Item: SonarQube Server
Rating: 9
Author: Sharique Khan

Overall Satisfaction with SonarQube

Use Cases and Deployment Scope

SonarQube is the static security code analysis tool used in the organization. It is integrated with Continuous Integration pipelines of multiple product lines including legacy and modern applications. It has been implemented with TeamCity, Azure DevOps and VSTS CI/CD tools. Its purpose is to ensure the builds are of the highest quality and free of security vulnerabilities.

Pros and Cons

Pros

Customizable Ruleset
Support multiple programming stacks
Ease of integration with multiple CI/CD tools

Cons

Admin Portal could have more usability
Enhanced Reporting
More live examples and samples

Most Important Features

Security Ruleset
Ease of integration with CI CD tools
Intelligent Reporting

Return on Investment

Better Quality Code Output
Enhanced secure coding implementation
Increase efficiency of the development team

Key Insights

Do you think SonarQube Server delivers good value for the price?

Yes

Are you happy with SonarQube Server's feature set?

Yes

Did SonarQube Server live up to sales and marketing promises?

Yes

Did implementation of SonarQube Server go as expected?

Yes

Would you buy SonarQube Server again?

Yes

Other Software Used

Pivotal RabbitMQ

Likelihood to Recommend

SonarQube is well suited to implement Secure SDLC and incorporate the best secure coding practices. It would ensure adherence to the organization's coding standards and have uniform code across various development teams. It enables early identification and remediation of security flaws in the code

Comments

Please log in to join the conversation

An important tool to implement Secure SDLC practices