We changed our name from IT Central Station: Here's why

SonarQube Pros

Manager at kellton
One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside.
View full review »
SR
Team Lead at a computer software company with 10,001+ employees
It is a very good tool for analysis despite its limitations.
There is a free version.
View full review »
PJ
Staff DevOps Specialist at a computer software company with 201-500 employees
My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it.
View full review »
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,148 professionals have used our research since 2012.
Information Technology Technical Architect at a insurance company with 51-200 employees
The product has a friendly UI that is easy to use and understand.
View full review »
AN
Project Manager at a manufacturing company with 1,001-5,000 employees
There's plenty of documentation available to users.
View full review »
Chief Solutions Officer at CleverIT B.V.
It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis.
View full review »
YB
Devops Engineer at a financial services firm with 10,001+ employees
The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues.
View full review »
PC
Engineer at a pharma/biotech company with 201-500 employees
The most valuable features are the segregation containment and the suspension of product services.
View full review »
Senior/Lead Software Engineer at a government with 51-200 employees
The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes.
View full review »
AJ
DevOps Lead at a marketing services firm with 1,001-5,000 employees
The reporting and the results are quick. It gets integrated within the pipeline well.
View full review »

SonarQube Cons

Manager at kellton
SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually.
View full review »
SR
Team Lead at a computer software company with 10,001+ employees
There are limitations to the free version that limit development options as far as languages.
View full review »
PJ
Staff DevOps Specialist at a computer software company with 201-500 employees
A little bit more emphasis on security and a bit more security scanning features would be nice.
View full review »
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,148 professionals have used our research since 2012.
Information Technology Technical Architect at a insurance company with 51-200 employees
The documentation is not clear and it needs to be updated.
View full review »
AN
Project Manager at a manufacturing company with 1,001-5,000 employees
There needs to be a shareable reporting piece or something we can click and generate easily.
View full review »
Chief Solutions Officer at CleverIT B.V.
In terms of what can be improved, the areas that need more attention in the solution are its architecture and development.
View full review »
YB
Devops Engineer at a financial services firm with 10,001+ employees
In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface.
View full review »
PC
Engineer at a pharma/biotech company with 201-500 employees
I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production.
View full review »
Senior/Lead Software Engineer at a government with 51-200 employees
There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products.
View full review »
AJ
DevOps Lead at a marketing services firm with 1,001-5,000 employees
The pricing could be reduced a bit. It's a little expensive.
View full review »
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,148 professionals have used our research since 2012.