PeerSpot user
Head of Software Delivery at a tech services company with 51-200 employees
Real User
Provides an automated gated procedure to ensure that engineers are able to deliver great, secure code to production
Pros and Cons
  • "Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."

    What is our primary use case?

    Our primary use case is to analyze source code for software bugs, technical debt, vulnerabilities, and test coverage. It provides an automated gated procedure to ensure that engineers are able to deliver great, secure code to production. 

    We plug this process into our process right from the start enabling the IDE integrations so that engineers can scan their code before submission. Following on from that we run the scans on every change that has been submitted for review. 

    This way we ensure that no core/fundamental issues are added to our codebases. 

    How has it helped my organization?

    It has helped many of the organizations that I have worked at to improve overall security, quality, and test confidence within the codebases. It also provides this in a speed efficient way. Engineers now feel much more proud of their solution as they gain confidence from these scans and their results. 

    Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers. 

    We are also able to get reports on our suite and generate a quality rating for ourselves utilizing this data and more. 

    What is most valuable?

    By far the quality gate controls. Without this, there would be no way to really utilize the power of this tool. We are able to automatically ensure that no code is delivered to production when it contains severe bugs or vulnerabilities. 

    The tight integration to source control also helps us to keep the engineers in the loop with any follow-up actions for issues reported. 

    Finally, the historical trend analysis gives us great insight into how we are improving based on our decisions, which are now driven by clear data.

    What needs improvement?

    It should keep up with newer technologies. As this is primarily open-source, it does require updates from the community. As such, there is sometimes a delay for new technologies to be covered by this too. 

    Particularly around the languages that the webpages state they support. The big benefit of Sonar is that it handles so many different languages, problems, and static analysis in one place. 

    When that one place has a low coverage for the most basic rules (OWASP top 10 for example) it starts to lose its value add. 

    Buyer's Guide
    SonarQube
    March 2024
    Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been using SonarQube for five years.

    What do I think about the stability of the solution?

    Good, I have not really had many issues with it. No major ones either. 

    What do I think about the scalability of the solution?

    It all depends on where/how you are hosting it. The tool itself scales well. 

    Which solution did I use previously and why did I switch?

    I have used Checkmarx and also tried a demo of Veracode. 

    Checkmarx was far too heavy-handed and only handled security concerns for a VERY large price tag. 

    Veracode is very good, however, the price vs a free solution was a deciding factor in many cases. 

    How was the initial setup?

    It's very straightforward for a SaaS setup. 

    For a self-hosted setup, it is documented well and fairly easy. 

    What about the implementation team?

    We implemented in-house.

    What's my experience with pricing, setup cost, and licensing?

    SonarQube will incur hosting costs. There are SaaS options available at competitive prices too. 

    Self-hosting SonarQube is subject to its open-source licenses documented on their website. 

    Which other solutions did I evaluate?

    We also evaluated Checkmarx, Veracode and open source solutions specific to each programming language. 

    What other advice do I have?

    Security analysis is a MUST. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Lead Engineer at a healthcare company with 10,001+ employees
    Real User
    Great birds-eye view dashboard with detailed code metrics in the drill-down
    Pros and Cons
    • "We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
    • "We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."

    What is our primary use case?

    We're collecting code quality metrics.

    How has it helped my organization?

    We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that.

    What is most valuable?

    I like the dashboard it shows by default, where you can see things at a glance. At the same time, you can also drill way down and see a lot of stuff about your code, like complexity metrics, and things like that. It gives you a nice dashboard where you can just look at a birds-eye view.

    What needs improvement?

    We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course, that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better.

    On the other hand, there are published books available. However, the one problem I ran into is they were a little bit out of date. They're still very helpful, but we had to kind of translate from the previous version that was covered in the published books to what's actually available now.

    An improvement I would like to see would be on the part of the authors to come out with a new edition or revision that covers some of the newer features of SonarQube and newer configurations. I'd buy a copy.

    In terms of additional features, it's actually a very complete solution from what we have seen. Again, I would like the authors to revise their books. I think even ordinary people that are using the licensed model with direct support could walk through some different use cases, just from having been around the block a few times. There are enough things that the software does that this could be very beneficial. Even beyond the technical issues of installation, there are further use cases that could be helpful. For instance, how to get the big bang from the buck out of it.

    For how long have I used the solution?

    We've been using SonarQube for around eight months.

    What do I think about the stability of the solution?

