Item: SonarQube
Rating: 10
Author: Prashant Chaudhari

Use Cases and Deployment Scope

We use SonarQube to scan our source code whenever we push changes to github. SonarQube helps in identifying code smells and security issues in the code with detailed explanation and intuitive reports.

Pros and Cons

code analysis
code smell detection
security issues with code
syntax highlighting for different languages

Setup steps can be explained a bit better

Most Important Features

Code Audit
Fixes for issues
Integrations

Return on Investment

Code Security
OWASP Compliance
Maintainability of code

Alternatives Considered

Brakeman Scanner

SonarQube is much better than Brakeman Scanner in a lot of regards

Key Insights

Do you think SonarQube delivers good value for the price?

Yes

Are you happy with SonarQube's feature set?

Yes

Did SonarQube live up to sales and marketing promises?

Yes

Did implementation of SonarQube go as expected?

Yes

Would you buy SonarQube again?

Yes

Other Software Used

Kong Gateway Community (Open Source), Figma, Notion

Likelihood to Recommend

Using docker, we were able to setup sonarqube and ran our first scan in about a day's time. It was quick to create different projects and linking source code to scan.
It clearly segregates issues under Reliability, Security and Maintainability buckets.
It also suggests solutions to fix issues with the code with up to date standards.

Easy to use DevSecOps tool

Overall Satisfaction with SonarQube