1. Home
  2. Static Application Security Testing (SAST) Tools
  3. SonarQube Reviews
  4. User Review of SonarQube
Quality archway for projects
May 03, 2021

Quality archway for projects

Arush Soel | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with SonarQube

We are using it currently while building a .NET CI\CD pipeline for an automated analysis of our code quality and all the vulnerabilities by scanning our various repositories in Bitbucket version control and publishing our stacks for any kinds of bugs found and ensure the proper code coverage and make our projects more reliable
  • Best thing about it is that it offers an online instance (SonarCloud) where we can dry run an open source project by forking a github repository
  • Provides detailed analysis of the stacks that it checks for bugs and issues in code stacks.
  • Provides a good amount of documentation on how for configuration and installation and how to use it.
  • Provides a strong integration with azure devops and jenkins for creating DSL pipelines.
  • Local dashboard wont work without java installed on your machine
  • If talking about the local ui the configuration may be quite complex. Needs an experts advise
  • Its enterprise edition cost a fortune depending on a company size or users that may use it.
  • We are currently using its community edition in our internal projects
  • Apart from that we use its plugin in our azure devops pipeline to maintain our repository’s code quality
  • Its bug spotting feature is also used by our organisation from time to time
  • Our client is quite pleased with the demonstration of this tools
  • Our organisation is using a community edition right now but is planning to migrate to a enterprise version to use it commercially.
  • It is quite a costly tool but our organisation is willing to buy it for its enhanced features and security
SonarQube contains all of their features. Findbugs has very limited capabilities. It is just a static code analyser and does not check for a continous code quality and also not possible to integrate its plugin azure devops .net pipelines and more importantly SonarQube ui is quite user friendly and highlighted.

Do you think SonarQube delivers good value for the price?

Yes

Are you happy with SonarQube's feature set?

Yes

Did SonarQube live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of SonarQube go as expected?

Yes

Would you buy SonarQube again?

Yes

It is quite a powerful code analysis tool if used by my colleagues in organisation but i would recommend a sonarcloud(cloud instance) or a community edition in order to get a demonstration or to get a quick hands on experience with its user interface and its administration along with local dashboard configuration and installation