Try our new research platform with insights from 80,000+ expert users
it_user344817 - PeerSpot reviewer
Service Line Leader at a tech services company with 10,001+ employees
Real User
It's enabled us to improve software quality and help us to disseminate best practices, but it needs better design of the interface.
Pros and Cons
  • "It's enabled us to improve software quality and help us to disseminate best practices."
  • "A better design of the interface and add some new rules."

How has it helped my organization?

It's enabled us to improve software quality and help us to disseminate best practices.

What is most valuable?

This product is open source and very convenient.

What needs improvement?

A better design of the interface and add some new rules.

What do I think about the stability of the solution?

Only common issues have been experienced.

Buyer's Guide
SonarQube Server (formerly SonarQube)
November 2024
Learn what your peers think about SonarQube Server (formerly SonarQube). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.

What do I think about the scalability of the solution?

Only common issues have been experienced.

How are customer service and support?

Customer Service:

I can't rate because there was no customer service.

Technical Support:

The technical documentation is really good and the community is great and active.

Which solution did I use previously and why did I switch?

Nothing was implemented before this software, only PMD, a light control tool.

How was the initial setup?

The technical documentation online is easy to understand, so the initial setup is straightforward. However, they need to adapt your organization's constraints to the software, which is more difficult.

What about the implementation team?

We did it in-house.

What's my experience with pricing, setup cost, and licensing?

This product is, to my mind, a reference so that if you decide to put in place this software, you will improve the quality control inside your organization. Simple and effective.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SHANTHAMURTHY HANUMANTHARAYAPPA - PeerSpot reviewer
SHANTHAMURTHY HANUMANTHARAYAPPAAssoc Quality Analyst at OptumServe Technology Services
Real User

Interesting, I haven't used yet however, the review by ServiceLineLead817 is amazing and impressive. Consequently I should give a try and appreciate your positive feedback about SONARQUBE.

it_user347595 - PeerSpot reviewer
Java Developer at a tech consulting company with 51-200 employees
Consultant
the API documentation is poor, when it exists at all, but it does easily integrate with Jenkins.

Valuable Features:

The feature I find most valuable are--

  • Quick access to issues in the code
  • The ability to define your own analysis profiles
  • Easy integration with Jenkins

Improvements to My Organization:

For the record, what I do with SonarQube is develop a language plugin for a language not previously covered by SonarQube. As such, my experience of running SonarQube is limited to that necessary to have the plugin tested, nothing more.

Room for Improvement:

I'd like to see more API documentation, including, but not limited to, more extensive documentation of provided examples.

Use of Solution:

I've used it for eight months.

Initial Setup:

I only deployed it for development purposes and it was pretty straightforward. You unzip, configure, and run. Of course, production deployments will require more than that.

The provided archives are self running; but since this is a bona fide webapp, you might want to use your own servlet container to run it instead.

Other Solutions Considered:

No, I didn't. I was employed specifically for this plugin, and while know other code-quality control solutions exist, I didn't explore any of them.

Other Advice:

Product is good, but the API documentation is poor, when it exists at all.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
SonarQube Server (formerly SonarQube)
November 2024
Learn what your peers think about SonarQube Server (formerly SonarQube). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
it_user336438 - PeerSpot reviewer
Web Developer/DevOps Engineer with 501-1,000 employees
Vendor
It allows for code exploration on the front-end as well as the ability to import from Fortify.

Valuable Features

Code exploration on the front-end, as well as the ability to import from Fortify, are valuable features.

Improvements to My Organization

It allows for better collaboration of our team members on security findings.

Room for Improvement

The Python code scan has so few rules that it is meaningless.

The support for mobile applications is limited to Android Lint importing, although the Android Lint report is fine on it's own so what it he point of using it.

And the Fortify plugin is deprecated.

Use of Solution

I've used it for two years.

Deployment Issues

It is quality software, even if the plugins are often weaker than would be necessary to have a team centralize around it. It is good for an open source project, but creating plugins is important and so complicated and not well documented that it is rarely done.

Stability Issues

No issues encountered.

Scalability Issues

No issues encountered.

Customer Service and Technical Support

It is open source so I don't try to rely on their technical support.

Initial Setup

It was fairly straightforward, although some plugins depend on outside software to run, which is to be expected.

Implementation Team

We implemented it ourselves.

Pricing, Setup Cost and Licensing

It is free, so the price is good. If they had stronger plugins then we would gladly pay.

Other Solutions Considered

We evaluated the market, and because security scans are so different, there was not a good COTS or open source solution that met our needs so we went with the best open source solution, which was SonarQube.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Software Developer at a tech services company with 501-1,000 employees
Consultant
It supports over 20 programming languages and allows me to create custom coding rules.

What is most valuable?

  • Languages Support - over 20 programming languages
  • Pre-commit check directly into Eclipse
  • Issues Report into PreviewMode
  • Custom coding rules
  • Unit tests
  • Duplication and code duplication check
  • Custom-defined checks

How has it helped my organization?

I have fallen in love with SonarQube when I could've easily built custom rules checks. However, doing that manually checking takes tons of time.

What needs improvement?

  • Explicit checks for issues
  • Severity tab tweaks
  • Optimization into the Settings, such as adding new features/customization

For how long have I used the solution?

I've used it for almost two years, starting with v4.3.3.

