Likelihood to Recommend
I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.
We have a headache every time when making a new commit+push, because:
- Check rules could be tight and motivate developers to change the source code.
- Sonar rules insist on their own rules and no way for trade.
- Sometimes we missed that some piece of code does not cover by the test, so we need to return to the task again
- SonarCube + SonarLint helps us to achieve the best quality source code but takes so much time for it.
- Identifies common coding vulnerabilities.
- Compares code to industry best practices.
- Assesses the code for data privacy compliance.
- Best thing about it is that it offers an online instance (SonarCloud) where we can dry run an open source project by forking a github repository
- Provides detailed analysis of the stacks that it checks for bugs and issues in code stacks.
- Provides a good amount of documentation on how for configuration and installation and how to use it.
- Provides a strong integration with azure devops and jenkins for creating DSL pipelines.
- Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans.
- We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance.
- SonarQube motivates us to get a big team to write these endless tests to cover everything.
- Integration with Jira and Jenkins has some tricky moments.
- Setup process could take a lot of time.
- Sometimes check rules could be very strict, like 'too many parameters in constructor.'
CAST Highlight 10.0
Based on 1 answer
Tech support and pro services are top-notch.
Based on 2 answers
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Professional in Information TechnologyInsurance Company, 51-200 employees
These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
SonarQube is an open-source. It's a scalable product. The costs for this application, for the kind of job it does, are pretty descent. Pipeline scan is more secured in SonarQube. Its a very good tool and its support multiple languages. Its main core competency is of static code analysis and that is why SonarQube exists and it does it exceedingly well. The quality of scan on code convention, best practices, coding standards, unit test coverage etc makes them one of the best competent tool in the market
Return on Investment
- I believe once we had the tool working for our code base, we immediately saw positive ROI.
- We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you.
- Our client is quite pleased with the demonstration of this tools
- Our organisation is using a community edition right now but is planning to migrate to a enterprise version to use it commercially.
- It is quite a costly tool but our organisation is willing to buy it for its enhanced features and security
Premium Consulting/Integration Services—
Entry-level set up fee?
CAST Highlight Editions & Modules
Additional Pricing Details—
Premium Consulting/Integration Services
Entry-level set up fee?
SonarQube Editions & Modules
|Developer EDITION||Starts at $1502|
|Enterprise EDITION||Starts at $20,0003|
|Data Center EDITION||Starts at $130,0004|
- 100,000 Lines of Code
- 1 Million Lines of Code
- 20 Million Lines of Code