1. Home
  2. Static Application Security Testing (SAST) Tools
  3. SonarQube Reviews
  4. User Review of SonarQube
Sonarqube - The ultimate tool for end to end code analysis
February 01, 2023

Sonarqube - The ultimate tool for end to end code analysis

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with SonarQube

SonarQube is the default choice for static analysis tools for all the projects in our organization. We use it extensively for examining code quality, detect code smells, detect security issues in code and identify complexities in code for every project. SonarQube is extremely useful since it works for almost all languages that we write our code in, including python and Java. The plugin based framework ensures extensibility and easy enhancement of functionality for new usecases.
  • Easy integration with all coding languages
  • Plugin integration ensures easy extensibility
  • Detects code smells and vulnerabilities
  • Generate test coverage reports
  • Custom quality gates to ensure no bad code is merged
  • Learning curve is steep
  • Report generation is often very time consuming
  • Works particularly well for Java, but not so good for Python and R
  • Initial setup is quite complicated
  • Test report coverage
  • Tracking code smells and security vulnerabilities
  • Integration with IDEs for static analysis
  • Support for multiple languages
  • Feature extensibility and Custom Quality Gates
  • We are now much more confident about our code security than before
  • We have been easily able to generate centralized reports of test coverage, code quality and vulnerable dependencies
  • With Integration with Eclipse and VS Code, developer productivity has improved.
Jenkins and GitLab are not exact alternatives for SonarQube, however, they do provide functionality for running and executing build pipelines for various languages and generating reports. However, they are not extensible, have no integration with IDEs and not suitable for static code analysis and detecting software vulnerabilities. SonarQube is much suitable for these usecases.

Do you think SonarQube delivers good value for the price?

Yes

Are you happy with SonarQube's feature set?

Yes

Did SonarQube live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of SonarQube go as expected?

I wasn't involved with the implementation phase

Would you buy SonarQube again?

Yes

You should buy: If you need static analysis for multiple languages in your teams If static analysis integration with IDEs is an important requirement If you need custom quality gates for code quality analysis If highly detailed test coverage reports is important for your organization Do not buy if you cannot afford a dedicated team to manage the SonarQube instance for your organization