1. Home
  2. Static Application Security Testing (SAST) Tools
  3. SonarQube Reviews
  4. User Review of SonarQube
SonarQube: Helper of Dev and organisation for better code quality and security practices.
January 20, 2023

SonarQube: Helper of Dev and organisation for better code quality and security practices.

Aman Makwana | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with SonarQube

As service based and product based organisation we are dealing with variety of products and projects so in order to maintain the Code Quality and also improve the coding structure by following the suggestions given by SonarQube Analysis and also checking the Code Coverage so we get to know that our code has fully passed through the Sonar Analysis. As a part of DevOps team we integrate SonarQube checks in CI(continuous integration part) so its an part of continuous code quality and we have also created custom Quality Gates in order to prevent the false or unimproved code from going into any environments.
  • Static Code Scanning
  • Code Coverage reports, User Friendly Dashboard
  • Integration with various tools in order to maintain code quality
  • Pre-built as well as Custom Quality Gates
  • Detect Bugs & Vulnerabilities, Review Security Hotspots, Track Code Smells
  • Also has many plugins to interact with
  • As in SonarQube community edition they should enable the after scanning report generation
  • other security reports like, vulnerability with preferred solution
  • Guide on scalability, backups, resiliency as well
  • small report type UI on other tools as well like Jenkins
  • Integrations with CI/CD
  • Many plugins which we can integrate
  • Code coverage
  • Vulnerability, code smells, bugs
  • Custom as well prebuilt code quality gates
  • Support many current trends tech stacks languages
  • User management and project management
  • User friendly UI for seeing after scans report
  • Helped the Developer in maintaining code quality and also better at coding structures
  • maintaining the security best practices before they are going to production
  • also resolved vulnerabilities and bugs on bases of best given suggestion
No alternatives as SonarQube is best fitted in our Use Cases

Do you think SonarQube delivers good value for the price?

Yes

Are you happy with SonarQube's feature set?

Yes

Did SonarQube live up to sales and marketing promises?

Yes

Did implementation of SonarQube go as expected?

Yes

Would you buy SonarQube again?

Yes

Checkmarx, Amazon Elastic Kubernetes Service (EKS), Docker, GitLab, GitHub, Prometheus, Grafana Loki
When we have a big projects/products and also there are multiple tech stacks involved in project and also there's an dedicated team working of multiple tech stack is working so there we need to ensure the uniformity in coding structures and also its has support for many languages out there in market. Its not suitable for small projects where the user base, internet traffic is not much. because in that use case we have more headache on maintaining SonarQube servers