SonarQube - solid static code analysis tool
January 19, 2023
SonarQube - solid static code analysis tool
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with SonarQube
We use SonarQube in the software department in our devOps pipeline to analyze source code for our application and provide metrics on issues that it identifies within the codebase. Basically we'll run SonarQube at various steps of code check ins and merges as one of many metricsto determine code quality and alert the teams to potential issues in recently checked in codde that may need to be triaged and addressed.
Pros
- Works well with .Net
- Has a nice extension that allows us to run it in our IDE (visual studio)
- Is customizable in the sense that you can write your own rule set that you want SonarQube to analyze the code against
Cons
- Often it finds errors that aren't really errors that have impact, takes a lot of time to sort through those cases
- It's a good screener, but by no means can it catch all bugs or be the sole predictor of code quality, so the metrics that it provides need to be caveated when reporting to leadership, etc
- Ease of implementation within our devOps pipeline
- Has integration with our company's IDE of choice (Microsoft Visual Studio)
- Works well with .NET framework
- Positive ROI from the standpoint of flagging several issues that would have otherwise likely been unaddressed and caused more time to be spent closer to launch
- Slightly positive ROI from time-saving perspective (it's an automated check which is nice, but depending on the issues it finds, can take developers time to investigate and resolve)
SonarQube deployment worked well with our pipeline and had the right integrations with our IDE as well as it worked well with analyzing .NET frameworks when compared to GitHub and GitLab which has some of the functionality and can do some checks, but SonarQube made more sense given our existing DevOps pipeline.
Do you think SonarQube delivers good value for the price?
Yes
Are you happy with SonarQube's feature set?
Yes
Did SonarQube live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of SonarQube go as expected?
I wasn't involved with the implementation phase
Would you buy SonarQube again?
Yes
Comments
Please log in to join the conversation