SAST Tools selection - SonarQube to the rescue
May 20, 2021

SAST Tools selection - SonarQube to the rescue

Kirti Thakkar | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with SonarQube

We use [SonarQube] for static scans for all custom apps at JLL
  • Easy to integrate with MS tech stack
  • Scans can be configured
  • Endpoints can are setup on central server
  • Reporting on SonarQube is poor
  • The configuration is not intuitive
  • Role and IAM access is not accurate, too much dependence on admin
  • Cloud setup
  • Run scans on demand
  • Integrate scans with builds
  • We are able to scan our apps regularly
  • We are able to get reports on scan issues
  • It takes time to setup scans and reconfigure, this can be improved
Setting up with Azure devops is easier.
Scans results and depth of tweaking/whitelisting code snippets is easier with SonarQube.

Do you think SonarQube delivers good value for the price?

Not sure

Are you happy with SonarQube's feature set?

Yes

Did SonarQube live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of SonarQube go as expected?

I wasn't involved with the implementation phase

Would you buy SonarQube again?

Yes

[SonarQube] has some clear advantages for C# code, Scans do work well once set up.