SonarSource Software and Solutions
Team Lead at a computer software company with 10,001+ employees
Real UserTop 10
Aug 31, 2020
This is a very capable analysis tool for development projects but the free version has limitations
What is our primary use case?We are using the free version of the SonarQube product. Be warned if you choose this version because it is lacking some of the capabilities and support. It is for this reason that we are currently considering migrating to a commercial solution.
Pros and Cons
- "It is a very good tool for analysis despite its limitations."
- "There is a free version."
- "There are limitations to the free version that limit development options as far as languages."
What other advice do I have?Anyone considering SonarQube should initially start with a free trial and then start doing an evaluation. If you have a list of target requirements which you are looking for and you can accomplish these things with Sonar, then you can go ahead and use Sonar. If you are looking for something for diving more deeply into your application security, then you can possibly start with it and scale it or use some other complementary tools. If you want to see your reports, and how your development is performing, Sonar is the best tool, I think. On a scale from one to ten, where one is the worst and ten…
Check out these projects from our community members.
Sonarqube integration with bank Application
Sonarqube 4.0 integration with bank Application. The project was done mainly to give an overview to senior management… more »
Security-Focused and Cost-Effective Google Cloud Infrastructure
Inventify AG is a Swiss software startup, focusing on the development of Software-as-a-Service (SaaS) and cloud… more »
Jun 16 2021
Is SonarQube is the best tool for static analysis or there are any good tools which compete with SonarQube?
May 20 2021
I'm currently researching the following two application security tools: Coverity and SonarQube.
Can anyone point me out to main differences between these 2 products?
Thanks for your help!
May 19 2021
Please share with the community what you think needs improvement with SonarQube.
What are its weaknesses? What would you like to see changed in a future version?
Apr 29 2021
If you were talking to someone whose organization is considering SonarQube, what would you say?
How would you rate it and why? Any other tips or advice?
Apr 29 2021
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
Mar 02 2021
I currently work for a global product engineering and lifecycle services partner.
We are currently evaluating Checkmarx and SonarQube for our PoC. What are the biggest differences between the two? Which would you recommend?
Thanks! I appreciate the help.
I work in a large enterprise Healthcare Company.
We are thinking of buying SonarQube licensing (Developer edition) and need to understand some details of it. Is there anyone I can talk to?
I am looking for pros and cons for the Checkmarx vs SonarQube, in particular regarding:
- false positives
- tuning Sonarqube to reduce false positives without introducing false negatives.
I am also wondering if SonarQube could allow developers to delint their code before submitting it to SAST with either Checkmarx or Veracode.