We just raised a $30M Series A: Read our story
2018-07-30T09:01:00Z

What is your primary use case for SonarQube?

8

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

ITCS user
Guest
4444 Answers

author avatar
Top 5LeaderboardReal User

SonarQube is used for in-production scanning of applications. We are only doing unit testing to improve the overall quality of the code.

2021-09-08T22:55:59Z
author avatar
Top 5LeaderboardReal User

We use SonarQube to scan SAS code for quality control in mostly mobile applications, such as iOS and Android applications.

2021-09-07T14:07:28Z
author avatar
Top 5LeaderboardReal User

We use it as a gatekeeper for our external developers to follow the rules. If they don't comply with the rules within the source code, they cannot commit.

2021-08-10T12:55:11Z
author avatar
Top 20Real User

I'm a software development engineer and we are customers of SonarQube.

2021-08-04T16:48:03Z
author avatar
Top 10Real User

SonarQube can be used to analyze application code. We are testing SonarQube with some of our other products. We use the Sonar Link plugin with Teamscale, which is then applied to the main product we are using.

2021-08-03T13:53:03Z
author avatar
Top 20Real User

We are using SonarQube for many different reasons, but I was interested more in the security metrics based on the new updates for more particular rules.

2021-06-29T00:34:24Z
author avatar
Top 20Real User

I use this solution for our staging environment to review the security issues before going live or into production.

2021-06-08T14:11:31Z
author avatar
Top 20Real User

We generally use the solution in order to do static code analysis.

2021-04-29T13:02:30Z
author avatar
Top 20Real User

We are a $4 billion valuation large company and we use the solution for status security, scanning, and code quality. I am currently in the process of building a pipeline for one of my customers and for that we are utilizing this solution for the static analysis.

2021-04-05T15:27:37Z
author avatar
Top 10Real User

We are using the solution for code quality and security.

2021-03-31T04:33:12Z
author avatar
Top 10Real User

We use it for the static analysis of the source code to find issues or vulnerabilities.

2021-02-26T22:22:56Z
author avatar
Top 10Real User

We use SonarQube to scan our security protection.

2021-02-10T14:34:34Z
author avatar
Top 10Real User

We use SonarQube for testing and quality assurance. We use this in banks for testing. We also use SonarQube for security static testing.

2021-02-02T10:26:08Z
author avatar
Top 5LeaderboardReal User

There are two versions: a free, open-source community version, and a subscription-based version.We use the community version, not the enterprise version. We are a very small organization. In total, there are four of us who use this solution. We will keep using SonarQube, with some additions, in the future. Firstly, we use SonarQube to evaluate code for M&A projects. Secondly, we use it to detect vulnerabilities while performing security audits. Our third use case is the detection of violation of programming practices towards code refactoring and code maintenance.

2021-01-08T15:43:25Z
author avatar
Top 20Real User

We use SonarQube to help with our software development and testing. At the moment, we're mainly using it for static analysis and code inspection. We have an on-premises server and we connect to it from there. Our main use case is testing software for security weaknesses, but we also use it to help eliminate code smells and to make sure our code is compliant with established coding standards.

2021-01-06T10:11:58Z
author avatar
Top 10Reseller

I am now working in a consultancy company and I work with different clients in different industries. For this reason I implement, for example, a delivery pipeline with the process whereby we need to validate the quality gate of the quality code. Meaning, the developer creates the unit testing and the code coverage, but grants the code coverage for a specific person. In other cases, we used to see what the technical depth was to see if if there are any bugs in the applications - the web application, mobile application and different languages, like, C-Sharp, JavaScript or Java, et cetera. We deploy SonarQube on-premise on a Linux server and our pipelines were created with GitLab and Azure DevOps. Meaning that Azure DevOps and GitLab are the tools that do the build and release process. We use Microsoft Azure and Google Cloud Platform a little.

2021-01-06T06:31:00Z
author avatar
Top 20Real User

We decided to implement the solution to keep up to date with testing, security, and other issues with developments, such as bugs.

2020-12-24T15:03:00Z
author avatar
Top 10Real User

We usually do the development in Java, and when we finish the development, we usually run the SonarQube tests and review the critical level, bugs, and security issues. We also review the license and the web issues and try to solve them, and then pass again through SonarQube. We usually deploy it in the cloud, but sometimes we also have on-premises solutions.

2020-12-09T00:59:35Z
author avatar
Top 5LeaderboardReal User

We are using this solution for analyzing sales, profit, and FI documents. We are using the HR section as well.

2020-12-07T17:49:08Z
author avatar
Top 10Real User

We are using it for scanning our web applications, some internal applications and using it for code reviews.

2020-11-27T22:37:00Z
author avatar
Top 20Real User

I have used SonarQube for static code analysis. I am using it to assess my internal applications.

2020-10-28T21:08:07Z
author avatar
Top 5LeaderboardReal User

I'm a user also, but I'm also responsible for information security. I am the principal of security in the office. I'm the one that actually advises people about enhancing or incorporating information security aspects. Right now, we are using a community version. We have yet to subscribe for the enterprise license because we need more disciplined developers first. Within our organization, there are roughly 14 people using this solution. We use it to find the scoop, or the use, for peer review for the developers. It will require more time, to get used to it and to get trained. My team is very small and I am part of the development team — I'm in the security team but I'm also part of the development team. I am helping to build this along with the team.

