Sonarqube - The ultimate tool for end to end code analysis
February 01, 2023
Sonarqube - The ultimate tool for end to end code analysis
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with SonarQube
SonarQube is the default choice for static analysis tools for all the projects in our organization. We use it extensively for examining code quality, detect code smells, detect security issues in code and identify complexities in code for every project. SonarQube is extremely useful since it works for almost all languages that we write our code in, including python and Java. The plugin based framework ensures extensibility and easy enhancement of functionality for new usecases.
Pros
- Easy integration with all coding languages
- Plugin integration ensures easy extensibility
- Detects code smells and vulnerabilities
- Generate test coverage reports
- Custom quality gates to ensure no bad code is merged
Cons
- Learning curve is steep
- Report generation is often very time consuming
- Works particularly well for Java, but not so good for Python and R
- Initial setup is quite complicated
- Test report coverage
- Tracking code smells and security vulnerabilities
- Integration with IDEs for static analysis
- Support for multiple languages
- Feature extensibility and Custom Quality Gates
- We are now much more confident about our code security than before
- We have been easily able to generate centralized reports of test coverage, code quality and vulnerable dependencies
- With Integration with Eclipse and VS Code, developer productivity has improved.
Jenkins and GitLab are not exact alternatives for SonarQube, however, they do provide functionality for running and executing build pipelines for various languages and generating reports. However, they are not extensible, have no integration with IDEs and not suitable for static code analysis and detecting software vulnerabilities. SonarQube is much suitable for these usecases.
Do you think SonarQube delivers good value for the price?
Yes
Are you happy with SonarQube's feature set?
Yes
Did SonarQube live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of SonarQube go as expected?
I wasn't involved with the implementation phase
Would you buy SonarQube again?
Yes
Comments
Please log in to join the conversation