SonarQube Cloud (formerly SonarCloud) Reviews

The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules. 

The solution needs to improve its customization and flexibility. 

I have been using the solution for ten days. 

I would rate the product's stability an eight out of ten. 

We have received instant replies from the support but not actual answers. We contacted support regarding upgrading the edition.  

The tool's setup is not complex. Our engineers were not experienced and they took time to implement the product. 

The tool is simple and I would rate it an eight out of ten. 

We use SonarCloud tools for all our 20 repositories and we are connecting the SonarCloud, from the Bitbucket pipeline.

The reports from SonarCloud are very good.

We had some issues with the scanner.

I have been using SonarCloud for approximately three weeks.

The solution is stable.

SonarCloud is scalable.

We plan to increase our package to the enterprise edition and decrease the lines of code in the future.

We have not needed the support at this time.

We previously used Codacy. We switch to SonarCloud because of their good reputation and we compared reports from both of them. SonarCloud seems to be more accurate. However, Codacy has a simpler installation. SonarCloud has more steps involved.

The solution is straightforward to implement. Some of the implementations can be quick.

The installation of the framwork was a bit difficult, it could be improved.

The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable.

We have purchased a license for 2 million lines of code. However, we have 10 million lines of code but it would be too costly for us to have a license for all the amount.

I would recommend SonarCloud to others.

I rate SonarCloud a nine out of ten.

The solution is a static code analysis tool. That's basically what we use it for in our organization.

We bought the solution due to the fact that it was the lowest price. 

For what it is meant to do, it works pretty well. 

It's good for analysis.

I've been told by the developers that the solution is too limited. It's not testing enough within the containers. For instance, it only checks for obvious code errors. They should work to improve this.

At that moment we needed to scan the codes that the developers are producing, we found out that we needed more features.

I've been using the solution for six months or so now. It's been less than a year.

The former product we used was Twistlock.

I haven't had much experience with the initial setup. I can't speak to what the deployment or setup was like.

The pricing is very good.

We're currently looking into other options.

We're either looking for an integrated product for the whole CICB pipeline, such as StackRox, or we're looking at Fishman from Palo Alto. We're also looking at individual products for the whole CICB pipeline. In fact, this afternoon we are having a meeting to further discuss what tools we will use, or what can we use for dependency decks in the whole CICB pipeline, and for us to get a container image.

We're a customer and an end-user of the product. We don't have a business relationship with them. 

I'm not sure which version of the solution we're using.

I'd advise potential users to first check all the features to see if what they need is there and then check them off to ensure that SonarCloud fills all your needs.

It's a good product for its purpose.

I'd rate the solution at a seven out of ten.

We mainly use SonarQube Cloud for code analysis, specifically static code analysis.

I find SonarQube Cloud very easy to use and simple to integrate initially. Our development teams find it very easy to integrate into their workflow. New team members immediately know how to use it. 

SonarQube Cloud could improve its vulnerability detection compared to Veracode. Additionally, it has fewer capabilities, which prompted us to use Veracode.

We have been using SonarQube Cloud for about two to three years.

I find SonarQube Cloud to be relatively stable. From my team's feedback, it is almost an eight out of ten.

I am uncertain about SonarQube Cloud's scalability. There are limitations, and it seems to have fewer capabilities than Veracode, which is why we also use Veracode.

I did not have much interaction with customer support. When I did contact them, the experience was very good, however, I didn't have any technical questions.

Neutral

I am mainly focusing on Veracode, and we also use SonarQube Cloud. In contrast, I find Veracode to be more complex. Veracode is considered to have better detection capabilities than SonarQube Cloud.

SonarQube Cloud was much easier to install compared to Veracode. One person is enough to handle the installation.

I have not done any ROI calculations on SonarQube Cloud.

From what I understand, SonarQube Cloud is roughly equivalent in cost to Veracode, maybe a little cheaper.

I rate SonarQube Cloud as a whole solution about seven out of ten.