2020-10-27T06:39:00Z
author avatar
Top 5LeaderboardReal User

SonarQube can be used for any missing components or component vulnerabilities.

2020-09-06T08:04:35Z
author avatar
Top 10Consultant

We use this solution for auditing our system.

2020-09-03T07:49:00Z
author avatar
Top 5LeaderboardReal User

We are a security organization, and we deploy security solutions and applications related to network for our clients. We mostly focus on open source products because clients don't like to have proprietary products because of the available budget for their different projects. We try to find the possible solution, and then we deploy the solution for them. Deployments are done on the AWS cloud as well as on-premises. I came to know that there is a SonarQube solution that is used for clean and secure coding purposes and bug fixes in a large DevOps team. That's why I have deployed SonarQube. Currently, I'm testing SonarQube to demonstrate to my higher department what this tool can do. We are testing this solution for one of our clients, who may use it for two or three use cases during static code analysis and the software development life cycle.

2020-09-01T05:25:12Z
author avatar
Top 20Real User

We are using the free version of the SonarQube product. Be warned if you choose this version because it is lacking some of the capabilities and support. It is for this reason that we are currently considering migrating to a commercial solution.

2020-08-30T08:33:32Z
author avatar
Top 20MSP

Our software developers use SonarQube to catch any issues that can be found by using static code analysis. My understanding is that it checks the core complexity by evaluating the coding rules to make sure of things such as the correct classes are private.

2020-08-20T07:50:18Z
author avatar
Top 20Real User

The primary use case of this solution is for static code analysis, and benchmarking our code standards according to our preferences. Our builds process through SonarQube and if it passes the required set of requirements we have set, it will then go through to production.

2020-07-28T06:50:14Z
author avatar
Top 20Real User

We use it to check the code quality, and the code review to find out the vulnerabilities about the central codes like simplifications and codes. We also use it for security management.

2020-07-15T07:11:00Z
author avatar
Top 10Real User

I was using SonarQube to scan my code for vulnerabilities as part of the DevOps process.

2020-07-14T08:15:51Z
author avatar
Top 5Real User

Our primary use case is to analyze source code for software bugs, technical debt, vulnerabilities, and test coverage. It provides an automated gated procedure to ensure that engineers are able to deliver great, secure code to production. We plug this process into our process right from the start enabling the IDE integrations so that engineers can scan their code before submission. Following on from that we run the scans on every change that has been submitted for review. This way we ensure that no core/fundamental issues are added to our codebases.

2020-07-06T14:59:00Z
author avatar
Top 10Real User

We use SonarQube for determining code coverage, finding bugs, and searching for security-related issues in our development environment.

2020-06-25T10:49:25Z
author avatar
Real User

I work for a government agency and we use this tool. It is lightweight and very cost effective as compared to IBM AppScan, but I wouldn't say it's a very good tool for vulnerability assessment. The dashboard is neat and easy to operate and the information on the dashboard makes it easy for the developers to work on. You can have it automated and set up for you to have an automated process every time the code is checked in.

2019-06-16T07:23:00Z
author avatar
Real User

We use this SonarQube solution for code quality and as a basic security issues solution for our clients.

2019-06-11T11:10:00Z
author avatar
Real User

We are working on a payment system, and we need it to be secure. We use this solution to analyze our code to ensure that it is clean, easy to understand and maintain, and secure.

2019-05-30T08:12:00Z
author avatar
Real User

Our primary use for this solution is to improve code quality and reduce technical debt.

2019-05-28T07:45:00Z
author avatar
Real User

My primary use for this solution is to perform static code analysis.

2019-05-23T06:09:00Z
author avatar
Real User

We primarily use this solution for code quality purposes. We have a CICD environment, without a lot of manual steps.

2019-05-22T07:18:00Z
author avatar
Real User

We're collecting code quality metrics.

2019-05-20T07:59:00Z
author avatar
Real User

We use this solution in the development of our travel programs.

2019-05-16T07:47:00Z
author avatar
Real User

Our primary use is for coding best practice management and quality. Aside from that, we also use it for security. I'm getting involved in moving this solution forward and positioning it in our enterprise so I haven't gotten to the point where we're nailing down the configuration and release controls yet.

2019-05-15T05:16:00Z
author avatar
Real User

Our primary use case is to provide more coverage and reduce the reliance on code reviews alone. It also provides confidence and helps begin a path towards continuous improvement.

2019-05-06T17:08:00Z
author avatar
Real User

Our primary use case for this solution is security testing using the FindSecBugs plugin.

2019-05-06T09:44:00Z
author avatar
Real User

Primary use is code standards, or code quality. It's worked out okay. I find it is light on the security side though. We brought into our CI pipeline to see if we could help our developers fix issues and identify issues sooner.

2018-07-30T09:01:00Z
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
540,884 professionals have used our research since 2012.