SonarSource Reviews

SR
Team Lead at a computer software company with 10,001+ employees
Real User
Top 10
This is a very capable analysis tool for development projects but the free version has limitations

What is our primary use case?

We are using the free version of the SonarQube product. Be warned if you choose this version because it is lacking some of the capabilities and support. It is for this reason that we are currently considering migrating to a commercial solution.

Pros and Cons

  • "It is a very good tool for analysis despite its limitations."
  • "There is a free version."
  • "There are limitations to the free version that limit development options as far as languages."

What other advice do I have?

Anyone considering SonarQube should initially start with a free trial and then start doing an evaluation. If you have a list of target requirements which you are looking for and you can accomplish these things with Sonar, then you can go ahead and use Sonar. If you are looking for something for diving more deeply into your application security, then you can possibly start with it and scale it or use some other complementary tools. If you want to see your reports, and how your development is performing, Sonar is the best tool, I think. On a scale from one to ten, where one is the worst and ten…

SonarSource Projects

Check out these projects from our community members.
Sonarqube integration with bank Application
Sonarqube 4.0 integration with bank Application. The project was done mainly to give an overview to senior management… more »
Security-Focused and Cost-Effective Google Cloud Infrastructure
Inventify AG is a Swiss software startup, focusing on the development of Software-as-a-Service (SaaS) and cloud… more »

SonarSource Questions

Manoj Kumar Kemisetty
Sap Advanced Business Application Programming Consultant at Accenture
Jun 16 2021

Is SonarQube is the best tool for static analysis or there are any good tools which compete with SonarQube?

Purushothaman KStatic tool we can use Fortify or IBM Appscan. SonarQube widely used for… more »
Peter ArvedlundI am not very familiar with SonarQube and their solutions, so I can not answer… more »
Steven KlusenerPlease have a look at the TICS framework, offered by www.tiobe.com, it is… more »
Kit Ted
User at h
May 20 2021

I'm currently researching the following two application security tools: Coverity and SonarQube.

Can anyone point me out to main differences between these 2 products?

Thanks for your help!

Julia Frohwein
Content and Social Media Manager
IT Central Station
May 19 2021

Please share with the community what you think needs improvement with SonarQube.

What are its weaknesses? What would you like to see changed in a future version?

reviewer1503354Normally, SonarQube gives a quick response for scanning and is easier for… more »
Julia Frohwein
Content and Social Media Manager
IT Central Station
Apr 29 2021

If you were talking to someone whose organization is considering SonarQube, what would you say?

How would you rate it and why? Any other tips or advice?

Julia Frohwein
Content and Social Media Manager
IT Central Station
Apr 29 2021

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Julia Frohwein
Content and Social Media Manager
IT Central Station
Apr 29 2021

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Miriam Tover
Content Specialist
IT Central Station
Apr 29 2021

Hi Everyone,

What do you like most about SonarQube?

Thanks for sharing your thoughts with the community!

Malla Reddy Bakka
User at a tech services company with 10,001+ employees
Mar 02 2021

I currently work for a global product engineering and lifecycle services partner. 

We are currently evaluating Checkmarx and SonarQube for our PoC. What are the biggest differences between the two? Which would you recommend?

Thanks! I appreciate the help.

Elina PetrovnaSonarQube historically was focused on Code Quality and Best Practices. Recently… more »
ManojKumar9The major difference I have seen between Checkmarx and SonarQube is… more »
Curtis YankoI’ve always viewed sonarqube as a code quality tool that compliments many code… more »
AshokPandey
User at Becton, Dickinson and Company

I work in a large enterprise Healthcare Company. 

We are thinking of buying SonarQube licensing (Developer edition) and need to understand some details of it. Is there anyone I can talk to? 

Daniel HallHi, we still use the community edition and not yet matured to the point where… more »
Donovan GreeffSonarQube is an open source tool. The use of the developer edition leads me to… more »
Russell Rothstein@Steven Gomez @Phil Denomme  @Jeff Ingalls @Donovan Greeff  @Kiran Gujju @Daniel… more »
William Hayes
User at Securities America

I am looking for pros and cons for the Checkmarx vs SonarQube, in particular regarding:

  • false positives
  • tuning Sonarqube to reduce false positives without introducing false negatives. 

I am also wondering if SonarQube could allow developers to delint their code before submitting it to SAST with either Checkmarx or Veracode. 

Donovan GreeffMy opinions are my own and do not represent any other entities that I may be or… more »
Durga GudimetlaSonarQube can be used for SAST. However, based on our internal analysis, our… more »
Swapna RagiSonarQube depends on completely what you configure the Rules. You will have the… more »