1. Home
  2. Static Application Security Testing (SAST) Tools
  3. SonarQube Reviews
  4. User Review of SonarQube
Code Quality is a Must!
Updated February 03, 2023

Code Quality is a Must!

Ariel Cabeza | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with SonarQube

We use SonarQube as part of the CICD pipeline running on Azure DevOps. Mostly .Net projects, and currently integrating with react native.
  • Ongoing code quality management
  • Increase developer skills.
  • Detect and report problems.
  • Scale with business needs
  • Optimize the quality
  • it is sustainable
  • The main “disadvantage” is code maintenance, being more expensive, it also takes more time, as well as producing “false positives”.
  • Not conforming to code standards and conventions.
  • Duplicate code detection
  • Code file size.
  • Known security vulnerabilities.
  • Method size.
  • Cyclomatic complexity
  • Quality thresholds
  • It gives the ability of the projects to evolve and be modified.
  • Keeping applications without bugs directly impacts the business. Giving continuity and maintaining productivity.
SonarQube is more focused on code quality, whereas Veracode does a better job of finding security vulnerabilities. We lean towards SonarQube because we are looking for quality.

Do you think SonarQube delivers good value for the price?

Yes

Are you happy with SonarQube's feature set?

Yes

Did SonarQube live up to sales and marketing promises?

Yes

Did implementation of SonarQube go as expected?

Yes

Would you buy SonarQube again?

Yes

SonarQube allows automatic static analysis of source code, looking for patterns with errors, bad practices or incidents.
In addition, it performs a calculation of the technical debt. It can be used in any scenario.
In order to use SonarQube, you need to install a server component, where the engine that performs the analysis and stores the results is located, and the analysis must be invoked in some way, which can be done with a client called SonarQube Scanner.
You can also integrate the analysis into the IDE you are using, with a plugin called SonarLint!.