What was my experience with deployment of the solution?

Predefined rules/overriding rules caused some issues.

How are customer service and technical support?

6.5/10.

Which solution did I use previously and why did I switch?

  • Squale
  • Panopticode
  • CodePro AnalytiX

How was the initial setup?

It was straightforward to install and setup, but complex to adapt to and learn.

What about the implementation team?

We used a vendor team.

Which other solutions did I evaluate?

I did not evaluated other options.

What other advice do I have?

I would advise you to think a lot before acting.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user732738 - PeerSpot reviewer
Technical Architect and Software Engineer at a tech services company
Real User
Provides holistic overview of all quality issues in a project and enables easy drill down into particular problems
Pros and Cons
  • "With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."

    What is most valuable?

    SonarQube is not valuable because of the information it gives it. We can gather that same information from several other tools as well. It is the way the information is presented that makes it so powerful. It provides a holistic picture of all quality issues in a software project. With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas.

    How has it helped my organization?

    Individual developers are more concerned about the quality of their work when they see their results in the big picture.

    For how long have I used the solution?

    About a year, in different projects, including the current one.

    What do I think about the stability of the solution?

    No.

    What do I think about the scalability of the solution?

    No.

    How are customer service and technical support?

    Not used.

    Which solution did I use previously and why did I switch?

    We used the same tests, but with every developer running them individually. Now management can also get a picture of the quality assurance.

    How was the initial setup?

    Very simple.

    What's my experience with pricing, setup cost, and licensing?

    Price is high and only worth it if your organization has hundreds of developers.

    Which other solutions did I evaluate?

    No.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Software Engineer at Adfolks
    Real User
    Good code scanning and quality gate features, but the reporting could be improved
    Pros and Cons
    • "The most valuable features are code scanning and Quality Gates."
    • "The reporting can be improved."

    What is our primary use case?

    I was using SonarQube to scan my code for vulnerabilities as part of the DevOps process.

    What is most valuable?

    The most valuable features are code scanning and Quality Gates.

    What needs improvement?

    The reporting can be improved. In particular, the portability report can be better.

    I would like to see better integration with the various DevOps tools.

    For how long have I used the solution?

    I was using SonarQube for between six and ten months.

    What do I think about the stability of the solution?

    The stability is good.

    How are customer service and technical support?

    The community support is great. I have not had reason to contact the technical support team from the vendor.

    How was the initial setup?

    The initial setup is straightforward. I would not say that it is complex and it can be deployed in less than 10 minutes.

    What's my experience with pricing, setup cost, and licensing?

    I was using the Community Edition, which is available free of charge.

    Which other solutions did I evaluate?

    I evaluated other products including Veracode and I felt that SonarQube was the best product.

    What other advice do I have?

    I would rate this solution a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer1073967 - PeerSpot reviewer
    Project Manager, Senior Architect at a computer software company with 1,001-5,000 employees
    Real User
    Well featured, easily manageable, identifies production issues
    Pros and Cons
    • "It is a good deal compared to all other tools on the market."

      What is our primary use case?

      We decided to implement the solution to keep up to date with testing, security, and other issues with developments, such as bugs.

      What is most valuable?

      In regards to features, overall the product is good. It minimizes the difficulty or issues that we encountered during the production. We are using the open-sourced version and issues can easily be resolved.

      For how long have I used the solution?

      I have been using the solution for four to five years.

      What do I think about the stability of the solution?

      We are using everything that is open-source and this allows us when we have the regular day to day issues, our team works on them directly to identifying their causes and they resolve them quickly.

      What about the implementation team?

      We have our internal team that is very knowledgeable, experienced, and have extreme abilities that handle our needs.

      What's my experience with pricing, setup cost, and licensing?

      I think comparing the product to competitors it should be less expensive.

      What other advice do I have?

      I would recommend SonarQube. It is a good deal compared to all other tools on the market.  It certainly helped us, it is a good tool and should be definitely used.

      I rate SonarQube a nine out of ten.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      reviewer1192836 - PeerSpot reviewer
      Director of consultory at a non-tech company with 1,001-5,000 employees
      Real User
      Straightforward installation, stable, and effective code analysis
      Pros and Cons
      • "The most valuable features are the analysis and detection of issues within the application code."
      • "The solution could improve by providing more advanced technologies."

      What is our primary use case?

      We use SonarQube for testing, reviewing, and ensuring the quality of application code.

      What is most valuable?

      The most valuable features are the analysis and detection of issues within the application code.

      What needs improvement?

      The solution could improve by providing more advanced technologies.

      For how long have I used the solution?

      I have been using the solution within the last 12 months.

      What do I think about the stability of the solution?

      The SonarQube is stable.

      How was the initial setup?

      The installation is easy.

      What's my experience with pricing, setup cost, and licensing?

      The price of this solution is more expensive than competitors. However, it works better than competitors.

      Which other solutions did I evaluate?

      I have evaluated other solutions.

      What other advice do I have?

      I rate SonarQube an eight out of ten.

      Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
      PeerSpot user
      Buyer's Guide
      Download our free SonarQube Server (formerly SonarQube) Report and get advice and tips from experienced pros sharing their opinions.
      Updated: November 2024
      Buyer's Guide
      Download our free SonarQube Server (formerly SonarQube) Report and get advice and tips from experienced pros sharing their opinions.