SonarQube Pros and Cons

SonarQube Pros

Steven Gomez
Lead Engineer at bioMerieux, Inc.
We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that.
View full review »
reviewer1407126
Team Lead at a computer software company with 10,001+ employees
It is a very good tool for analysis despite its limitations.
There is a free version.
View full review »
Hilman Tehrani
Information Technology Technical Architect at a insurance company with 51-200 employees
The product has a friendly UI that is easy to use and understand.
View full review »
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: December 2020.
455,108 professionals have used our research since 2012.
Gustavo Lugo
Chief Solutions Officer at CleverIT B.V.
It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis.
View full review »
Phil Denomme
Manager at a wireless company with 11-50 employees
Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version.
View full review »
Yash Brahmani
Devops Engineer at a financial services firm with 10,001+ employees
The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues.
View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs.
View full review »
reviewer1390020
Engineer at a pharma/biotech company with 201-500 employees
The most valuable features are the segregation containment and the suspension of product services.
View full review »
AhmedSaber
Senior/Lead Software Engineer at a government with 51-200 employees
The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes.
View full review »
Tariq Saraj
Sr. Information Security Engineer at a tech services company with 1,001-5,000 employees
It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely. SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition.
View full review »

SonarQube Cons

Steven Gomez
Lead Engineer at bioMerieux, Inc.
We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better.
View full review »
reviewer1407126
Team Lead at a computer software company with 10,001+ employees
There are limitations to the free version that limit development options as far as languages.
View full review »
Hilman Tehrani
Information Technology Technical Architect at a insurance company with 51-200 employees
The documentation is not clear and it needs to be updated.
View full review »
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: December 2020.
455,108 professionals have used our research since 2012.
Gustavo Lugo
Chief Solutions Officer at CleverIT B.V.
In terms of what can be improved, the areas that need more attention in the solution are its architecture and development.
View full review »
Phil Denomme
Manager at a wireless company with 11-50 employees
We're in the process of figuring out how to automate the workflow for QA audit controls on it. I think that's perhaps an area that we could use some buffing. We're a Kubernetes shop, so there are some things that aren't direct fits, which we're struggling with on the component Docker side. But nothing major.
View full review »
Yash Brahmani
Devops Engineer at a financial services firm with 10,001+ employees
In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface.
View full review »
Jeff Ingalls
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
The solution is a bit lacking on the security side, in terms of finding and identifying vulnerabilities.
View full review »
reviewer1390020
Engineer at a pharma/biotech company with 201-500 employees
I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production.
View full review »
AhmedSaber
Senior/Lead Software Engineer at a government with 51-200 employees
There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products.
View full review »
Tariq Saraj
Sr. Information Security Engineer at a tech services company with 1,001-5,000 employees
If I configure a project in SonarQube, it generates a token. When we're compiling our code with SonarQube, we have to provide the token for security reasons. If IP-based connectivity is established with the solution, the project should automatically be populated without providing any additional token. It will be easy to provide just the IP address. It currently supports this functionality, but it makes a different branch in the project dashboard. From the configuration and dashboard point of view, it should have some transformations. There can be dashboard integration so that we can configure the dashboard for different purposes.
View full review »
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: December 2020.
455,108 professionals have used our research since 2012.