SonarQube: The go-to tool for code quality
Overall Satisfaction with SonarQube
SonarQube is currently used in silos in our organizations. One of our departments is using it full-time for all their code repositories whereas in the other department we are slowly ramping up from a POC to full-blown organization-wide usage. For us it solves the problems of Code quality, figuring out static code issues, bad coding practices, and mostly enabling toll-gating on our side to prevent bad code from making it to the production environments.
Pros
- Ability to provide static code coverage in integration with Jenkins CI/CD pipeline.
- Ability to define custom rule sets, based on our organizational requirements.
- Ability to add custom toll-gating for different applications.
Cons
- Enterprise license is very costly.
- Runs only on Java 11.
- Another major issue is the way elastic search is used in Sonarqube, it makes it slightly challenging to run on a cloud environment like AWS.
- Code quality determination.
- Ease of integration with Jenkins CI/CD.
- Integration with Github and code review process.
- Improved code quality.
- Bad coding practices/static code issues are caught in the Dev phase itself.
- Codacy and WhiteSource
Codacy:
- Pros
- Code quality tests
- Code quality trending
- Security analysis
- Claims integrations with BitBucket, JIRA, Slack, although hard to find detail on their web page.
- Cons
- Website is light on technical details
- Relatively new product from a small startup. https://www.crunchbase.com/organization/codacy
- No BitBucket code review integration
- $15/per user/per month, no free tier
- Pros
- BitBucket code review integration.
- Open source license and vulnerability testing.
- Cons
- No code analysis, just open source dependency checking.
Do you think SonarQube Server delivers good value for the price?
Yes
Are you happy with SonarQube Server's feature set?
Yes
Did SonarQube Server live up to sales and marketing promises?
Yes
Did implementation of SonarQube Server go as expected?
Yes
Would you buy SonarQube Server again?
Yes
Comments
Please log in to join the conversation