Try our new research platform with insights from 80,000+ expert users
SonarQube Cloud (formerly SonarCloud) Logo

SonarQube Cloud (formerly SonarCloud) pros and cons

Vendor: Sonar
4.1 out of 5

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

SonarQube Cloud effectively identifies vulnerabilities, security weaknesses, and code smells, improving code security at the development stage.
It offers detailed and actionable reports that enhance the deployment process and code quality.
Features like continuous code analysis and immediate vulnerability reporting on the dashboard help in maintaining high code standards.
The ability to customize rules according to specific needs reduces the occurrence of false positives.
Support for mono reports and microservices has been added, providing more detailed insights for each service.

CONS

SonarQube Cloud (formerly SonarCloud) is too limited in testing within containers, and developers have reported issues with the scanner.
False positives and gate behavior can be problematic and require manual intervention to mark false positives.
Integration in the CI/CD pipeline is lacking, as full integration is missing and a silo approach persists despite the importance of optimization across design, development, and production stages.
Reports need improvement in providing more information and customization capabilities are required for operational use.
Documentation needs enhancement to optimize build time for seamless CI/CD integration and the configuration process requires improvement, especially during the initial setup phase.
 

SonarQube Cloud (formerly SonarCloud) Pros review quotes

SK
Dec 11, 2023
SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs.
Huzaifa Asif - PeerSpot reviewer
Dec 12, 2023
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
BJ
May 29, 2022
I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is.
Learn what your peers think about SonarQube Cloud (formerly SonarCloud). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
SenthuranPooranananthan - PeerSpot reviewer
Apr 25, 2022
The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions.
Diego Moreo - PeerSpot reviewer
Oct 7, 2024
The SaaS solution for checking code without execution and dealing with security issues is valuable.
HT
Jun 24, 2021
For what it is meant to do, it works pretty well.
Rashedul Khan - PeerSpot reviewer
Mar 10, 2023
The most valuable feature of SonarCloud is its overall performance.
GHASSAN ODETALLAH - PeerSpot reviewer
Jan 17, 2022
The reports from SonarCloud are very good.
Sagar Mody - PeerSpot reviewer
Dec 6, 2023
Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots.
Uzma Noreen - PeerSpot reviewer
Jun 27, 2023
The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules.
 

SonarQube Cloud (formerly SonarCloud) Cons review quotes

SK
Dec 11, 2023
The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps.
Huzaifa Asif - PeerSpot reviewer
Dec 12, 2023
There's room for improvement in the configuration process, particularly during the initial setup phase.
BJ
May 29, 2022
CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling.
Learn what your peers think about SonarQube Cloud (formerly SonarCloud). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
SenthuranPooranananthan - PeerSpot reviewer
Apr 25, 2022
SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive.
Diego Moreo - PeerSpot reviewer
Oct 7, 2024
Reporting features are missing in SonarCloud.
HT
Jun 24, 2021
I've been told by the developers that the solution is too limited. It's not testing enough within the containers.
Rashedul Khan - PeerSpot reviewer
Mar 10, 2023
The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit.
GHASSAN ODETALLAH - PeerSpot reviewer
Jan 17, 2022
We had some issues with the scanner.
Sagar Mody - PeerSpot reviewer
Dec 6, 2023
SonarCloud's UI needs enhancement.
Uzma Noreen - PeerSpot reviewer
Jun 27, 2023
The solution needs to improve its customization and flexibility.