SonarQube your free & friendly DevSecOps tool
January 18, 2023

SonarQube your free & friendly DevSecOps tool

Randy Varela | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with SonarQube

SonarQube is our primary DevSecOps tool, helping us and our customers to create a secure development program for our applications and changes in infrastructure.

SonarQube is easy to use once installed and recently we've been using the cloud version (SonarCloud) even easier to integrate with our current tools and infrastructure.

Pros

  • SAST
  • DEVSECOPS
  • BUGS
  • SECURITY BEST PRACTICES

Cons

  • Not easy to install
  • No support on free version
  • Community Support
  • SAST
  • Security Rules
  • DevOps integration
  • It's Free so no big impact on investment
  • Nice reporting
  • Up-to-date rules

Do you think SonarQube Server delivers good value for the price?

Yes

Are you happy with SonarQube Server's feature set?

Yes

Did SonarQube Server live up to sales and marketing promises?

No

Did implementation of SonarQube Server go as expected?

Yes

Would you buy SonarQube Server again?

Yes

SonarQube is a good tool for DevSecOps, it has been with us for years, it's free and it's helping on the security pipeline of many popular and critical development nowadays (Apache struts, Brave, ...). SonarQube is community maintained but fairly up-to-date against recent threats also integrates very quick with most of the common DevOps tools such as Jenkins, Azure DevOps and GitHub

Comments

More Reviews of SonarQube Server

  1. Home
  2. Static Application Security Testing (SAST) Tools
  3. SonarQube Server Reviews
  4. User Review of SonarQube Server