2018-07-30T09:01:00Z

What do you like most about SonarQube?

Miriam Tover - PeerSpot reviewer
  • 0
  • 8
PeerSpot user
Get the report
Helped 765,234 peers since 2012
66

66 Answers

RP
Consultant
Top 10
2024-02-28T08:07:02Z
Feb 28, 2024

The solution's user interface is very user-friendly.

Search for a product comparison
AJ
Real User
Top 20
2024-02-22T10:50:35Z
Feb 22, 2024

The integrations SonarQube provides with our software delivery pipeline are very seamless.

HN
Real User
Top 5
2023-12-22T10:06:26Z
Dec 22, 2023

SonarQube is scalable. My company has 50 users.

BS
Real User
Top 20
2023-12-21T09:45:00Z
Dec 21, 2023

This solution is simple to use and can be quickly deployed.

LJ
Real User
Top 20
2023-08-28T05:56:03Z
Aug 28, 2023

The SonarQube dashboard looks great.

Devid William - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-08-23T14:56:41Z
Aug 23, 2023

There are many options and examples available in the tool that help us fix the issues it shows us.

Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Axel Niering - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-05-02T13:27:00Z
May 2, 2023

The product is simple.

VD
Real User
Top 20
2022-04-27T08:20:00Z
Apr 27, 2022

This solution has helped with the integration and building of our CICD pipeline.

2022-03-21T06:30:00Z
Mar 21, 2022

We consider it a handy tool that helps to resolve our issues immediately.

KV
Real User
2022-02-16T18:27:02Z
Feb 16, 2022

SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues.

NP
Real User
2022-02-16T17:38:49Z
Feb 16, 2022

We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard.

HM
Real User
2022-02-02T08:29:04Z
Feb 2, 2022

When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis.

SG
Real User
2022-01-28T21:25:20Z
Jan 28, 2022

I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are.

RB
Real User
2022-01-28T17:05:33Z
Jan 28, 2022

The solution offers a very good community edition.

Angelo Quaglia - PeerSpot reviewer
Real User
Top 10
2021-12-21T10:08:00Z
Dec 21, 2021

The most valuable features are the dashboard, the ability to drill down to the code, user-friendly, and the technical debt estimation.

RR
Real User
2021-12-10T13:48:52Z
Dec 10, 2021

One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code.

Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside.

RV
Real User
2021-12-10T13:11:09Z
Dec 10, 2021

Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration.

PJ
MSP
2021-11-11T06:09:33Z
Nov 11, 2021

My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it.

AN
Real User
2021-11-03T20:00:00Z
Nov 3, 2021

There's plenty of documentation available to users.

LD
Real User
2021-10-08T20:35:29Z
Oct 8, 2021

The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper.

Jayashree Acharyya - PeerSpot reviewer
Real User
Top 10
2021-09-08T22:55:59Z
Sep 8, 2021

We have worked with the support from SonarQube and we have had good experiences.

WW
Real User
2021-09-07T14:07:28Z
Sep 7, 2021

SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems.

HM
Real User
2021-08-10T12:55:11Z
Aug 10, 2021

It is working fine. It provides a good value for money.

KH
Real User
2021-08-04T16:48:03Z
Aug 4, 2021

Provides local scanning for developers.

Calinescu Tudor - PeerSpot reviewer
Real User
Top 10
2021-08-03T13:53:03Z
Aug 3, 2021

I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla.

AF
Real User
2021-06-29T00:34:24Z
Jun 29, 2021

The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know.

NB
Real User
2021-06-08T14:11:31Z
Jun 8, 2021

The solution is stable.

AJ
Real User
Top 20
2021-04-29T13:02:30Z
Apr 29, 2021

The reporting and the results are quick. It gets integrated within the pipeline well.

BG
Real User
2021-04-05T15:27:37Z
Apr 5, 2021

The fact that the solution does security scanning is valuable.

SR
Real User
2021-03-31T04:33:12Z
Mar 31, 2021

The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language.

AR
Real User
2021-02-26T22:22:56Z
Feb 26, 2021

The static code analysis is very good.

Wang Dayong - PeerSpot reviewer
Real User
2021-02-10T14:34:34Z
Feb 10, 2021

It is a very good tool for analysis and security vulnerability checking.

