2018-07-30T09:01:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 20

What do you like most about SonarQube?

Hi Everyone,

What do you like most about SonarQube?

Thanks for sharing your thoughts with the community!

59
PeerSpot user
59 Answers
VD
Lead Security Architect at a comms service provider with 1,001-5,000 employees
Real User
Top 5Leaderboard
2022-04-27T08:20:00Z
Apr 27, 2022

This solution has helped with the integration and building of our CICD pipeline.

Search for a product comparison
2022-03-21T06:30:00Z
Mar 21, 2022

We consider it a handy tool that helps to resolve our issues immediately.

KV
Senior Technical Architect at a tech services company with 501-1,000 employees
Real User
Top 20
2022-02-16T18:27:02Z
Feb 16, 2022

SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues.

NP
Team Lead at CNSI
Real User
2022-02-16T17:38:49Z
Feb 16, 2022

We use this solution for qualitative coding. We make use of the SonarLint plugin as well as the dashboard.

HM
Senior Product Manager at a financial services firm with 10,001+ employees
Real User
2022-02-02T08:29:04Z
Feb 2, 2022

When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis.

SG
Lead Engineer at a healthcare company with 10,001+ employees
Real User
Top 10
2022-01-28T21:25:20Z
Jan 28, 2022

I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are.

Learn what your peers think about SonarQube. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,113 professionals have used our research since 2012.
RB
Security Information Manager at a tech services company with 10,001+ employees
Real User
Top 5
2022-01-28T17:05:33Z
Jan 28, 2022

The solution offers a very good community edition.

AQ
Independent Professional at Studio Dott. Ing. Angelo Quaglia
Real User
Top 20
2021-12-21T10:08:00Z
Dec 21, 2021

The most valuable features are the dashboard, the ability to drill down to the code, user-friendly, and the technical debt estimation.

Raja_Reddy - PeerSpot reviewer
Manager at kellton
Real User
Top 10
2021-12-10T13:48:52Z
Dec 10, 2021

One of the most valuable features of SonarQube is its ability to detect code quality during development. There are rules that define various technologies—Java, C#, Python, everything—and these rules declare the coding standards and code quality. With SonarQube, everything is detectable during the time of development and continuous integration, which is an advantage. SonarQube also has a Quality Gate, where the code should reach 85%. Below that, the code cannot be promoted to a further environment, it should be in a development environment only. So the checks are there, and SonarQube will provide that increase. It also provides suggestions on how the code can be fixed and methods of going about this, without allowing hackers to exploit the code.

Another valuable feature is that it is tightly integrated with third-party tools. For example, we can see the SonarQube metrics in Bitbucket, the code repository. Once I raise the full request, the developer, team lead, or even the delivery lead can see the code quality metrics of the deliverable so that they can make a decision. SonarQube will also cover all of the top OWASP vulnerabilities, however it doesn't have penetration testing or hacker testing. We use other tools, like Checkmarx, to do penetration testing from the outside.

RV
Development Team Lead at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2021-12-10T13:11:09Z
Dec 10, 2021

Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration.

PJ
Staff DevOps Specialist at a computer software company with 201-500 employees
MSP
Top 20
2021-11-11T06:09:33Z
Nov 11, 2021

My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it.

AN
Project Manager at a manufacturing company with 1,001-5,000 employees
Real User
Top 20
2021-11-03T20:00:00Z
Nov 3, 2021

There's plenty of documentation available to users.

LD
Software Engineer at a tech services company with 11-50 employees
Real User
Top 20
2021-10-08T20:35:29Z
Oct 8, 2021

The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper.

Jayashree Acharyya - PeerSpot reviewer
Executive Manager at PepsiCo
Real User
Top 5Leaderboard
2021-09-08T22:55:59Z
Sep 8, 2021

We have worked with the support from SonarQube and we have had good experiences.

WW
System Quality Assurance Manager at AIS - Advanced Info Services Plc.
Real User
Top 5Leaderboard
2021-09-07T14:07:28Z
Sep 7, 2021

SonarQube is designed well making it easy to use, simple to identify issues and find solutions to problems.

HM
Founder at a tech services company with 11-50 employees
Real User
Top 5Leaderboard
2021-08-10T12:55:11Z
Aug 10, 2021

It is working fine. It provides a good value for money.

KH
Manager, Software Development Engineering at a computer software company with 51-200 employees
Real User
2021-08-04T16:48:03Z
Aug 4, 2021

Provides local scanning for developers.

TUDOR CALINESCU - PeerSpot reviewer
Security Project Leader at a computer software company with 501-1,000 employees
Real User
Top 10
2021-08-03T13:53:03Z
Aug 3, 2021

I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla.

AF
Senior Security Engineer at a financial services firm with 10,001+ employees
Real User
2021-06-29T00:34:24Z
Jun 29, 2021

The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know.

NB
Security Engineer at a computer software company with 201-500 employees
Real User
2021-06-08T14:11:31Z
Jun 8, 2021

The solution is stable.

