An important tool to implement Secure SDLC practices
September 22, 2021

An important tool to implement Secure SDLC practices

Sharique Khan | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with SonarQube

SonarQube is the static security code analysis tool used in the organization. It is integrated with Continuous Integration pipelines of multiple product lines including legacy and modern applications. It has been implemented with TeamCity, Azure DevOps and VSTS CI/CD tools. Its purpose is to ensure the builds are of the highest quality and free of security vulnerabilities.
  • Customizable Ruleset
  • Support multiple programming stacks
  • Ease of integration with multiple CI/CD tools
  • Admin Portal could have more usability
  • Enhanced Reporting
  • More live examples and samples
  • Security Ruleset
  • Ease of integration with CI CD tools
  • Intelligent Reporting
  • Better Quality Code Output
  • Enhanced secure coding implementation
  • Increase efficiency of the development team

Do you think SonarQube delivers good value for the price?

Yes

Are you happy with SonarQube's feature set?

Yes

Did SonarQube live up to sales and marketing promises?

Yes

Did implementation of SonarQube go as expected?

Yes

Would you buy SonarQube again?

Yes

SonarQube is well suited to implement Secure SDLC and incorporate the best secure coding practices. It would ensure adherence to the organization's coding standards and have uniform code across various development teams. It enables early identification and remediation of security flaws in the code