Try our new research platform with insights from 80,000+ expert users
it_user697038 - PeerSpot reviewer
DevOps at a tech company with 10,001+ employees
Vendor
Keep source code well tested using SonarQube
Pros and Cons
  • "We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage."
  • "We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."

How has it helped my organization?

Quality Gate helps us to merge code that was not covered with tests.

What is most valuable?

  • We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage.
  • We can review possible faults in JavaScript code.

What needs improvement?

We had some issues where the Quality Gate check sometimes gets stuck and it is unclear.

What do I think about the stability of the solution?

We had some stability issues where the Quality Gate check sometimes got stuck and it was unclear. This seldom happens.

Buyer's Guide
SonarQube Server (formerly SonarQube)
October 2024
Learn what your peers think about SonarQube Server (formerly SonarQube). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.

What do I think about the scalability of the solution?

There were no scalability issues.

How are customer service and support?

The technical support team has experts on it. They are available on Twitter, Google Groups, and StackOverflow.

Which solution did I use previously and why did I switch?

We did not use a different tool before this one.

How was the initial setup?

The initial setup required unzipping it and having MySQL install. We then set up a couple of configuration files. There was no need for IT for this.

What's my experience with pricing, setup cost, and licensing?

This is open source.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Founder at a tech services company with 11-50 employees
Real User
Works fine and provides good value for money
Pros and Cons
  • "It is working fine. It provides a good value for money."
  • "One thing to improve would be the integration. There is a steep learning curve to get it integrated."

What is our primary use case?

We use it as a gatekeeper for our external developers to follow the rules. If they don't comply with the rules within the source code, they cannot commit. 

What is most valuable?

It is working fine. It provides good value for money.

What needs improvement?

One thing to improve would be the integration. There is a steep learning curve to get it integrated.

For how long have I used the solution?

I have been using this solution for maybe two years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is definitely scalable. Currently, we have six users.

How are customer service and technical support?

We didn't contact them.

Which solution did I use previously and why did I switch?

This was our first one.

How was the initial setup?

Its initial setup is okay. It is not too difficult. It probably took a couple of hours.

One developer is enough for its deployment.

What's my experience with pricing, setup cost, and licensing?

We pay €10 per month for this solution, which is good. It provides good value for money.

What other advice do I have?

I would recommend this solution to others. I would rate SonarQube a nine out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
SonarQube Server (formerly SonarQube)
October 2024
Learn what your peers think about SonarQube Server (formerly SonarQube). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,528 professionals have used our research since 2012.
it_user344817 - PeerSpot reviewer
Service Line Leader at a tech services company with 10,001+ employees
Real User
It's enabled us to improve software quality and help us to disseminate best practices, but it needs better design of the interface.
Pros and Cons
  • "It's enabled us to improve software quality and help us to disseminate best practices."
  • "A better design of the interface and add some new rules."

How has it helped my organization?

It's enabled us to improve software quality and help us to disseminate best practices.

What is most valuable?

This product is open source and very convenient.

What needs improvement?

A better design of the interface and add some new rules.

What do I think about the stability of the solution?

Only common issues have been experienced.

What do I think about the scalability of the solution?

Only common issues have been experienced.

How are customer service and technical support?

Customer Service:

I can't rate because there was no customer service.

Technical Support:

The technical documentation is really good and the community is great and active.

Which solution did I use previously and why did I switch?

Nothing was implemented before this software, only PMD, a light control tool.

How was the initial setup?

The technical documentation online is easy to understand, so the initial setup is straightforward. However, they need to adapt your organization's constraints to the software, which is more difficult.

What about the implementation team?

We did it in-house.

What's my experience with pricing, setup cost, and licensing?

This product is, to my mind, a reference so that if you decide to put in place this software, you will improve the quality control inside your organization. Simple and effective.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SHANTHAMURTHY HANUMANTHARAYAPPA - PeerSpot reviewer
SHANTHAMURTHY HANUMANTHARAYAPPAAssoc Quality Analyst at OptumServe Technology Services
Real User

Interesting, I haven't used yet however, the review by ServiceLineLead817 is amazing and impressive. Consequently I should give a try and appreciate your positive feedback about SONARQUBE.

it_user347595 - PeerSpot reviewer
Java Developer at a tech consulting company with 51-200 employees
Consultant
the API documentation is poor, when it exists at all, but it does easily integrate with Jenkins.

Valuable Features:

The feature I find most valuable are--

  • Quick access to issues in the code
  • The ability to define your own analysis profiles
  • Easy integration with Jenkins

Improvements to My Organization:

For the record, what I do with SonarQube is develop a language plugin for a language not previously covered by SonarQube. As such, my experience of running SonarQube is limited to that necessary to have the plugin tested, nothing more.

Room for Improvement:

I'd like to see more API documentation, including, but not limited to, more extensive documentation of provided examples.

Use of Solution:

I've used it for eight months.

Initial Setup:

I only deployed it for development purposes and it was pretty straightforward. You unzip, configure, and run. Of course, production deployments will require more than that.

The provided archives are self running; but since this is a bona fide webapp, you might want to use your own servlet container to run it instead.

Other Solutions Considered:

No, I didn't. I was employed specifically for this plugin, and while know other code-quality control solutions exist, I didn't explore any of them.