AJ
DevOps Lead at a marketing services firm with 1,001-5,000 employees
Real User
Top 20
2021-04-29T13:02:30Z
Apr 29, 2021

The reporting and the results are quick. It gets integrated within the pipeline well.

BG
Digital Solutions Architect at a tech services company with 1,001-5,000 employees
Real User
2021-04-05T15:27:37Z
Apr 5, 2021

The fact that the solution does security scanning is valuable.

Sirish Reddy - PeerSpot reviewer
Technology Manager at Publicis Sapient
Real User
Top 10
2021-03-31T04:33:12Z
Mar 31, 2021

The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language.

Ahmed Rabea - PeerSpot reviewer
CEO at ITShare
Real User
Top 20
2021-02-26T22:22:56Z
Feb 26, 2021

The static code analysis is very good.

WD
Senior Software Engineering Manager at a computer software company with 10,001+ employees
Real User
Top 10
2021-02-10T14:34:34Z
Feb 10, 2021

It is a very good tool for analysis and security vulnerability checking.

Daniel Antonio Jimenez Quintana - PeerSpot reviewer
IT Systems Architect at Banco Ripley
Real User
Top 5Leaderboard
2021-02-02T10:26:08Z
Feb 2, 2021

It provides the security that is required from a solution for financial businesses.

CV
CTO at a computer software company with 11-50 employees
Real User
Top 5Leaderboard
2021-01-08T15:43:25Z
Jan 8, 2021

The good thing with SonarQube is it covers a lot of issues, it's a very robust framework.

KN
Security at a tech services company with 51-200 employees
Real User
Top 5
2021-01-06T10:11:58Z
Jan 6, 2021

Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards.

Gustavo Lugo - PeerSpot reviewer
Chief Solutions Officer at CleverIT B.V.
Reseller
Top 5Leaderboard
2021-01-06T06:31:00Z
Jan 6, 2021

It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis.

SV
Project Manager, Senior Architect at a computer software company with 1,001-5,000 employees
Real User
2020-12-24T15:03:00Z
Dec 24, 2020

It is a good deal compared to all other tools on the market.

ErnestoGonzalez - PeerSpot reviewer
Backend Architect at Sngular
Real User
Top 20
2020-12-09T00:59:35Z
Dec 9, 2020

It has very good scalability and stability.

Elham-Gharegozloo - PeerSpot reviewer
Senior System Analyst at a tech services company with 1,001-5,000 employees
Real User
Top 10
2020-12-07T17:49:08Z
Dec 7, 2020

The most valuable features are that it is user-friendly, easy to access, and they provide good training files.

RakeshPal - PeerSpot reviewer
Senior Manager at Digichorus Technologies
Real User
Top 20
2020-11-27T22:37:00Z
Nov 27, 2020

SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications.

AB
Director IT Security, CISO at a transportation company with 10,001+ employees
Real User
Top 20
2020-10-28T21:08:07Z
Oct 28, 2020

I like the by-default policies that are they, as they seem to cover most of what I need.

Hilman Tehrani - PeerSpot reviewer
Information Technology Technical Architect at a insurance company with 51-200 employees
Real User
2020-10-27T06:39:00Z
Oct 27, 2020

The product itself has a friendly UI.

AhmedSaber - PeerSpot reviewer
Senior/Lead Software Engineer at General Pension Authority
Real User
2020-10-26T15:25:32Z
Oct 26, 2020

The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes.

Hilman Tehrani - PeerSpot reviewer
Information Technology Technical Architect at a insurance company with 51-200 employees
Real User
2020-09-06T08:04:35Z
Sep 6, 2020

The product has a friendly UI that is easy to use and understand.

SK
Independent Consultant at Klusener Consultancy
Consultant
2020-09-03T07:49:00Z
Sep 3, 2020

The overall quality of the indicator is good.

TS
Security consultant at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
2020-09-01T05:25:12Z
Sep 1, 2020

It's a great product. If you are in a hurry and just want to focus on the functional requirements of any kind of project, SonarQube is highly helpful. It enables the developers to code securely.

SonarQube has a Community edition, which is open source and free. There are also three proprietary or paid versions: Enterprise edition, Data Center edition, and Developer edition.

SR
Team Lead at a computer software company with 10,001+ employees
Real User
2020-08-30T08:33:32Z
Aug 30, 2020

It is a very good tool for analysis despite its limitations.

JS
DevSecOps Lead at a tech services company with 11-50 employees
MSP
2020-08-20T07:50:18Z
Aug 20, 2020

Before you even compile, it can catch known vulnerability issues or patterns.

PC
Engineer at a pharma/biotech company with 201-500 employees
Real User
2020-07-28T06:50:14Z
Jul 28, 2020

The most valuable features are the segregation containment and the suspension of product services.

Yash Brahmani - PeerSpot reviewer
Devops Engineer at BNP Paribas
Real User
Top 20
2020-07-15T07:11:00Z
Jul 15, 2020

The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues.

TibinLukose - PeerSpot reviewer
Software Engineer at Adfolks
Real User
2020-07-14T08:15:51Z
Jul 14, 2020

The most valuable features are code scanning and Quality Gates.

