We are customers of SonarCloud.
VP Business Development North America at Geko
Can be installed locally, is stable and easy to implement
Pros and Cons
- "The solution can be installed locally."
- "It would be helpful if notifications could go out to an extra person."
What is our primary use case?
What is most valuable?
I like that the solution can be installed locally.
What needs improvement?
I'd like them to include an alert for a third person. Sometimes there are very big problems that come up, possibly a large bug report, and it would be helpful if a notification could go out to an extra person.
For how long have I used the solution?
I've been using this solution for about three years.
Buyer's Guide
SonarQube Cloud (formerly SonarCloud)
October 2024
Learn what your peers think about SonarQube Cloud (formerly SonarCloud). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
I believe the solution is scalable. For now, we have 20 users but we are planning to expand usage.
How was the initial setup?
I wasn't involved in the setup but I believe it was relatively easy.
What other advice do I have?
I rate this solution nine out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Infrastructure & Compliance & Cloud at TEO
Offers continuous code analysis which can improve the code quality
Pros and Cons
- "The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."
- "The solution needs to improve its customization and flexibility."
What is most valuable?
The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules.
What needs improvement?
The solution needs to improve its customization and flexibility.
For how long have I used the solution?
I have been using the solution for ten days.
What do I think about the stability of the solution?
I would rate the product's stability an eight out of ten.
How are customer service and support?
We have received instant replies from the support but not actual answers. We contacted support regarding upgrading the edition.
How was the initial setup?
The tool's setup is not complex. Our engineers were not experienced and they took time to implement the product.
What other advice do I have?
The tool is simple and I would rate it an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
SonarQube Cloud (formerly SonarCloud)
October 2024
Learn what your peers think about SonarQube Cloud (formerly SonarCloud). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Senior Security Consultant at Tafhar IT Services
Well priced, good for basic needs, but is too limited
Pros and Cons
- "For what it is meant to do, it works pretty well."
- "I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
What is our primary use case?
The solution is a static code analysis tool. That's basically what we use it for in our organization.
What is most valuable?
We bought the solution due to the fact that it was the lowest price.
For what it is meant to do, it works pretty well.
It's good for analysis.
What needs improvement?
I've been told by the developers that the solution is too limited. It's not testing enough within the containers. For instance, it only checks for obvious code errors. They should work to improve this.
At that moment we needed to scan the codes that the developers are producing, we found out that we needed more features.
For how long have I used the solution?
I've been using the solution for six months or so now. It's been less than a year.
Which solution did I use previously and why did I switch?
The former product we used was Twistlock.
How was the initial setup?
I haven't had much experience with the initial setup. I can't speak to what the deployment or setup was like.
What's my experience with pricing, setup cost, and licensing?
The pricing is very good.
Which other solutions did I evaluate?
We're currently looking into other options.
We're either looking for an integrated product for the whole CICB pipeline, such as StackRox, or we're looking at Fishman from Palo Alto. We're also looking at individual products for the whole CICB pipeline. In fact, this afternoon we are having a meeting to further discuss what tools we will use, or what can we use for dependency decks in the whole CICB pipeline, and for us to get a container image.
What other advice do I have?
We're a customer and an end-user of the product. We don't have a business relationship with them.
I'm not sure which version of the solution we're using.
I'd advise potential users to first check all the features to see if what they need is there and then check them off to ensure that SonarCloud fills all your needs.
It's a good product for its purpose.
I'd rate the solution at a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free SonarQube Cloud (formerly SonarCloud) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Static Application Security Testing (SAST)Popular Comparisons
SonarQube Server (formerly SonarQube)
Fortify on Demand
PortSwigger Burp Suite Professional
Qualys Web Application Scanning
Rapid7 AppSpider
Buyer's Guide
Download our free SonarQube Cloud (formerly SonarCloud) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Application Security Solution Do You Use That Is DevOps Friendly?
- Which is the most comprehensive open source Web Security Testing tool?
- What is the best Application Security Testing platform?
- When evaluating Application Security Testing, what aspect do you think is the most important to look for?
- SAST vs. DAST: Which is better for application security testing?
- What tools do you rely on for building a DevSecOps pipeline?
- What does the Log4j/Log4Shell vulnerability mean for your company?
- Checkmarx or Veracode. Which should we choose?
- What are your recommended automated penetration testing tools?
- What are the OWASP top 10 in 2020?