IT Central Station is now PeerSpot: Here's why
Elham-Gharegozloo - PeerSpot reviewer
Senior System Analyst at a tech services company with 1,001-5,000 employees
Real User
Top 10
User-friendly, easy to access, and it has good training documentation
Pros and Cons
  • "The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
  • "Monitoring is a feature that can be improved in the next version."

What is our primary use case?

We are using this solution for analyzing sales, profit, and FI documents. We are using the HR section as well.

How has it helped my organization?

SonarQube simplified some of the processes and made others more complex.

What is most valuable?

The most valuable features are that it is user-friendly, easy to access, and they provide good training files. Ability to manage and customize reports. Sonar also models the relationship between packages and classes

What needs improvement?

It would be better if the users could have quick access to the features. Monitoring is a feature that can be improved in the next version.
Buyer's Guide
SonarQube
April 2022
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: April 2022.
598,634 professionals have used our research since 2012.

For how long have I used the solution?

I have been using SonarQube for three years.

What do I think about the stability of the solution?

This solution is stable. Stability is not an issue for us.

What do I think about the scalability of the solution?

It's scalable. Scaling is not a problem.

How are customer service and support?

Because of the sanctions in our country, we cannot contact technical support directly.

Which solution did I use previously and why did I switch?

How was the initial setup?

The initial setup was straightforward. It was a normal installation. It took approximately five days to deploy.

What's my experience with pricing, setup cost, and licensing?

It's a bit expensive for us. The currency rate of the dollar is a problem but it may be fine for other countries. This solution provides good features for users.

What other advice do I have?

Before implementing, they should have more knowledge about the performance, and the features. It will be helpful in learning the hardware also. If you have good resources for the performance, you won't worry about it. It will also be dependent on your information, and how much knowledge you have. I would rate SonarQube an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Anuja S - PeerSpot reviewer
Program Manager at a computer software company with 1,001-5,000 employees
Real User
Stable, beneficial code review, and efficient
Pros and Cons
  • "The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code."
  • "The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."

What is our primary use case?

We are using SonarQube for code reviews. 

How has it helped my organization?

Code quality improvement, Secure coding pracitices 

What is most valuable?

The most valuable feature of SonarQube I have found to be the configuration that has allowed us to can make adjusts to the demands of the code review. It gives a specified classification regarding the skill, prioritization, and it is easy for me to review and make my code.

What needs improvement?

NA

For how long have I used the solution?

I have been using SonarQube for approximately five years.

What do I think about the stability of the solution?

The solution is stable.

How are customer service and support?

I have not needed to use technical support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used some tools previously, such as Eclipse and Checkmarx. I used some tools directly linked with Eclipse, but SonarQube is much better. It has a better ability to link with Eclipse as well as the standalone features for a code review I have found the SonarQube most efficient.

How was the initial setup?

I deployed SonarQube on my laptop. I found it to be straightforward and easy. I wanted my technical team to do implement it but since they didn't have time I took the initiative and did it myself. I am not exactly from a technical background, and it was very easy for me.

The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations.

What about the implementation team?

The solution does not require any maintenance.

What other advice do I have?

SonarQube fits my purpose. It doesn't cause any hassles for me.

I rate SonarQube a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
SonarQube
April 2022
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: April 2022.
598,634 professionals have used our research since 2012.
Senior Technical Architect at a tech services company with 501-1,000 employees
Real User
Top 20
Effective vulnerability scanning, good support, and simple setup

What is our primary use case?

We are using SonarQube for scanning our services for issues as part of our IT department.

What is most valuable?

SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues. 

What needs improvement?

SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this.

For how long have I used the solution?

I have been using SonarQube for approximately three years.

What do I think about the stability of the solution?

SonarQube is a stable solution.

What do I think about the scalability of the solution?

I have found SonarQube to be stable. However, we have not tested it with more than one million lines of code.

We have a server that SonarQube is running on and we have approximately 50 people using it.

How are customer service and support?

We have used technical support in the past but not recently.

I would rate the support from SonarQube a four out of five.

Which solution did I use previously and why did I switch?

I have used Veracode previously.

How was the initial setup?

The initial setup is straightforward for SonarQube.

What about the implementation team?

We did the implementation in-house.

The DevOps team handles the maintenance of SonarQube.

What's my experience with pricing, setup cost, and licensing?

We are using the Developer Edition and the cost is based on the amount of code that is being processed.

What other advice do I have?

If SonarQube meets the needs of your use case then I use it.

I rate SonarQube an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
System Quality Assurance Manager at AIS - Advanced Info Services Plc.
Real User
Top 5Leaderboard
Easy to use, stable, and installation straightforward
Pros and Cons
  • "SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems."
  • "The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."

What is our primary use case?

We use SonarQube to scan SAS code for quality control in mostly mobile applications, such as iOS and Android applications.

What is most valuable?

SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems.

What needs improvement?

The solution could improve the management reports by making them easier to understand for the technical team that needs to review them.

For how long have I used the solution?

I have been using the free version of SonarQube for approximately one year and then I purchased a subscription that I have been using for the last three years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution has scaled well for our needs. We have two million lines of code and we have not had a problem.

We work for a large enterprise that has approximately 1,000 IT employees.

How are customer service and technical support?

There is a lot of information for SonarQube online in the community forums. I only used technical support when I needed to renew my license.

How was the initial setup?

The installation is not difficult.

What's my experience with pricing, setup cost, and licensing?

The solution has a free version and a license version. The license is priced reasonably, the cost of hiring one programmer is more expensive than the solution.

The licensing process could be improved. We need to contact purchasing to receive the key for the license but the process should be automatic, similar to a SAS purchase.

Which other solutions did I evaluate?

I have evaluated Fortify Application Defender.