Donovan Greeff - PeerSpot reviewer
Head of Software Delivery at a tech services company with 51-200 employees
Real User
2020-07-06T14:59:00Z
Jul 6, 2020

Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers.

Anshuman Kishore - PeerSpot reviewer
Director Product Development at Mycom Osi
Real User
Top 10Leaderboard
2020-06-25T10:49:25Z
Jun 25, 2020

The code coverage feature is very good.

Kiran Gujju - PeerSpot reviewer
Cyber Security Architect (USDA) at a government with 10,001+ employees
Real User
2019-06-16T07:23:00Z
Jun 16, 2019

The most valuable features are the dashboard reports and the ease of integrating it with Jenkins.

HJ
IT Infrastructure Head / Facilities Manager - ITIL V3 Certified ,Vmware Vsphere5 at a financial services firm with 51-200 employees
Real User
2019-06-11T11:10:00Z
Jun 11, 2019

Strong code evaluation for budget-minded clients.

PR
Scala Contractor at HCL Technologies
Real User
2019-06-02T09:20:00Z
Jun 2, 2019

If code coverage is a low number then that's of great value to me.

HK
Country Manager Senegal at a financial services firm with 10,001+ employees
Real User
2019-05-30T08:12:00Z
May 30, 2019

SonarQube is good for checking and maintaining code quality.

JI
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
Real User
2019-05-28T07:45:00Z
May 28, 2019

Using SonarQube has helped us to identify areas of technical debt to work on, resulting in better code, fewer vulnerabilities, and fewer bugs.

BR
Company Director at Alwyn Technologies
Real User
2019-05-23T06:09:00Z
May 23, 2019

We advise all of our developers to have this solution in place.

it_user713202 - PeerSpot reviewer
Vice President at a financial services firm with 1,001-5,000 employees
Real User
2019-05-22T07:18:00Z
May 22, 2019

If you want to have your code scanned and timed then this is a good tool.

SG
Lead Engineer at a healthcare company with 10,001+ employees
Real User
Top 10
2019-05-20T07:59:00Z
May 20, 2019

We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that.

LZ
Application Security Analyst at a agriculture with 501-1,000 employees
Real User
2019-05-16T07:47:00Z
May 16, 2019

The most valuable function is its usability.

PD
Manager at a wireless company with 11-50 employees
Real User
2019-05-15T05:16:00Z
May 15, 2019

Integrate it into the developers' workbench so that they can bench check their code against what will be done in the server-based audit version.

Daniel Hall - PeerSpot reviewer
Technical Architect at Dwr Cymru Welsh Water
Real User
2019-05-06T17:08:00Z
May 6, 2019

The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices).

SM
Manager at Dassault Systèmes
Real User
2019-05-06T09:44:00Z
May 6, 2019

This has improved our organization because it has helped to find Security Vulnerabilities.

JI
Automation Tool Specialist at a comms service provider with 1,001-5,000 employees
Real User
2018-07-30T09:01:00Z
Jul 30, 2018

It is very good at identifying technical debt.

Related Questions
Vishal-Goyal - PeerSpot reviewer
Chief Architect at Peristent Systems
Aug 12, 2022
Dear experts, I wanted to check with those who have experience in using both SonarQube Community Edition and SonarQube Enterprise Edition. What real advantages do you see in spending money to procure an enterprise license vs using community edition which is free? I'm aware enterprise provides better programming languages coverage, strong reporting and more rules. But I wanted to hear feedbac...
See 1 answer
AQ
Independent Professional at Studio Dott. Ing. Angelo Quaglia
Aug 12, 2022
Decoration of pull requests is pretty cool.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 3, 2021
Which is better and why?
See 1 answer
Nov 3, 2021
We like the data that Sonatype Nexus Lifecycle consistently delivers. This solution helps us in fixing and understanding the issues a lot quicker. The policy engine allows you to set up different types of violations according to your specific needs. It allows us to see the licensing and security vulnerabilities as well as the age of our open sources in our software. This helps us ensure we stay up to date with our software and that we don’t have any vulnerabilities. We would really like to see Sonatype Nexus Lifecycle be more code-driven and scaled at the developer level. It really should be smoother and faster at finding the relationships between libraries and enterprises. The GUI has some limitations and could be problematic for some larger-scale companies. SonarQube is easy to deploy and configure. It also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. It is great if you want to quickly focus on functional requirements. This solution is very easy to use and understand. There were some security issues with our code that SonarQube did not find. Defining the quality of rules should be improved to ensure that low-performance code does not move forward to production. We would like to see better security scanning and statistical analysis from this solution. Conclusion Both of these are amazing, highly-regarded solutions. We chose Sonatype Nexus as a better fit for us. We felt that SonarQube needed multiple other products in order to function well and was lacking in some of the reporting qualities we desired. We felt that the proprietary data that Sonatype Nexus provides with regard to libraries was a great characteristic for us. We found that this solution integrates well with the other products we are using. We especially like the REST API, which we can drive remotely and automate.
Explore this product
Download Free Report
Download our free SonarQube Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
655,113 professionals have used our research since 2012.