IT Central Station is now PeerSpot: Here's why
Security Information Manager at a tech services company with 10,001+ employees
Real User
Top 5
Reliable with a nice web interface but needs better reporting

What is most valuable?

We find it very similar to Fortify and has the same advantages.  The web interface is very good.  We have found the solution to be stable.  The solution offers a very good community edition.

What needs improvement?

There isn't a very good enterprise report. They also do not have an application report. We'd like for them to work on this aspect.

For how long have I used the solution?

I've used the solution for three years. I've used it for a while now. 

What do I think about the stability of the solution?

In terms of stability, the solution is reliable and the performance is good. There are no bugs. It's not glitchy. It doesn't crash or freeze. 
Buyer's Guide
SonarQube
June 2022
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
609,272 professionals have used our research since 2012.

How are customer service and support?

I've never used technical support. I can't talk about how helpful they are, never spoken with them personally. If I do need to troubleshoot, I tend to rely on the community and search for answers there. 

Which solution did I use previously and why did I switch?

We've also used Fortify.

How was the initial setup?

I didn't participate in the installation process. I can't speak to how easy or difficult the process was. 

What's my experience with pricing, setup cost, and licensing?

I use the community version of the product.

What other advice do I have?

We are a customer and an end-user. I'd rate the solution at a seven out of ten. It's mostly reliable. 
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Software Engineer at a tech services company with 11-50 employees
Real User
Top 20
Beneficial testing tool, helps developer become sharper, and makes software more secure
Pros and Cons
  • "The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
  • "The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."

What is our primary use case?

I use SonarQube for testing software.

What is most valuable?

The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper.

What needs improvement?

The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications.

In the next release, they should add the ability to analyze containers.

For how long have I used the solution?

I have been using SonarQube for approximately three years.

What do I think about the scalability of the solution?

We have mostly software developers using this solution are there are approximately 50 using it.

Which solution did I use previously and why did I switch?

I have used Snyk and it is more catered to a different audience than SolarQube.SolarQube is more for software developers.

How was the initial setup?

The installation is straightforward, especially with the new Docker implementation.

What about the implementation team?

I did the implementation of the solution myself.

What's my experience with pricing, setup cost, and licensing?

The process of purchasing the solution could improve.

What other advice do I have?

This solution is a good static test tool for developers. It helps keep the maintainability and security of software.

I rate SonarQube an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
SonarQube
June 2022
Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
609,272 professionals have used our research since 2012.
Product Manager | Senior Software Developer at RedShift II - Solutions
Real User
Coding quality assurance tool that comes with good DevOps implementation
Pros and Cons
  • "This solution has the capability to analyze source code in almost all the languages in the market."
  • "This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."

What is our primary use case?

This solution has the capability to analyze source code in almost all the languages in the market.

What needs improvement?

This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced.

For how long have I used the solution?

I have used this solution for ten years. 

What do I think about the stability of the solution?

This is a stable solution. 

What do I think about the scalability of the solution?

This is a scalable solution. We have been using it for all of our critical projects. 

What was our ROI?

I have never made the calculations to understand the real value of this solution but I know that the return of investment is very good. If not, we wouldn't have continued to use it for the past 10 years.

What's my experience with pricing, setup cost, and licensing?

As a user and a consumer of this solution, it can be pricey for my company to support and use, even though there are many benefits. For this reason, we use the free version. In the future, as our product cycles develop and evolve at a more steady pace, we hope to invest in the licensing for this tool. 

What other advice do I have?

This solution has evolved a lot in the last ten years. 

It comes with good DevOps implementation and security, which is a big problem today. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Senior Product Manager at a financial services firm with 10,001+ employees
Real User
Less false positive scans, covers entire developer community, but support could improve

What is our primary use case?

SonarQube delivers a continuous inspection of code quality.

What is most valuable?

When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis.

For how long have I used the solution?

I have been using SonarQube for approximately two years.

What do I think about the stability of the solution?

The stability of SonarQube is good.

What do I think about the scalability of the solution?

I have found SonarQube to be scalable.

How are customer service and support?

SonarQube needs to improve its support model. They do not work 24/7, and they do not provide weekend support in case things go wrong. They only have a standard 8:00 am to 5:00 pm support model in which you have to raise a support ticket and wait. The support model is not effective for premium customers.

How was the initial setup?

