Great tool to keep your code clean
April 30, 2021

Great tool to keep your code clean

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with SonarQube

We use SonarQube to scan our code for vulnerabilities and code "smells." SonarQube is wired into our continuous integration software Jenkins, so it scans the code every time a build runs.

Pros

  • Finding security flaws.
  • Finding code that does not follow best practices and standards.
  • Looking for code coverage.

Cons

  • For code "smells" it would be nice to have different levels of issues.
  • It could be easier to define policies for different levels of code "smells."
  • Prioritize different types of code "smells."
  • Security is number one for sure.
  • Code duplication.
  • Code cleanup.
  • It helps keeping the code secure for our required audits.

Do you think SonarQube Server delivers good value for the price?

Yes

Are you happy with SonarQube Server's feature set?

Yes

Did SonarQube Server live up to sales and marketing promises?

Yes

Did implementation of SonarQube Server go as expected?

Yes

Would you buy SonarQube Server again?

Yes

It should always be a part of the continuous integration. Our application is quite old and has a lot of code "smells" unfortunately. We make it a rule that if you are going to fix a problem, then you should fix the code issues found by Sonar in that part of the code also. Eventually we will have a much cleaner code base.

Comments

More Reviews of SonarQube Server

  1. Home
  2. Static Application Security Testing (SAST) Tools
  3. SonarQube Server Reviews
  4. User Review of SonarQube Server