    We use C++ and a lot of Python. Another group in our company is using Java. SonarQube is more directly suited for Java, being almost built into it, whereas C++ requires some extensions. The Java group is using a newer version. We were kind of hoping to piggyback on theirs but SonarQube did not create newer versions of the C++ interfaces as open source. It's starts costing money so we haven't crossed that threshold yet. We haven't established a clear path.

    What do I think about the scalability of the solution?

    I think if you're going to get the paid model, I get the impression it would do pretty much everything you need as far as metrics go.

    A colleague of mine did some work looking at some plugins for Visual Studio and things like that, but they weren't going to work out, so we did take a look at some other options where they could have everything done on the desktop. Our solution in place now requires an infrastructure where it doesn't look at your code, but rather the code that you last checked in, which takes some levels of complexity that we've kind of built-in anyway. It's a little less intuitive how it works to the casual observer. It's set up now to where they don't have to know how it works, they can just go to the web interface and see it.

    There are about eight programmers in our section of the solution. So we're kind of a smaller shop compared to some, but larger than many.

    Certainly right now I think SonarQube is being underutilized, just because old habits die hard. If I had any say I would like to change that. We had coding standards in place, but they were written documents, whereas SonarQube takes that to another level and you had to look at the specification to see what you said you were going to do. It also tells you what the industry norms are, and whether or not you're meeting them. We have had some discussions about which we want to do. If we want it to happen automatically or if we want to go look for it again ourselves. I cast my vote in the automatic way because the research has already been done by the SonarQube community to come up with these roles, rules, coding standards, etc.

    It wasn't done in a vacuum. The agile community has been beating on issues like this for a long time, and they're getting to a point that it's becoming a self-sustaining method.

    How are customer service and technical support?

    They do have a lot of information on their website for the parts that they're offering free. We don't have licensing but there is a lot of information, it's just a matter of digging for it and you have to infer a few things. With the proper amount of agony we've managed to get there. There are some subtleties as far as configuration parameters. It does it one way, but we'd really like to do it a different way. Finding that magic incantation to flip that switch is not always in bold print so to speak.

    Even for the freebie community which we're in, they haven't held back information. The information is out there to do some amazing stuff with it, but you've got to get your shovel and go dig it up.

    We do have some other licensed software and when you look for information on their product, all roads lead to them and when you get there, you log in with your account that costs tens of thousands of dollars. SonarQube isn't like that. They don't hold the information back but you just have to go find it on their website by yourself.

    Which solution did I use previously and why did I switch?

    We didn't have a previous solution other than paper systems that we never got in the habit of going back to referring to. We didn't switch, we started fresh.

    How was the initial setup?

    The initial setup was complex because we were using the Community Edition. We did have some issues with the compatibility of the different components. For example, there is the server itself, but then you can plug in different packages, like the C++ package. We've also experimented a little bit with Python metrics, but unfortunately we don't have a project that's really under that control yet, to really get a feel for how that works.

    Configuration issues were pretty complicated, but once we got things up and running, it's been extremely stable, it was kind of maintenance-free, now, although we have a time issue. Of the scans that it does, it could be somewhat time-consuming, so originally some of the developers would say, "Well we want to be able to do that on our desktop." I told them, "I don't think you know what you're asking for, here." But as an alternative, we have it set up with our continuous integration server, which we use in TeamCity by the way. In the middle of the night, it automatically runs a scan for them, while they're in bed at home asleep so their results will be ready the next morning. This way, whatever they have most recently checked in, they can see the results right there. And then it runs in the background so it doesn't matter how long it takes per se, it gets it done by the next time they come in. That's part of what continuous integration does, it does things for you that years ago people would do themselves, and never get around to it.

    What about the implementation team?

    We spent a couple of weeks getting things figured out. I worked with an apprentice, who was kind of going through the motions.

    We chose to use a Red Hat operating system for the base. It's running on a Red Hat 7 server which contributes to the stability from the foundation, then installed the actual SonarQube server on Red Hat. That's when we had the compatibility issues and so on when we started installing the scan engines on top of that. That's when things were not compatible with each other and we had to fall back and figure out why things weren't plugging and playing. However, they did have on their website a sheet that had a little chart that showed the compatibility between the different versions and once we discovered that I was able to see which version can work with which.

    We didn't have to change the OS or the SonarQube's service itself, but the C++ extension. The version of the C++ extension we were using was not compatible with the Community Edition we had.

