An important tool to implement Secure SDLC practices
September 22, 2021
An important tool to implement Secure SDLC practices
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with SonarQube
SonarQube is the static security code analysis tool used in the organization. It is integrated with Continuous Integration pipelines of multiple product lines including legacy and modern applications. It has been implemented with TeamCity, Azure DevOps and VSTS CI/CD tools. Its purpose is to ensure the builds are of the highest quality and free of security vulnerabilities.
- Customizable Ruleset
- Support multiple programming stacks
- Ease of integration with multiple CI/CD tools
- Admin Portal could have more usability
- Enhanced Reporting
- More live examples and samples
- Security Ruleset
- Ease of integration with CI CD tools
- Intelligent Reporting
- Better Quality Code Output
- Enhanced secure coding implementation
- Increase efficiency of the development team
Do you think SonarQube delivers good value for the price?
Yes
Are you happy with SonarQube's feature set?
Yes
Did SonarQube live up to sales and marketing promises?
Yes
Did implementation of SonarQube go as expected?
Yes
Would you buy SonarQube again?
Yes