Easy to use DevSecOps tool
January 19, 2023

Easy to use DevSecOps tool

Prashant Chaudhari | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with SonarQube

We use SonarQube to scan our source code whenever we push changes to github. SonarQube helps in identifying code smells and security issues in the code with detailed explanation and intuitive reports.

Pros

  • code analysis
  • code smell detection
  • security issues with code
  • syntax highlighting for different languages

Cons

  • Setup steps can be explained a bit better
  • Code Audit
  • Fixes for issues
  • Integrations
  • Code Security
  • OWASP Compliance
  • Maintainability of code
SonarQube is much better than Brakeman Scanner in a lot of regards

Do you think SonarQube Server delivers good value for the price?

Yes

Are you happy with SonarQube Server's feature set?

Yes

Did SonarQube Server live up to sales and marketing promises?

Yes

Did implementation of SonarQube Server go as expected?

Yes

Would you buy SonarQube Server again?

Yes

Kong Gateway Community (Open Source), Figma, Notion
Using docker, we were able to setup sonarqube and ran our first scan in about a day's time. It was quick to create different projects and linking source code to scan.
It clearly segregates issues under Reliability, Security and Maintainability buckets.
It also suggests solutions to fix issues with the code with up to date standards.

Comments

More Reviews of SonarQube Server

  1. Home
  2. Static Application Security Testing (SAST) Tools
  3. SonarQube Server Reviews
  4. User Review of SonarQube Server