Product Manager | Senior Software Developer at RedShift II - Solutions
Real User
Coding quality assurance tool that comes with good DevOps implementation
Pros and Cons
  • "This solution has the capability to analyze source code in almost all the languages in the market."
  • "This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."

What is our primary use case?

This solution has the capability to analyze source code in almost all the languages in the market.

What needs improvement?

This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced.

For how long have I used the solution?

I have used this solution for ten years. 

What do I think about the stability of the solution?

This is a stable solution. 

Buyer's Guide
SonarQube
November 2022
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,522 professionals have used our research since 2012.

What do I think about the scalability of the solution?

This is a scalable solution. We have been using it for all of our critical projects. 

What was our ROI?

I have never made the calculations to understand the real value of this solution but I know that the return of investment is very good. If not, we wouldn't have continued to use it for the past 10 years.

What's my experience with pricing, setup cost, and licensing?

As a user and a consumer of this solution, it can be pricey for my company to support and use, even though there are many benefits. For this reason, we use the free version. In the future, as our product cycles develop and evolve at a more steady pace, we hope to invest in the licensing for this tool. 

What other advice do I have?

This solution has evolved a lot in the last ten years. 

It comes with good DevOps implementation and security, which is a big problem today. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Product Manager at a financial services firm with 10,001+ employees
Real User
Less false positive scans, covers entire developer community, but support could improve

What is our primary use case?

SonarQube delivers a continuous inspection of code quality.

What is most valuable?

When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis.

For how long have I used the solution?

I have been using SonarQube for approximately two years.

What do I think about the stability of the solution?

The stability of SonarQube is good.

What do I think about the scalability of the solution?

I have found SonarQube to be scalable.

How are customer service and support?

SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers.

How was the initial setup?

SonarQube is very user-friendly and it works for all tech stacks. It should be easy for any kind of integrations that you need to build. Additionally, SonarQube comes with a lot of in-house APIs.

What other advice do I have?

I rate SonarQube a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
SonarQube
November 2022
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,522 professionals have used our research since 2012.
Security Engineer at a computer software company with 201-500 employees
Real User
Free, scalable, but documentation needs improvement

What is our primary use case?

I use this solution for our staging environment to review the security issues before going live or into production.

What needs improvement?

I have found this solution creates more noise than competitors. 

The documentation and reporting extract can improve because other solutions are far more advanced.

For how long have I used the solution?

I have been using this solution for approximately two years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable. However, we do not use it as a SaaS solution, we use it for our staging environment at a minimum scale. 

We have approximately 10 people using this solution in my organization.

Which solution did I use previously and why did I switch?

Previously I worked with Fortify and Veracode and I have found those tools provided much better because they are from a commercial solution.

What about the implementation team?

Our development team did the implementation of this solution.

What's my experience with pricing, setup cost, and licensing?

This solution is free.

What other advice do I have?

My advice to others is this solution is one of the best in the free market in the industry and it is a good one to use.

I rate SonarQube a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
RakeshPal - PeerSpot reviewer
Senior Manager at Digichorus Technologies
Real User
Top 20
Good code review and reporting of basic vulnerabilities in your applications
Pros and Cons
  • "SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
  • "It does not provide deeper scanning of vulnerabilities in an application, on a live session. This is something we are not happy about. Maybe the reason for that is we are running the community edition currently, but other editions may improve on that aspect."

What is our primary use case?

We are using it for scanning our web applications, some internal applications and using it for code reviews.

What is most valuable?

SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications. The code writing standard of SonarQube is good. It may be better in other editions but as we don't use those we're not able to find out with SonarQube. We are using the community, developer version for 14 days. If this version is successful we will go to the full version. We're using it on-premises.

What needs improvement?

It does not provide deeper scanning of vulnerabilities in an application, on a live session. This is something we are not happy about. Maybe the reason for that is we are running the community edition currently, but other editions may improve on that aspect.

For how long have I used the solution?

We have been using SonarQube for one year.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

SonarQube is scalable.

How was the initial setup?

SonarQube was easy to setup.

Which other solutions did I evaluate?

We considered using Fortify.

