SonarQube Pros and Cons

SonarQube Pros

Steven Gomez
Lead Engineer at a pharma/biotech company with 1,001-5,000 employees
We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that.
View full review »
Phil Denomme
Manager at a wireless company with 11-50 employees
Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version.
View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs.
View full review »
Find out what your peers are saying about SonarQube, Veracode, Micro Focus and others in Application Security. Updated: October 2019.
372,374 professionals have used our research since 2012.
ScalaCon4d53
Scala Contractor at a tech services company with 10,001+ employees
If code coverage is a low number then that's of great value to me.
View full review »
Inframan677
IT Infrastructure Head / Facilities Manager - ITIL V3 Certified ,Vmware Vsphere5 at a financial services firm with 51-200 employees
Strong code evaluation for budget-minded clients.
View full review »
Kiran Gujju
Cyber Security Architect (USDA) at a government with 10,001+ employees
The most valuable features are the dashboard reports and the ease of integrating it with Jenkins.
View full review »
Daniel Hall
Technical Architect at a energy/utilities company with 1,001-5,000 employees
The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices).
View full review »
ViPres97886
Vice President at a financial services firm with 1,001-5,000 employees
If you want to have your code scanned and timed then this is a good tool.
View full review »
Hervé KAMDEM
Country Manager Senegal at a financial services firm with 10,001+ employees
SonarQube is good for checking and maintaining code quality.
View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
It is very good at identifying technical debt.
It easily ties into our continuous integration pipeline.
View full review »

SonarQube Cons

Steven Gomez
Lead Engineer at a pharma/biotech company with 1,001-5,000 employees
We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better.
View full review »
Phil Denomme
Manager at a wireless company with 11-50 employees
We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major.
View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities.
View full review »
Find out what your peers are saying about SonarQube, Veracode, Micro Focus and others in Application Security. Updated: October 2019.
372,374 professionals have used our research since 2012.
ScalaCon4d53
Scala Contractor at a tech services company with 10,001+ employees
I don't believe you can have metrics of code quality based upon code analysis. I don't think it's possible for a computer to do it.
View full review »
Inframan677
IT Infrastructure Head / Facilities Manager - ITIL V3 Certified ,Vmware Vsphere5 at a financial services firm with 51-200 employees
Expression of common vulnerabilities and exposures is not always current.
View full review »
Kiran Gujju
Cyber Security Architect (USDA) at a government with 10,001+ employees
Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time.
View full review »
Daniel Hall
Technical Architect at a energy/utilities company with 1,001-5,000 employees
A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product.
View full review »
ViPres97886
Vice President at a financial services firm with 1,001-5,000 employees
The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at.
View full review »
Hervé KAMDEM
Country Manager Senegal at a financial services firm with 10,001+ employees
I would like to see more options for security, beyond the basics like SQL injection.
View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
I find it is light on the security side.
View full review »
Find out what your peers are saying about SonarQube, Veracode, Micro Focus and others in Application Security. Updated: October 2019.
372,374 professionals have used our research since 2012.
Sign Up with Email