We use SonarQube to check for vulnerabilities and quality.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
We use SonarQube to check for vulnerabilities and quality.
The solution has helped us to find flaws in the Syntax and comply with requirements.
I have found the most valuable features to be scanning for bugs or fixing the hotspot. These features have helped to improve the code quality.
I think the code security can be improved. Code security should comply with the standard security list.
I would like to see the feature of Compliance Reporting added to the solution.
I have been using this solution for two years.
I would rate the stability a ten out of ten.
About ten people in my company are using this solution. On average, we use this solution once in a week.
We chose SonarQube due to its free community edition. After a while, when we will need more features, we will probably purchase the solution next year.
I would rate the initial setup a ten out of ten. The solution is easy to install and use. It took us only a day to deploy SonarQube. We downloaded the solution and followed the setup process. We simply integrated this solution with Azure DevOps. The maintenance of this solution is handled by one person from the database team.
We implemented the solution through an in-house application developer.
This solution is simple to use and can be quickly deployed. I would rate the solution an eight out of ten.
We used SonarQube during the development period and AppScan after the system was deployed on the production site.
SonarQube is integrated with the CI/CD infrastructure. It automatically scans for code, detects vulnerabilities, and generates daily reports. SonarQube's integration with the CI/CD infrastructure helps us reduce the effort to scan the code manually.
After scanning our code and generating a report, it would be helpful if SonarQube could also generate a solution to fix vulnerabilities in the report.
I have been using SonarQube for six to seven years.
We haven’t faced any issues with the solution’s performance or stability.
We don't have a support license for SonarQube. We currently use the open-source community, which provides us with much support from communities worldwide.
The solution's initial setup is very easy. We have a team that handles the maintenance of SonarQube in the CI/CD environment.
The solution's deployment takes about two weeks. We have a new software development project, and integrating it into the CI/CD system took about half a working day.
We use the solution free of cost. SonarQube is a cost-efficient solution.
I would recommend the solution to other users.
Overall, I rate the solution ten out of ten.