TrustRadius
SonarQube (formerly Sonar) is an open source application security solution.https://media.trustradius.com/product-logos/8M/DY/1VGWJ0ZF9MOU.pngExcellent tool for code quality scanSonarQube is the de-facto standard static code review tool for many languages such as Java and PHP. It is easy to setup the SonarQube server and configure it. It has rich built-in rule-sets which includes coding standards, best practices, security, and convention. These are good enough for almost any application. SonarQube is mandatory for all our Java applications. All developers must ensure that they do not create any critical or block issues and keep the coverage unit code when committing the code, every app must fix all critical or block issues before going live. SonarQube is integrated with our CICD pipeline so it produces a quality report. Our SonarQube also integrates with other tools such as Coverity, Junit to provide a better report and more checking areas.,Quality scan on code convention, best practices, coding standards, unit test coverage. Detailed report on estimated time to fix the issue. Graphing to show the current status of the project with a number of issues, which area has a problem and the history of the project over time. Flexible on customizing the rule-set and importing more rules based on the application. Easy to give a comment, assignment on the issue, could generate a good S report in the form of PDF so the PM or tech lead can have a look at it.,Have a way to ignore the issues that the team decides not to fix.,9,Improve the overall quality of the project Increase developer's skill Save the manual review effort Shortened development time and time to market,,Apache Tomcat, Microsoft Azure, PostgreSQLSonarQube is the final solution for all your code quality checkupsWe use SonarQube for the coding standards we follow within the organization. Whatever be the output executable of the code, the quality of our work must be reflected in the code. How clean is it to debug and how easy to understand with other developers. Helps in highlighting the issues with Atlassian Unit testing products. Integration support is good.,JUnit Testing and Integration testing. Easy to find bugs and track the code. Highlights the issues separately. Code analytics on demand. Checkup for the code and projects. Easy to integrate with IDE.,JIRA plugin has no support forum. Weak Open Source forums, this can be grown by spreading the word around the community. Every IDE does not support SonarQube and vice versa, thus you have to select.,7,It became easy to identify the bugs and issue generation. It is open source thus saving money. Enhances the code quality and standard.,JIRA Software,JIRA Software, TargetProcess, Backlog, AsanaSonarqube is a worth static analysis toolExcellent static analysis tool for identifying potential issues with your code. Sonarqube is easily integrated with your CI/CD workflow, including a containerized version. Once implemented, it scans code every time we push it and reports back any issues that need to be addressed. Customization is available to fine tune the reports, identifying what's really important to you and your team.,Core competency of static analysis. This is why SonarQube exists and it does it exceedingly well. Customized quality settings let you tailor the tool for your specific needs. Support for many languages including C, C++, Python, and more.,Ability to set automated alerts. For instance, when code hasn't been scanned in a long period of time. Tighter integration with issue tracking systems such as jira and Gitlab.,8,More secure code Reduced security issues over time,Gitlab,Skype for Business (formerly Lync), SlackSonarQube : perfect SONAR for your codeSobarQube is used by the whole department. We use it for code quality analysis and to check code coverage. Also we use it to know the code smells in the code and adhere to the coding standards as expected.,Test scripts coverage data. It provides a line by line coverage stats, showing which condition is covered and which one is not Checking the code quality. We have a particular coding standard which we need to adhere, so it helps in detecting if the code is written in that standard or not Code smells,In terms of security of the code, it can improve. It is mostly used to check for coding standards but it would have been nice if we could have got a vulnerability check as well.,8,It has had a positive impact as of now. We did not have any negative impact though The quality of code writing has improved certainly,HP Fortify on Demand, Jenkins, Bitbucket
Unspecified
SonarQube
13 Ratings
Score 7.9 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

SonarQube Reviews

SonarQube
13 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101
Show Filters 
Hide Filters 
Filter 13 vetted SonarQube reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-4 of 4)

  Vendors can't alter or remove reviews. Here's why.
Hung Vu profile photo
March 28, 2019

SonarQube Review: "Excellent tool for code quality scan"

