,000 employees
We are a security organization, and we deploy security solutions and applications related to network for our clients. We mostly focus on open source products because clients don't like to have proprietary products because of the available budget for their different projects. We try to find the possible solution, and then we deploy the solution for them. Deployments are done on the AWS cloud as well as on-premises. I came to know that there is a SonarQube solution that is used for clean and secure coding purposes and bug fixes in a large DevOps team. That's why I have deployed SonarQube. Currently, I'm testing SonarQube to demonstrate to my higher department what this tool can do. We are testing this solution for one of our clients, who may use it for two or three use cases during static code analysis and the software development life cycle. View full review »
Donovan Greeff
Head of Software Delivery at a tech services company with 51-200 employees
Our primary use case is to analyze source code for software bugs, technical debt, vulnerabilities, and test coverage. It provides an automated gated procedure to ensure that engineers are able to deliver great, secure code to production. We plug this process into our process right from the start enabling the IDE integrations so that engineers can scan their code before submission. Following on from that we run the scans on every change that has been submitted for review. This way we ensure that no core/fundamental issues are added to our codebases. View full review »
Hilman Tehrani
Information Technology Technical Architect at a insurance company with 51-200 employees
I'm a user also, but I'm also responsible for information security. I am the principal of security in the office. I'm the one that actually advises people about enhancing or incorporating information security aspects. Right now, we are using a community version. We have yet to subscribe for the enterprise license because we need more disciplined developers first. Within our organization, there are roughly 14 people using this solution. We use it to find the scoop, or the use, for peer review for the developers. It will require more time, to get used to it and to get trained. My team is very small and I am part of the development team — I'm in the security team but I'm also part of the development team. I am helping to build this along with the team. View full review »
IT Infrastructure Head / Facilities Manager - ITIL V3 Certified ,Vmware Vsphere5 at a financial services firm with 51-200 employees
We use this SonarQube solution for code quality and as a basic security issues solution for our clients. View full review »
Kiran Gujju
Cyber Security Architect (USDA) at a government with 10,001+ employees
I work for a government agency and we use this tool. It is lightweight and very cost effective as compared to IBM AppScan, but I wouldn't say it's a very good tool for vulnerability assessment. The dashboard is neat and easy to operate and the information on the dashboard makes it easy for the developers to work on. You can have it automated and set up for you to have an automated process every time the code is checked in. View full review »
Daniel Hall
Technical Architect at Dwr Cymru Welsh Water
Our primary use case is to provide more coverage and reduce the reliance on code reviews alone. It also provides confidence and helps begin a path towards continuous improvement. View full review »
Vice President at a financial services firm with 1,001-5,000 employees
We primarily use this solution for code quality purposes. We have a CICD environment, without a lot of manual steps. View full review »
Anshuman Kishore
Director Product Development at Mycom Osi
We use SonarQube for determining code coverage, finding bugs, and searching for security-related issues in our development environment. View full review »
Director IT Security, CISO at a transportation company with 10,001+ employees
I have used SonarQube for static code analysis. I am using it to assess my internal applications. View full review »
Country Manager Senegal at a financial services firm with 10,001+ employees
We are working on a payment system, and we need it to be secure. We use this solution to analyze our code to ensure that it is clean, easy to understand and maintain, and secure. View full review »
DevSecOps Lead at a tech services company with 11-50 employees
Our software developers use SonarQube to catch any issues that can be found by using static code analysis. My understanding is that it checks the core complexity by evaluating the coding rules to make sure of things such as the correct classes are private. View full review »
Application Security Analyst at a agriculture with 501-1,000 employees
We use this solution in the development of our travel programs. View full review »
Company Director at Alwyn Technologies
My primary use for this solution is to perform static code analysis. View full review »
Steven Klusener
Independent Consultant at Klusener Consultancy
We use this solution for auditing our system. View full review »
Software Engineer at Adfolks
I was using SonarQube to scan my code for vulnerabilities as part of the DevOps process. View full review »
Subhendu Mahapatra
Manager at Dassault Systèmes
Our primary use case for this solution is security testing using the FindSecBugs plugin. View full review »
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,986 professionals have used our research since 2012.