What other advice do I have?

I rate SonarQube a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Daniel Antonio Jimenez Quintana - PeerSpot reviewer
IT Systems Architect at Banco Ripley
Real User
Top 5Leaderboard
Open-source, secure static testing, but cannot be used for dynamic testing
Pros and Cons
  • "It provides the security that is required from a solution for financial businesses."
  • "We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."

What is our primary use case?

We use SonarQube for testing and quality assurance. We use this in banks for testing.

We also use SonarQube for security static testing.

What is most valuable?

It provides the security that is required from a solution for financial businesses.

What needs improvement?

SonarQube is used for static testing, not for dynamic. We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing.

I would like to see software included that can be used with Waterfall projects.

Which solution did I use previously and why did I switch?

We try to primarily use open-source solutions. The organization tries not to spend money for the moment. Many clients do not want to pay for solutions during this time, especially in the case of products that are expensive.

What's my experience with pricing, setup cost, and licensing?

We have partnered with B2B American to help with the purchasing of the license.

We have just been approved to purchase SonarQube Developer Edition.

We have a license with 125,000 lines of code. We did not purchase a lot of lines but it is specific to our code environment.

It's an open-source solution.

Which other solutions did I evaluate?

We are currently evaluating other solutions that are open-source. The company is trying to reduce the amount of money spent on solutions.

We are looking for the newest technologies but the biggest stopper for us is money.

What other advice do I have?

For the units of architecture, we have tried to find the newest technology that would benefit the manifest of their orientation.

It has been very difficult. Last year many projects stopped.

I would rate SonarQube a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Lead Security Architect at a comms service provider with 1,001-5,000 employees
Real User
Top 5Leaderboard
Code quality assurance solution that supports many coding languages
Pros and Cons
  • "This solution has helped with the integration and building of our CICD pipeline."
  • "For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."

What is our primary use case?

We use this solution to configure our pipeline using Jenkins. From an integration perspective, it encompasses many languages and this is very useful.

How has it helped my organization?

This solution has helped with the integration and building of our CICD pipeline. Without any scans or assessments, the pipeline and build are not complete. One of the good features of SonarQube is the many languages it supports including Java, dotNET, Typescript and HTML CSS. It also allows us to set custom quality gates and rules.

What needs improvement?

This solution could be offered on Docker and the cloud. The support for this solution could be improved and the customization rules could also be made simpler. 

For how long have I used the solution?

I have used this solution for three years. 

What do I think about the stability of the solution?

This is a stable solution. 

What do I think about the scalability of the solution?

This solution could be scalable, specifically from a reporting perspective. 

How are customer service and support?

I would rate the customer support for this solution a seven out of ten. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have previously used Checkmarx, Blackbelt and WhiteSource.

What was our ROI?

We have experienced a good return on investment using this solution. 

What other advice do I have?

This is a good solution if you are looking for good coverage, quality, and vulnerabilities to be highlighted. That being said, there are better solutions in the market when it comes to SAST scanning.

I would rate this solution an eight out of ten. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
TUDOR CALINESCU - PeerSpot reviewer
Security Project Leader at a computer software company with 501-1,000 employees
Real User
Top 20
Plenty of features, but needs multiple other products to function well
Pros and Cons
  • "I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
  • "We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved."

What is our primary use case?

SonarQube can be used to analyze application code. We are testing SonarQube with some of our other products. We use the Sonar Link plugin with Teamscale, which is then applied to the main product we are using.

What is most valuable?

I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla.

What needs improvement?

We have to combine several products in order to cover as many flaws that might exist in the code. We have to integrate several products to set the security functionality of the product. SonarQube should have better functionality to cover all areas of security limiting our need for other products.

We have tens of millions of code to be analyzed and processed. There can be some performance degradation if we are applying Sonar Link to large code or code that is complex. When the code had to be analyzed is when we ran into the main issues. There were several routines involved to solve those performance issues but this process should be improved.

For how long have I used the solution?

I have been using this solution for approximately three years.

What do I think about the stability of the solution?

There can be some stability issues.

Which solution did I use previously and why did I switch?

I have used Veracode.

Which other solutions did I evaluate?

I have evaluated many other solutions similar to SonarQube.

What other advice do I have?

I rate SonarQube a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of IT Security Department at a tech services company with 501-1,000 employees
Real User
Top 20
Simple implementation, effective scanning, and tracking

What is our primary use case?

We are using SonarQube for static analyzing and finding vulnerabilities in our code.

What is most valuable?

Easy installation. Very accurate finding of vulnerabilities and a minimum of false positives.

What needs improvement?

SonarQube could improve by adding automatic creation of tasks after scanning and more supported languages.

For how long have I used the solution?

I have been using SonarQube for approximately two years.

What do I think about the stability of the solution?

SonarQube is a highly stable solution.

What do I think about the scalability of the solution?

I have found SonarQube to be scalable.

We have 20 to 25 specialists using SonarQube in my organization.

We have plans to increase the usage of the solution.

How are customer service and support?

We search Google for solutions to any problems we may face.

How was the initial setup?

The solution is easy to implement in our process of continuous integration, continuous delivery, and continuous deployment(CI/CD). 

What about the implementation team?

We did the implementation of the solution ourselves.

We have assigned each project one DevOps, and each DevOps is deploying SonarQube in their project and we have in total about 20 projects.

What's my experience with pricing, setup cost, and licensing?

The free version of SonarQube does everything that we need it to.

Licenses of this solution can be purchased annually. We plan to buy the maximum license enterprise edition of the solution.

What other advice do I have?

I highly recommend this solution to others.

I rate SonarQube a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free SonarQube Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2022
Buyer's Guide
Download our free SonarQube Report and get advice and tips from experienced pros sharing their opinions.