Score 9 out of 10
Vetted Review
Verified User
Review Source
SonarQube is the de-facto standard static code review tool for many languages such as Java and PHP. It is easy to setup the SonarQube server and configure it. It has rich built-in rule-sets which includes coding standards, best practices, security, and convention. These are good enough for almost any application. SonarQube is mandatory for all our Java applications. All developers must ensure that they do not create any critical or block issues and keep the coverage unit code when committing the code, every app must fix all critical or block issues before going live. SonarQube is integrated with our CICD pipeline so it produces a quality report. Our SonarQube also integrates with other tools such as Coverity, Junit to provide a better report and more checking areas.
  • Quality scan on code convention, best practices, coding standards, unit test coverage.
  • Detailed report on estimated time to fix the issue.
  • Graphing to show the current status of the project with a number of issues, which area has a problem and the history of the project over time.
  • Flexible on customizing the rule-set and importing more rules based on the application.
  • Easy to give a comment, assignment on the issue, could generate a good S report in the form of PDF so the PM or tech lead can have a look at it.
  • Have a way to ignore the issues that the team decides not to fix.
Set up and configuration of SonarQube server is very simple and easy to learn, it integrates well with CICD pipelines such as Jenkin and Gitlab. SonarQube is well suited for almost any Java or PHP based project of any size. But SonarQube does not have support much for UI code, so if your project mainly focuses on UI with HTML or AngularJS it is not a good fit.
Read Hung Vu's full review
Sanyam Jain profile photo
June 05, 2019

Review: "SonarQube is the final solution for all your code quality checkups"

Score 7 out of 10
Vetted Review
Verified User
Review Source
We use SonarQube for the coding standards we follow within the organization. Whatever be the output executable of the code, the quality of our work must be reflected in the code. How clean is it to debug and how easy to understand with other developers. Helps in highlighting the issues with Atlassian Unit testing products. Integration support is good.
  • JUnit Testing and Integration testing.
  • Easy to find bugs and track the code. Highlights the issues separately.
  • Code analytics on demand.
  • Checkup for the code and projects.
  • Easy to integrate with IDE.
  • JIRA plugin has no support forum.
  • Weak Open Source forums, this can be grown by spreading the word around the community.
  • Every IDE does not support SonarQube and vice versa, thus you have to select.
Well suited for large scale code production and releases. Suitable for small devops productions also where coding standards matter a lot.
Read Sanyam Jain's full review
No photo available
June 28, 2019

Review: "Sonarqube is a worth static analysis tool"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Excellent static analysis tool for identifying potential issues with your code. Sonarqube is easily integrated with your CI/CD workflow, including a containerized version. Once implemented, it scans code every time we push it and reports back any issues that need to be addressed. Customization is available to fine tune the reports, identifying what's really important to you and your team.
  • Core competency of static analysis. This is why SonarQube exists and it does it exceedingly well.
  • Customized quality settings let you tailor the tool for your specific needs.
  • Support for many languages including C, C++, Python, and more.
  • Ability to set automated alerts. For instance, when code hasn't been scanned in a long period of time.
  • Tighter integration with issue tracking systems such as jira and Gitlab.
Any modern-day CI/CD tool chain should include a static analyzer such as SonarQube. Using such a tool helps enhance the overall security of your application and helps train developers along the way. SonarQube does this exceedingly well and is lightweight enough to deploy quickly and easily. Definitely a great addition to your toolset.
Read this authenticated review
Saugandh Karan profile photo
September 13, 2017

Review: "SonarQube : perfect SONAR for your code"

Score 8 out of 10
Vetted Review
Verified User
Review Source
SobarQube is used by the whole department. We use it for code quality analysis and to check code coverage. Also we use it to know the code smells in the code and adhere to the coding standards as expected.
  • Test scripts coverage data. It provides a line by line coverage stats, showing which condition is covered and which one is not
  • Checking the code quality. We have a particular coding standard which we need to adhere, so it helps in detecting if the code is written in that standard or not
  • Code smells
  • In terms of security of the code, it can improve. It is mostly used to check for coding standards but it would have been nice if we could have got a vulnerability check as well.
Read Saugandh Karan's full review

SonarQube Scorecard Summary

About SonarQube

SonarQube (formerly Sonar) is an open source application security solution.
Categories:  Application Security

SonarQube Technical Details

Operating Systems: Unspecified
Mobile Application:No