Daniel Antonio Jimenez Quintana - PeerSpot reviewer
Real User
Top 10Leaderboard
2021-02-02T10:26:08Z
Feb 2, 2021

It provides the security that is required from a solution for financial businesses.

CV
Real User
2021-01-08T15:43:25Z
Jan 8, 2021

The good thing with SonarQube is it covers a lot of issues, it's a very robust framework.

KN
Real User
2021-01-06T10:11:58Z
Jan 6, 2021

Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards.

GL
Reseller
Top 20
2021-01-06T06:31:00Z
Jan 6, 2021

It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis.

SV
Real User
2020-12-24T15:03:00Z
Dec 24, 2020

It is a good deal compared to all other tools on the market.

EG
Real User
2020-12-09T00:59:35Z
Dec 9, 2020

It has very good scalability and stability.

EG
Real User
2020-12-07T17:49:08Z
Dec 7, 2020

The most valuable features are that it is user-friendly, easy to access, and they provide good training files.

RP
Real User
2020-11-27T22:37:00Z
Nov 27, 2020

SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications.

AB
Real User
2020-10-28T21:08:07Z
Oct 28, 2020

I like the by-default policies that are they, as they seem to cover most of what I need.

HT
Real User
2020-10-27T06:39:00Z
Oct 27, 2020

The product itself has a friendly UI.

AS
Real User
2020-10-26T15:25:32Z
Oct 26, 2020

The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes.

HT
Real User
2020-09-06T08:04:35Z
Sep 6, 2020

The product has a friendly UI that is easy to use and understand.

SK
Consultant
2020-09-03T07:49:00Z
Sep 3, 2020

The overall quality of the indicator is good.

TS
Real User
Top 20
2020-09-01T05:25:12Z
Sep 1, 2020

It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely.

SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition.

SR
Real User
2020-08-30T08:33:32Z
Aug 30, 2020

It is a very good tool for analysis despite its limitations.

JS
MSP
2020-08-20T07:50:18Z
Aug 20, 2020

Before you even compile, it can catch known vulnerability issues or patterns.

PC
Real User
2020-07-28T06:50:14Z
Jul 28, 2020

The most valuable features are the segregation containment and the suspension of product services.

Yash Brahmani - PeerSpot reviewer
Real User
Top 20
2020-07-15T07:11:00Z
Jul 15, 2020

The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues.

TL
Real User
2020-07-14T08:15:51Z
Jul 14, 2020

The most valuable features are code scanning and Quality Gates.

DG
Real User
2020-07-06T14:59:00Z
Jul 6, 2020

Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers.

Anshuman Kishore - PeerSpot reviewer
Real User
Top 5Leaderboard
2020-06-25T10:49:25Z
Jun 25, 2020

The code coverage feature is very good.

KG
Real User
2019-06-16T07:23:00Z
Jun 16, 2019

The most valuable features are the dashboard reports and the ease of integrating it with Jenkins.

HJ
Real User
2019-06-11T11:10:00Z
Jun 11, 2019

Strong code evaluation for budget-minded clients.

PR
Real User
2019-06-02T09:20:00Z
Jun 2, 2019

If code coverage is a low number then that's of great value to me.

HK
Real User
2019-05-30T08:12:00Z
May 30, 2019

SonarQube is good for checking and maintaining code quality.

JI
Real User
2019-05-28T07:45:00Z
May 28, 2019

Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs.

BR
Real User
2019-05-23T06:09:00Z
May 23, 2019

We advise all of our developers to have this solution in place.

it_user713202 - PeerSpot reviewer
Real User
2019-05-22T07:18:00Z
May 22, 2019

If you want to have your code scanned and timed then this is a good tool.

SG
Real User
2019-05-20T07:59:00Z
May 20, 2019

We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that.

LZ
Real User
2019-05-16T07:47:00Z
May 16, 2019

The most valuable function is its usability.

PD
Real User
2019-05-15T05:16:00Z
May 15, 2019

Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version.

DH
Real User
2019-05-06T17:08:00Z
May 6, 2019

The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices).

SM
Real User
2019-05-06T09:44:00Z
May 6, 2019

This has improved our organization because it has helped to find Security Vulnerabilities.

JI
Real User
2018-07-30T09:01:00Z
Jul 30, 2018

It is very good at identifying technical debt.

SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of your release pipeline, displaying pass/fail results for new code based on quality profiles you...
Download SonarQube ReportRead more

Related Q&As