    We've had a consultant at one point, not to look specifically at SonarQube, but rather at our firmer development processes as a whole. He's the one that played us towards SonarQube being a reasonable option. In fact, he was the one that helped us in finding the compatibility chart.

    It's been mostly me doing the implementation on my own. I haven't been full time on it, but about half of my time is devoted to this. I do take some breaks and write some code and do some refactoring on occasion.

    As far as time on SonarQube itself, only about a tenth of a person is devoted to this. It's part of an infrastructure. I have a whole family of virtual machines that do different things: build, test, etc..

    Which other solutions did I evaluate?

    We had looked at other code quality systems. We had looked at a number of them. I don't remember them all, but Clockwork was on that list. I think it comes down to picking one and getting used to how it works because they all do mostly the same thing. Some of them focus more on Java, some more on C++. I think Java seems to be the favorite. As far as what they can really do for you, there didn't seem to be any one of them that does ten times what another does. There were some differences, but not no show-stoppers that I recall. I guess the advice would be that one of several tools could do a good job for you, but you still have to manage it and manage the behavior that goes along with it.

    What other advice do I have?

    I would rate SonarQube as a nine out of ten.

    Once you start drilling down through the menus, it tells you a lot of stuff about your code in one view. That's really quite neat. That shows you a view of maintainability. They have a maintainability view that shows bubbles for all the different code modules, and yours is beside the bubble. This represents the amount of "code smells," which is actually kind of a common definition. The bigger the bubble, the more your code smells. This shows where more attention is needed or it's a bubble that's kind of drifting out of control.

    I have one graph here where there are probably 50 bubbles. There's one axis that shows technical death, meaning the amount of work that it's going to take to get the smells under control. The other axis is lines of code, which is obviously a very common thing to look at. On this particular graph, there are a whole bunch of bubbles down in the lower-left corner, which means you have a lot of small manageable things. 

    If you hover over the bubble, it tells you what module it is. How many lines of code. Technical death and manpower estimate, things like that.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    SonarQube
    March 2024
    Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
    765,234 professionals have used our research since 2012.
    DevOps Lead at a marketing services firm with 1,001-5,000 employees
    Real User
    Top 20
    Used for code quality testing and helps streamline coding practices in an organization
    Pros and Cons
    • "The integrations SonarQube provides with our software delivery pipeline are very seamless."
    • "SonarQube could improve its static application security testing as per the industry standard."

    What is our primary use case?

    We use SonarQube mostly for code quality testing.

    What is most valuable?

    The integrations SonarQube provides with our software delivery pipeline are very seamless. The main benefit of using SonarQube in our organization was having a clean code with fewer static vulnerabilities within the application.

    What needs improvement?

    SonarQube could improve its static application security testing as per the industry standard. It would be really great if I could extract the overall report that I see in the dashboard.

    For how long have I used the solution?

    I have been using SonarQube for a few years.

    What do I think about the stability of the solution?

    SonarQube is a stable solution.

    What do I think about the scalability of the solution?

    Around 20 to 25 people use the solution in my team.

    How was the initial setup?

    The solution’s initial setup is straightforward.

    What about the implementation team?

    The solution can be deployed within a couple of days. We don’t need many people to deploy SonarQube. It is not difficult to maintain the solution.

    What other advice do I have?

    We use the API call for SonarQube to integrate it into our development workflow. It's a continuous process for us to review the reports and remediate any findings we get from SonarQube. The quality gates and quality profiles are helpful in establishing the required gates and governance that we may need. SonarQube has impacted our team's productivity and code quality over time.

    I would recommend SonarQube to other users evaluating it because it helps streamline some of the coding practices. The solution helps teams within the organization get into a good habit of writing clean code. The solution is helpful from a long-term sustainability standpoint.

    I would recommend users to try out the open source version of SonarQube. If that doesn't suffice their needs, then they can go for an enterprise version.

    Overall, I rate SonarQube an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Rakesh Thakur - PeerSpot reviewer
    Technical Architect at a insurance company with 1,001-5,000 employees
    Real User
    An open-source platform for the continuous inspection of code quality with a useful code security feature
    Pros and Cons
    • "I like that it helps us maintain our work quality and code security."
    • "Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."

    What is our primary use case?

    We are application support vendors, and we develop applications for our clients. To maintain code quality, we were using SonarQube, and then we presented that to our clients in order to purchase that. That's where this whole thing got started. 

