How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
I work for a government agency and we use this tool. It is lightweight and very cost effective as compared to IBM AppScan, but I wouldn't say it's a very good tool for vulnerability assessment. The dashboard is neat and easy to operate and the information on the dashboard makes it easy for the developers to work on. You can have it automated and set up for you to have an automated process every time the code is checked in.
We use this SonarQube solution for code quality and as a basic security issues solution for our clients.
We are working on a payment system, and we need it to be secure. We use this solution to analyze our code to ensure that it is clean, easy to understand and maintain, and secure.
Our primary use for this solution is to improve code quality and reduce technical debt.
My primary use for this solution is to perform static code analysis.
We primarily use this solution for code quality purposes. We have a CICD environment, without a lot of manual steps.
We're collecting code quality metrics.
We use this solution in the development of our travel programs.
Our primary use is for coding best practice management and quality. Aside from that, we also use it for security. I'm getting involved in moving this solution forward and positioning it in our enterprise so I haven't gotten to the point where we're nailing down the configuration and release controls yet.
Our primary use case is to provide more coverage and reduce the reliance on code reviews alone. It also provides confidence and helps begin a path towards continuous improvement.
Our primary use case for this solution is security testing using the FindSecBugs plugin.
Primary use is code standards, or code quality. It's worked out okay. I find it is light on the security side though. We brought into our CI pipeline to see if we could help our developers fix issues and identify issues sooner.