Other Advice:

Product is good, but the API documentation is poor, when it exists at all.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user336438 - PeerSpot reviewer
Web Developer/DevOps Engineer with 501-1,000 employees
Vendor
It allows for code exploration on the front-end as well as the ability to import from Fortify.

Valuable Features

Code exploration on the front-end, as well as the ability to import from Fortify, are valuable features.

Improvements to My Organization

It allows for better collaboration of our team members on security findings.

Room for Improvement

The Python code scan has so few rules that it is meaningless.

The support for mobile applications is limited to Android Lint importing, although the Android Lint report is fine on it's own so what it he point of using it.

And the Fortify plugin is deprecated.

Use of Solution

I've used it for two years.

Deployment Issues

It is quality software, even if the plugins are often weaker than would be necessary to have a team centralize around it. It is good for an open source project, but creating plugins is important and so complicated and not well documented that it is rarely done.

Stability Issues

No issues encountered.

Scalability Issues

No issues encountered.

Customer Service and Technical Support

It is open source so I don't try to rely on their technical support.

Initial Setup

It was fairly straightforward, although some plugins depend on outside software to run, which is to be expected.

Implementation Team

We implemented it ourselves.

Pricing, Setup Cost and Licensing

It is free, so the price is good. If they had stronger plugins then we would gladly pay.

Other Solutions Considered

We evaluated the market, and because security scans are so different, there was not a good COTS or open source solution that met our needs so we went with the best open source solution, which was SonarQube.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Software Developer at a tech services company with 501-1,000 employees
Consultant
It supports over 20 programming languages and allows me to create custom coding rules.

What is most valuable?

  • Languages Support - over 20 programming languages
  • Pre-commit check directly into Eclipse
  • Issues Report into PreviewMode
  • Custom coding rules
  • Unit tests
  • Duplication and code duplication check
  • Custom-defined checks

How has it helped my organization?

I have fallen in love with SonarQube when I could've easily built custom rules checks. However, doing that manually checking takes tons of time.

What needs improvement?

  • Explicit checks for issues
  • Severity tab tweaks
  • Optimization into the Settings, such as adding new features/customization

For how long have I used the solution?

I've used it for almost two years, starting with v4.3.3.

What was my experience with deployment of the solution?

Predefined rules/overriding rules caused some issues.

How are customer service and technical support?

6.5/10.

Which solution did I use previously and why did I switch?

  • Squale
  • Panopticode
  • CodePro AnalytiX

How was the initial setup?

It was straightforward to install and setup, but complex to adapt to and learn.

What about the implementation team?

We used a vendor team.

Which other solutions did I evaluate?

I did not evaluated other options.

What other advice do I have?

I would advise you to think a lot before acting.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user732738 - PeerSpot reviewer
Technical Architect and Software Engineer at a tech services company
Real User
Provides holistic overview of all quality issues in a project and enables easy drill down into particular problems
Pros and Cons
  • "With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."

    What is most valuable?

    SonarQube is not valuable because of the information it gives it. We can gather that same information from several other tools as well. It is the way the information is presented that makes it so powerful. It provides a holistic picture of all quality issues in a software project. With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas.

    How has it helped my organization?

    Individual developers are more concerned about the quality of their work when they see their results in the big picture.

    For how long have I used the solution?

    About a year, in different projects, including the current one.

    What do I think about the stability of the solution?

    No.

    What do I think about the scalability of the solution?

    No.

    How are customer service and technical support?

    Not used.

    Which solution did I use previously and why did I switch?

    We used the same tests, but with every developer running them individually. Now management can also get a picture of the quality assurance.

    How was the initial setup?

    Very simple.

    What's my experience with pricing, setup cost, and licensing?

    Price is high and only worth it if your organization has hundreds of developers.

    Which other solutions did I evaluate?

    No.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Software Engineer at Adfolks
    Real User
    Good code scanning and quality gate features, but the reporting could be improved
    Pros and Cons
    • "The most valuable features are code scanning and Quality Gates."
    • "The reporting can be improved."

    What is our primary use case?

    I was using SonarQube to scan my code for vulnerabilities as part of the DevOps process.

    What is most valuable?

    The most valuable features are code scanning and Quality Gates.

    What needs improvement?

    The reporting can be improved. In particular, the portability report can be better.

    I would like to see better integration with the various DevOps tools.

    For how long have I used the solution?

    I was using SonarQube for between six and ten months.

    What do I think about the stability of the solution?

    The stability is good.

    How are customer service and technical support?

    The community support is great. I have not had reason to contact the technical support team from the vendor.

    How was the initial setup?

    The initial setup is straightforward. I would not say that it is complex and it can be deployed in less than 10 minutes.

    What's my experience with pricing, setup cost, and licensing?

    I was using the Community Edition, which is available free of charge.

    Which other solutions did I evaluate?

    I evaluated other products including Veracode and I felt that SonarQube was the best product.

    What other advice do I have?

    I would rate this solution a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free SonarQube Server (formerly SonarQube) Report and get advice and tips from experienced pros sharing their opinions.
    Updated: October 2024
    Buyer's Guide
    Download our free SonarQube Server (formerly SonarQube) Report and get advice and tips from experienced pros sharing their opinions.