    One thing that we were using it majorly for was our work quality. It usually helped us in automating the review and making it more gate-oriented. Recently we were able to see the latest features like security hotspots and all that.

    We were trying to serve two purposes; work quality and code security, with one tool. That's where our inclination was more towards Sonar because other tools generally target code security only.

    What is most valuable?

    I like that it helps us maintain our work quality and code security.

    What needs improvement?

    Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer. 

    For how long have I used the solution?

    I have been using SonarQube for about three or four years. However, in this organization, we have been using it for the last year or so.

    What do I think about the scalability of the solution?

    In Community Edition, I don't think that we have enough scalability options because it runs only on one instance, plus it runs only one scan at a time. It doesn't even provide a settings capability where multiple scans are running simultaneously. That's why we want to move to the Enterprise Edition because it gives you a possibility of parallel analysis of reports, and that could speed up things.

    How are customer service and technical support?

    We're using the Community Edition, and I think support comes only with the paid version. But we had an initial conversation with them, and we got our answers clarified. I certainly look forward to getting in touch with somebody from SonarCloud because I hear that they are separate entities. SonarSource people don't talk about SonarCloud. We want a contact whom we can speak to regarding our security-related concerns, privacy-related concerns, and how we can secure our code in their environment.

    How was the initial setup?

    The initial setup on-premise may take a while because you have to procure all the servers and do the reconfiguration yourself. But I think they have provided their steps very elaborately, and that certainly helps. However, you need to make an effort to set it up. It doesn't come with an installer, and you have to download it, extract it, then configure it to run on your server automatically with every server system. If they could have provided us with an installer setup, it could have made it much easier.

    What's my experience with pricing, setup cost, and licensing?

    We're using the Community Edition, and we don't pay for anything.

    What other advice do I have?

    On a scale from one to ten, I would give SonarQube a nine.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Country Manager Senegal at a financial services firm with 10,001+ employees
    Real User
    Ensures a high quality of code, but would be improved with better support for security
    Pros and Cons
    • "SonarQube is good for checking and maintaining code quality."
    • "I would like to see more options for security, beyond the basics like SQL injection."

    What is our primary use case?

    We are working on a payment system, and we need it to be secure. We use this solution to analyze our code to ensure that it is clean, easy to understand and maintain, and secure.

    What is most valuable?

    SonarQube is good for checking and maintaining code quality.

    What needs improvement?

    It would be nice is SonarQube analyzed external libraries, in addition to our current code.

    I would like to see more options for security, beyond the basics like SQL injection.

    For how long have I used the solution?

    Five years.

    What do I think about the stability of the solution?

    The stability of this solution is quite good.

    What do I think about the scalability of the solution?

    I think that scalability is fine. We have a large number of users at my company.

    The majority of the users for this solution are architects, but some technical managers use it too.

    Which solution did I use previously and why did I switch?

    We use this solution in parallel with Checkmarx because both of them are good for different things. SonarQube is good for code quality, whereas Checkmarx is more for security.

    How was the initial setup?

    This initial setup of this solution is not basic, but it is not complex. If you have some experience in IT then you should be able to do it.

    We have this tool integrated with Jenkins.

    One or two days is enough for deployment. There is some configuration to do, which takes time, but it is not difficult to deploy.

    Three or four staff are enough for deployment and maintenance.

    What was our ROI?

    We have seen a return of investment, for sure. It is integrated with jobs on Jenkins and helps to provide stability. 

    Which other solutions did I evaluate?

    We did not evaluate other options before choosing this solution.

    What other advice do I have?

    This is a very nice product and I would recommend it. It is one of the best tools on the market to analyze your code.

    If more rules for security were added then we would not have to use Checkmarx or other tools. SonarQube is very nice, but just missing some security rules.

    I would rate this solution a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Infosec Consultant at Anzen Technologies
    Consultant
    Top 10
    Has a user-friendly UI and can be used for secure code review
    Pros and Cons
    • "The solution's user interface is very user-friendly."
    • "It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."

    What is our primary use case?

    We used SonarQube for secure code review.

    What is most valuable?

    The solution's user interface is very user-friendly. The solution also provides good efficiency.

    What needs improvement?

    It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts.

    For how long have I used the solution?


    What do I think about the stability of the solution?

    I rate the solution a seven out of ten for stability.

    What do I think about the scalability of the solution?

    I rate the solution a nine out of ten for scalability.