What other advice do I have?

I would rate SonarQube an eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Founder at a tech services company with 11-50 employees
Real User
Top 5Leaderboard
Works fine and provides good value for money

What is our primary use case?

We use it as a gatekeeper for our external developers to follow the rules. If they don't comply with the rules within the source code, they cannot commit. 

What is most valuable?

It is working fine. It provides good value for money.

What needs improvement?

One thing to improve would be the integration. There is a steep learning curve to get it integrated.

For how long have I used the solution?

I have been using this solution for maybe two years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is definitely scalable. Currently, we have six users.

How are customer service and technical support?

We didn't contact them.

Which solution did I use previously and why did I switch?

This was our first one.

How was the initial setup?

Its initial setup is okay. It is not too difficult. It probably took a couple of hours.

One developer is enough for its deployment.

What's my experience with pricing, setup cost, and licensing?

We pay €10 per month for this solution, which is good. It provides good value for money.

What other advice do I have?

I would recommend this solution to others. I would rate SonarQube a nine out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Project Manager, Senior Architect at a computer software company with 1,001-5,000 employees
Real User
Well featured, easily manageable, identifies production issues

What is our primary use case?

We decided to implement the solution to keep up to date with testing, security, and other issues with developments, such as bugs.

What is most valuable?

In regards to features, overall the product is good. It minimizes the difficulty or issues that we encountered during the production. We are using the open-sourced version and issues can easily be resolved.

For how long have I used the solution?

I have been using the solution for four to five years.

What do I think about the stability of the solution?

We are using everything that is open-source and this allows us when we have the regular day to day issues, our team works on them directly to identifying their causes and they resolve them quickly.

What about the implementation team?

We have our internal team that is very knowledgeable, experienced, and have extreme abilities that handle our needs.

What's my experience with pricing, setup cost, and licensing?

I think comparing the product to competitors it should be less expensive.

What other advice do I have?

I would recommend SonarQube. It is a good deal compared to all other tools on the market.  It certainly helped us, it is a good tool and should be definitely used.

I rate SonarQube a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Software Engineering Manager at a computer software company with 10,001+ employees
Real User
Top 10
A stable solution for analysis and security vulnerability checking
Pros and Cons
  • "It is a very good tool for analysis and security vulnerability checking."
  • "The scanning part could be improved in SonarQube. We have used Coverity for scanning, and we have the critical issues reported by Coverity. When we used SonarQube for scanning and looked at the results, it seems that some of them have incorrect input. This part can be improved for C and C++ languages."

What is our primary use case?

We use SonarQube to scan our security protection.

What is most valuable?

It is a very good tool for analysis and security vulnerability checking.

What needs improvement?

The scanning part could be improved in SonarQube. We have used Coverity for scanning, and we have the critical issues reported by Coverity. When we used SonarQube for scanning and looked at the results, it seems that some of them have incorrect input. This part can be improved for C and C++ languages.

For how long have I used the solution?

I have been using this solution for a couple of weeks.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

We haven't evaluated its scalability.

How are customer service and technical support?

I just use our internal IT to get support for SonarQube. That is enough for me.

Which solution did I use previously and why did I switch?

We were previously using Coverity. We used it for three years or so.

How was the initial setup?

We just use the Enterprise SonarQube instance provided by our company.

What other advice do I have?

I would recommend this solution. I would rate SonarQube an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Team Lead at CNSI
Real User
Reliable and secure solution used for qualitative coding, including the SonarLint plugin

What is our primary use case?

We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard.

What needs improvement?

We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed. We have also experienced duplications of rules within the system as well as code samples that are short of ten numbers. 

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

This is a scalable solution. 

How was the initial setup?

The initial setup was straightforward. 

What about the implementation team?

Most of the deployment was done by me. Once a certain level of complexity was involved, a team was used to validate and deploy those parts of the solution. 

What other advice do I have?

I would recommend SonarQube to other users as it is a good solution and the security issues we experienced are being fixed. 
I would rate this solution an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free SonarQube Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2022
Buyer's Guide
Download our free SonarQube Report and get advice and tips from experienced pros sharing their opinions.