SAST Tools selection - SonarQube to the rescue
May 20, 2021
SAST Tools selection - SonarQube to the rescue
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with SonarQube
We use [SonarQube] for static scans for all custom apps at JLL
- Easy to integrate with MS tech stack
- Scans can be configured
- Endpoints can are setup on central server
- Reporting on SonarQube is poor
- The configuration is not intuitive
- Role and IAM access is not accurate, too much dependence on admin
- Cloud setup
- Run scans on demand
- Integrate scans with builds
- We are able to scan our apps regularly
- We are able to get reports on scan issues
- It takes time to setup scans and reconfigure, this can be improved
Setting up with Azure devops is easier.
Scans results and depth of tweaking/whitelisting code snippets is easier with SonarQube.
Scans results and depth of tweaking/whitelisting code snippets is easier with SonarQube.
Do you think SonarQube delivers good value for the price?
Not sure
Are you happy with SonarQube's feature set?
Yes
Did SonarQube live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of SonarQube go as expected?
I wasn't involved with the implementation phase
Would you buy SonarQube again?
Yes