SonarQube is very user-friendly and it works for all tech stacks. It should be easy for any kind of integrations that you need to build. Additionally, SonarQube comes with a lot of in-house APIs.

What other advice do I have?

I rate SonarQube a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Security Engineer at a computer software company with 201-500 employees
Real User
Free, scalable, but documentation needs improvement

What is our primary use case?

I use this solution for our staging environment to review the security issues before going live or into production.

What needs improvement?

I have found this solution creates more noise than competitors. 

The documentation and reporting extract can improve because other solutions are far more advanced.

For how long have I used the solution?

I have been using this solution for approximately two years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable. However, we do not use it as a SaaS solution, we use it for our staging environment at a minimum scale. 

We have approximately 10 people using this solution in my organization.

Which solution did I use previously and why did I switch?

Previously I worked with Fortify and Veracode and I have found those tools provided much better because they are from a commercial solution.

What about the implementation team?

Our development team did the implementation of this solution.

What's my experience with pricing, setup cost, and licensing?

This solution is free.

What other advice do I have?

My advice to others is this solution is one of the best in the free market in the industry and it is a good one to use.

I rate SonarQube a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
RakeshPal - PeerSpot reviewer
Senior Manager at Digichorus Technologies
Real User
Top 20
Good code review and reporting of basic vulnerabilities in your applications
Pros and Cons
  • "SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
  • "It does not provide deeper scanning of vulnerabilities in an application, on a live session. This is something we are not happy about. Maybe the reason for that is we are running the community edition currently, but other editions may improve on that aspect."

What is our primary use case?

We are using it for scanning our web applications, some internal applications and using it for code reviews.

What is most valuable?

SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications. The code writing standard of SonarQube is good. It may be better in other editions but as we don't use those we're not able to find out with SonarQube. We are using the community, developer version for 14 days. If this version is successful we will go to the full version. We're using it on-premises.

What needs improvement?

It does not provide deeper scanning of vulnerabilities in an application, on a live session. This is something we are not happy about. Maybe the reason for that is we are running the community edition currently, but other editions may improve on that aspect.

For how long have I used the solution?

We have been using SonarQube for one year.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

SonarQube is scalable.

How was the initial setup?

SonarQube was easy to setup.

Which other solutions did I evaluate?

We considered using Fortify.

What other advice do I have?

I would rate SonarQube an eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Founder at a tech services company with 11-50 employees
Real User
Top 5Leaderboard
Works fine and provides good value for money

What is our primary use case?

We use it as a gatekeeper for our external developers to follow the rules. If they don't comply with the rules within the source code, they cannot commit. 

What is most valuable?

It is working fine. It provides good value for money.

What needs improvement?

One thing to improve would be the integration. There is a steep learning curve to get it integrated.

For how long have I used the solution?

I have been using this solution for maybe two years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is definitely scalable. Currently, we have six users.

How are customer service and technical support?

We didn't contact them.

Which solution did I use previously and why did I switch?

This was our first one.

How was the initial setup?

Its initial setup is okay. It is not too difficult. It probably took a couple of hours.

One developer is enough for its deployment.

What's my experience with pricing, setup cost, and licensing?

We pay €10 per month for this solution, which is good. It provides good value for money.

What other advice do I have?

I would recommend this solution to others. I would rate SonarQube a nine out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Project Manager, Senior Architect at a computer software company with 1,001-5,000 employees
Real User
Well featured, easily manageable, identifies production issues

What is our primary use case?

We decided to implement the solution to keep up to date with testing, security, and other issues with developments, such as bugs.

What is most valuable?

In regards to features, overall the product is good. It minimizes the difficulty or issues that we encountered during the production. We are using the open-sourced version and issues can easily be resolved.

For how long have I used the solution?

I have been using the solution for four to five years.

What do I think about the stability of the solution?

We are using everything that is open-source and this allows us when we have the regular day to day issues, our team works on them directly to identifying their causes and they resolve them quickly.

What about the implementation team?

We have our internal team that is very knowledgeable, experienced, and have extreme abilities that handle our needs.

What's my experience with pricing, setup cost, and licensing?

I think comparing the product to competitors it should be less expensive.

What other advice do I have?

I would recommend SonarQube. It is a good deal compared to all other tools on the market.  It certainly helped us, it is a good tool and should be definitely used.

I rate SonarQube a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free SonarQube Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2022
Buyer's Guide
Download our free SonarQube Report and get advice and tips from experienced pros sharing their opinions.