SonarQube to make your project secure
January 18, 2023
SonarQube to make your project secure
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with SonarQube
We use Sonar in order to ensure our code is secure. We have used it on APIs and on our Frontend. We have also used the Sonar lint for Android. We have a plug in for our Jenkins account which will check our project code coverage etc in Sonar if this fails then our code cannot go live or merged into master
- Code coverage
- Shows potential fixes
- Speed
- Sometimes the messages can be long and for someone's first time seeing this it can be hard to find what to look for
- Sometimes potential fixes are not available
- Documentation on setting up with Jenkins was hard to follow at some parts
- Code Quality
- Jenkins Plugin
- Test coverage
- Less bad code
- Faster testing
- More confidence in project security as stakeholders can see our code Quality and coverage
I have used GitHub more that fortify so I am more familiar with GitHub for checking for vulnerabilities. I have noticed GitHub is good for checking different packages within your project but as far as checking code Quality and coverage Sonar is the better one in my opinion. Fortify is not used much in my org as we do proof of concepts and fortify is more expensive for us so it is rarely used
Do you think SonarQube delivers good value for the price?
Yes
Are you happy with SonarQube's feature set?
Yes
Did SonarQube live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of SonarQube go as expected?
Yes
Would you buy SonarQube again?
Yes