    How was the initial setup?

    On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup an eight out of ten.

    What about the implementation team?

    It takes around one hour to deploy SonarQube.

    What's my experience with pricing, setup cost, and licensing?

    SonarQube is a fairly affordable solution for a larger scale if you have a specific role or specific department for secure code. We didn't pay for SonarQube. We used a free version of the solution because we had a small amount of code.

    What other advice do I have?

    We used SonarQube for one project. To improve code quality, we do vulnerability assessment. We have an R&D department, and we collaborate with other teams to do any work related to secure code.

    SonarQube simplified our code review process. Since we are new to secure code review, we mostly use freely available or impactful applications. That's why our R&D team suggested using SonarQube.

    We use SonarQube to find vulnerabilities in the application code. The code is related to the application used by our client. We find vulnerabilities in their application, and we suggest solutions.

    We have experienced challenges related to the client-side code. Sometimes, the server faces downtime, and our R&D team knows how to resolve such errors. It is easy to maintain the solution.

    Overall, I rate the solution a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Program Manager at a computer software company with 1,001-5,000 employees
    Real User
    Stable, beneficial code review, and efficient
    Pros and Cons
    • "The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code."
    • "The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."

    What is our primary use case?

    We are using SonarQube for code reviews. 

    How has it helped my organization?

    Code quality improvement, Secure coding pracitices 

    What is most valuable?

    The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code.

    What needs improvement?

    NA

    For how long have I used the solution?

    I have been using SonarQube for approximately five years.

    What do I think about the stability of the solution?

    The solution is stable.

    How are customer service and support?

    I have not needed to use technical support.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have used some tools previously, such as Eclipse and Checkmarx. I used some tools directly linked with Eclipse, but SonarQube is much better. It has a better ability to link with Eclipse as well as the standalone features for a code review I have found the SonarQube most efficient.

    How was the initial setup?

    I deployed SonarQube on my laptop. I found it to be straightforward and easy. I wanted my technical team to do implement it but since they didn't have time I took the initiative and did it myself. I am not exactly from a technical background, and it was very easy for me.

    The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations.

    What about the implementation team?

    The solution does not require any maintenance.

    What other advice do I have?

    SonarQube fits my purpose. It doesn't cause any hassles for me.

    I rate SonarQube a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Digital Solutions Architect at a tech services company with 1,001-5,000 employees
    Real User
    Effective security scanning, uncomplicated installation , and reliable
    Pros and Cons
    • "The fact that the solution does security scanning is valuable."
    • "Having performance regression would be a helpful add on or ability to be able to do during the scan."

    What is our primary use case?

    We are a $4 billion valuation large company and we use the solution for status security, scanning, and code quality. I am currently in the process of building a pipeline for one of my customers and for that we are utilizing this solution for the static analysis.

    What is most valuable?

    The fact that the solution does security scanning is valuable. This is primarily why we use it. For code quality, we could utilize other tools, such as unit test coverage, which it gives you too, but having a more comprehensive tool is useful.

    What needs improvement?

    Having a tool that is comprehensive in nature is very useful because otherwise, we have to run through multiple tools in order to get the entire viewpoint of a particular set of code. For example, we use SonarQube in combination with Nexus, which is another product that gives us some other information. I guess when it comes to the gamut of things that we are looking for including static code quality, static testing, and dynamic testing of security. Having performance regression would be a helpful add on or ability to be able to do during the scan. 

    In an upcoming release, I would like to see the dynamic security testing feature available. I would like to point out that they could already offer this feature but I have not been that deep into the solution to know yet.

    For how long have I used the solution?

    I have been using the solution for approximately one year.

    What do I think about the stability of the solution?

    I have not run into any bugs or glitches. However, I have only been using it for a short time.

    What do I think about the scalability of the solution?

    The pipeline that I am currently building is being used by the platforms team, which is approximately three people. We use the solution as part of the automated code review process. As far as a larger perspective of who is actually benefiting from it, the development team is about 35 people.

    How are customer service and technical support?

    I have not needed to use technical support.

    How was the initial setup?

    The set up was very easy.

    What other advice do I have?

    I would recommend to those wanting to implement this solution to read the documentation, they are clear and easy to follow.

    I rate SonarQube a nine out of ten.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    Download our free SonarQube Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2024
    Buyer's Guide
    Download our free SonarQube Report and get advice and tips from experienced pros sharing their opinions.