SAST Tools selection - SonarQube to the rescue
May 20, 2021
SAST Tools selection - SonarQube to the rescue
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with SonarQube
We use [SonarQube] for static scans for all custom apps at JLL
Pros
- Easy to integrate with MS tech stack
- Scans can be configured
- Endpoints can are setup on central server
Cons
- Reporting on SonarQube is poor
- The configuration is not intuitive
- Role and IAM access is not accurate, too much dependence on admin
- Cloud setup
- Run scans on demand
- Integrate scans with builds
- We are able to scan our apps regularly
- We are able to get reports on scan issues
- It takes time to setup scans and reconfigure, this can be improved
Setting up with Azure devops is easier.
Scans results and depth of tweaking/whitelisting code snippets is easier with SonarQube.
Scans results and depth of tweaking/whitelisting code snippets is easier with SonarQube.
Do you think SonarQube Server delivers good value for the price?
Not sure
Are you happy with SonarQube Server's feature set?
Yes
Did SonarQube Server live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of SonarQube Server go as expected?
I wasn't involved with the implementation phase
Would you buy SonarQube Server again?
Yes
Comments
Please log in to join the conversation