SonarQube Pros

SG
Lead Engineer at a healthcare company with 10,001+ employees
I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are.
View full review »
RR
Manager at kellton
One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code. Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside.
View full review »
PJ
Staff DevOps Specialist at a computer software company with 201-500 employees
My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it.
View full review »
Buyer's Guide
SonarQube
May 2023
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
708,461 professionals have used our research since 2012.
AN
Project Manager at a manufacturing company with 1,001-5,000 employees
There's plenty of documentation available to users.
View full review »
AS
Information Technology Security at a consultancy with 10,001+ employees
The initial setup is simple. It requires some security, but it's simple.
View full review »
reviewer1812603 - PeerSpot reviewer
User
We consider it a handy tool that helps to resolve our issues immediately.
View full review »
Denis Walrave - PeerSpot reviewer
Project Leader / Technical Expert at La francaise des jeux
Using SonarQube benefits us because we are able to avoid the inclusion of malware in our applications.
View full review »
MarkRyall - PeerSpot reviewer
Strategist Individual Contributor at Peraton
The most valuable feature of this solution is that it is free.
View full review »
Rakesh Thakur - PeerSpot reviewer
Technical Architect at a insurance company with 1,001-5,000 employees
I like that it helps us maintain our work quality and code security.
View full review »
PP
Head Innovation Hub at a tech services company with 201-500 employees
It assists during the development with SonarLint and helps the developer to change his approach or rather improve his coding pattern or style. That's one advantage I've seen. Another advantage is that we can customize the rules.
View full review »

SonarQube Cons

SG
Lead Engineer at a healthcare company with 10,001+ employees
The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple.
View full review »
RR
Manager at kellton
SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually.
View full review »
PJ
Staff DevOps Specialist at a computer software company with 201-500 employees
A little bit more emphasis on security and a bit more security scanning features would be nice.
View full review »
Buyer's Guide
SonarQube
May 2023
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
708,461 professionals have used our research since 2012.
AN
Project Manager at a manufacturing company with 1,001-5,000 employees
There needs to be a shareable reporting piece or something we can click and generate easily.
View full review »
AS
Information Technology Security at a consultancy with 10,001+ employees
We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer.
View full review »
reviewer1812603 - PeerSpot reviewer
User
It should be user-friendly.
View full review »
Denis Walrave - PeerSpot reviewer
Project Leader / Technical Expert at La francaise des jeux
The handling of the contents of Docker container images could be better.
View full review »
MarkRyall - PeerSpot reviewer
Strategist Individual Contributor at Peraton
There could be better integration with other products.
View full review »
Rakesh Thakur - PeerSpot reviewer
Technical Architect at a insurance company with 1,001-5,000 employees
Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer.
View full review »
PP
Head Innovation Hub at a tech services company with 201-500 employees
Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version.
View full review »
Buyer's Guide
SonarQube
May 2023
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
708,461 professionals have used our research since 2012.