- Languages Support - over 20 programming languages
- Pre-commit check directly into Eclipse
- Issues Report into PreviewMode
- Custom coding rules
- Unit tests
- Duplication and code duplication check
- Custom-defined checks
Software Developer at a tech services company with 501-1,000 employees
It supports over 20 programming languages and allows me to create custom coding rules.
What is most valuable?
How has it helped my organization?
I have fallen in love with SonarQube when I could've easily built custom rules checks. However, doing that manually checking takes tons of time.
What needs improvement?
- Explicit checks for issues
- Severity tab tweaks
- Optimization into the Settings, such as adding new features/customization
For how long have I used the solution?
I've used it for almost two years, starting with v4.3.3.
Buyer's Guide
SonarQube
March 2024
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,886 professionals have used our research since 2012.
What was my experience with deployment of the solution?
Predefined rules/overriding rules caused some issues.
How are customer service and support?
6.5/10.
Which solution did I use previously and why did I switch?
- Squale
- Panopticode
- CodePro AnalytiX
How was the initial setup?
It was straightforward to install and setup, but complex to adapt to and learn.
What about the implementation team?
We used a vendor team.
Which other solutions did I evaluate?
I did not evaluated other options.
What other advice do I have?
I would advise you to think a lot before acting.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Architect and Software Engineer at a tech services company
Provides holistic overview of all quality issues in a project and enables easy drill down into particular problems
Pros and Cons
- "With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
What is most valuable?
SonarQube is not valuable because of the information it gives it. We can gather that same information from several other tools as well. It is the way the information is presented that makes it so powerful. It provides a holistic picture of all quality issues in a software project. With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas.
How has it helped my organization?
Individual developers are more concerned about the quality of their work when they see their results in the big picture.
For how long have I used the solution?
About a year, in different projects, including the current one.
What do I think about the stability of the solution?
No.
What do I think about the scalability of the solution?
No.
How are customer service and technical support?
Not used.
Which solution did I use previously and why did I switch?
We used the same tests, but with every developer running them individually. Now management can also get a picture of the quality assurance.
How was the initial setup?
Very simple.
What's my experience with pricing, setup cost, and licensing?
Price is high and only worth it if your organization has hundreds of developers.
Which other solutions did I evaluate?
No.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
SonarQube
March 2024
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,886 professionals have used our research since 2012.
Software Engineer at Adfolks
Good code scanning and quality gate features, but the reporting could be improved
Pros and Cons
- "The most valuable features are code scanning and Quality Gates."
- "The reporting can be improved."
What is our primary use case?
I was using SonarQube to scan my code for vulnerabilities as part of the DevOps process.
What is most valuable?
The most valuable features are code scanning and Quality Gates.
What needs improvement?
The reporting can be improved. In particular, the portability report can be better.
I would like to see better integration with the various DevOps tools.
For how long have I used the solution?
I was using SonarQube for between six and ten months.
What do I think about the stability of the solution?
The stability is good.
How are customer service and technical support?
The community support is great. I have not had reason to contact the technical support team from the vendor.
How was the initial setup?
The initial setup is straightforward. I would not say that it is complex and it can be deployed in less than 10 minutes.
What's my experience with pricing, setup cost, and licensing?
I was using the Community Edition, which is available free of charge.
Which other solutions did I evaluate?
I evaluated other products including Veracode and I felt that SonarQube was the best product.
What other advice do I have?
I would rate this solution a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Architect Information Security & Privacy at a tech services company with 501-1,000 employees
Protection That Detects Bugs and Provides Code Security
Pros and Cons
- "I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
What needs improvement?
I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality.
What do I think about the stability of the solution?
The stability is good.
What do I think about the scalability of the solution?
The scalability of SonarQube is good. The number of people required for deployment and maintenance depends on our requirements for different client projects.
What's my experience with pricing, setup cost, and licensing?
We purchased the solution; it's not on a monthly or annual contract.
What other advice do I have?
On a scale from one to ten with ten being the best, I would rate this product around an 8. If SonarQube makes some improvements with the security features, I would also probably use the product much more.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free SonarQube Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2024
Product Categories
Application Security Tools Application Security Testing (AST) Software Development AnalyticsPopular Comparisons
Veracode
Checkmarx One
GitLab
Tricentis Tosca
Coverity
OWASP Zap
OpenText UFT One
Fortify on Demand
Mend.io
Sonatype Lifecycle
PortSwigger Burp Suite Professional
SonarCloud
Acunetix
Sauce Labs
Buyer's Guide
Download our free SonarQube Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Is SonarQube the best tool for static analysis?
- Which gives you more for your money - SonarQube or Veracode?
- What Is The Biggest Difference Between Fortify on Demand And SonarQube?
- What is the biggest difference between Checkmarx and SonarQube?
- Checkmarx vs SonarQube; SonarQube interoperability with Checkmarx or Veracode
- How does SonarQube instance relate to the license?
- Which software is ideal for code quality and security?
- What is the difference between Coverity and SonarQube?
- What is the biggest difference between Coverity and SonarQube?
- How would you decide between Coverity and Sonarqube?