Overall Satisfaction with SonarQube
SonarQube is being used in my organization as an Static Application Security tool which will detect the security issues in code and will try to fix the vulnerabilities that compromises the app. It is being currently used in all the projects in my department.
It being used in our Azure devops Continuous Integration pipeline to identify the vulnerabilities in code and provides detailed issue descriptions and code highlights that explain why your code is at risk.
It being used in our Azure devops Continuous Integration pipeline to identify the vulnerabilities in code and provides detailed issue descriptions and code highlights that explain why your code is at risk.
- Identify Security Vulnerabilities and highlights the code
- Highlight suspicious code snippets that developers should review
- Providing security feedback during code review
- Identify technical debts in code
- The community version have some issues, example Integrating with Azure or Single Sign On
- Automation scripts can be improved. At times you have to configure some of the rules in the detection
- It takes time to configure and create profiles
- Jenkins, Bitbucket, Gradle and Travis CI etc are some of the popular tools that integrate with SonarQube i.e. CI-CD Integrations
- Getting feedback during code review
- Identify Technical Debts
- Identify and fix application vulnerabilities in code
- Faster detection and identification of bugs
- Faster feedback to developers to improve code quality
- Integration with IDE
SonarQube is an open-source. It's a scalable product. The costs for this application, for the kind of job it does, are pretty descent. Pipeline scan is more secured in SonarQube. Its a very good tool and its support multiple languages. Its main core competency is of static code analysis and that is why SonarQube exists and it does it exceedingly well. The quality of scan on code convention, best practices, coding standards, unit test coverage etc makes them one of the best competent tool in the market
Do you think SonarQube delivers good value for the price?
Yes
Are you happy with SonarQube's feature set?
Yes
Did SonarQube live up to sales and marketing promises?
Yes
Did implementation of SonarQube go as expected?
Yes
Would you buy SonarQube again?
Yes