We changed our name from IT Central Station: Here's why
Get our free report covering SonarSource, Synopsys, WhiteSource, and other competitors of Sonatype Nexus Lifecycle. Updated: January 2022.
566,121 professionals have used our research since 2012.

Read reviews of Sonatype Nexus Lifecycle alternatives and competitors

Mohanraj Vellingiri
Tools manager at a retailer with 10,001+ employees
Real User
It supports 29 languages
Pros and Cons
  • "SonarQube is one of the more popular solutions because it supports 29 languages."
  • "I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script."

What is our primary use case?

SonarQube is a code-scanning tool that ensures people follow the right coding standard. It detects any memory leaks or unwanted functions that have been written so developers can optimize the code for better performance. We don't know too much about how our customers use SonarQube because we just set it up for them. We show them how the reporting works and what to do to fix common issues. 

What is most valuable?

SonarQube is one of the more popular solutions because it supports 29 languages.

What needs improvement?

SonarQube supports most database languages, like SQL queries, PL/SQL, etc., but some newer programming languages are not there. For example, it's missing some more popular languages like Apache Groovy. I would like to see some support for scanning these new popular languages.

I would also like SonarQube to be able to write custom scanning rules. More documentation would be helpful as well because some of our guys were struggling with the customization script. 

For how long have I used the solution?

I've been using SonarQube for the past eight years or so. I am a DevOps consultant who helps the end-users set up their environments. My clients operate in various industries, including the service industry. 

How was the initial setup?

SonarQube takes five to 10 minutes to install, and I train people on this technology, so I install it for them and teach them how to use it. On Linux, it maybe takes another five or 10 minutes, but it is straightforward.

We first try it out with a limited number of users, so four or five users will run it, but the report is shared with multiple users. The report generated will go to thousands of users. You run the report from the DevOps point of view, then share it with everyone.

What's my experience with pricing, setup cost, and licensing?

I'm involved in the price discussions, so I'm unaware of the cost. However, I don't see any other competitors in the same space. There are one or two, but they're not popular. SonarQube is free for one user, so people can explore it, but if they need enterprise support, they can buy licenses, and we can go forward.

Which other solutions did I evaluate?

SonarQube is the only code scanning software I've tried, but I've also seen Nexus Scanner. However, it's not for binary scanning and so forth. It won't scan your source code. It's just an artifact scanner. 

What other advice do I have?

I rate SonarQube eight out of 10. I always recommend SonarQube because it is also available in an open-source version, so people can understand the power of this tool and how it can help in an IT setting. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Get our free report covering SonarSource, Synopsys, WhiteSource, and other competitors of Sonatype Nexus Lifecycle. Updated: January 2022.
566,121 professionals have used our research since 2012.