What is our primary use case?
We mainly need to do certain static analyses. While doing the coding, everybody sends a pool request. Before committing the code on the main branch, we need to ensure that the code is up to level. That is basically our way of working to ensure that whatever rules we have configured, whatever gates we have defined, that gets passed before committing the code into the main branch.
What is most valuable?
I like almost all of the features. We were initially using all these techniques by using different tools.
The vulnerabilities and the code quality parameters are really important for us.
The initial setup is easy.
There's plenty of documentation available to users.
The solution is stable.
The scalability is good.
What needs improvement?
The only features which I think are lagging are the reporting to generate a PDF report. That is not available currently in the development version. However, if it is available in the development version, then it will be really helpful for us. I checked with the team and it seems that it is only available in the enterprise version. If the report can be sent over email, that would really help.
For example, let's say if I need to report to management or management wants to see a dashboard based on what each project looks like. Those figures are not available. There needs to be a shareable reporting piece or something we can click and generate easily.
The only pain area for us is due to the fact that we purchased the 1 million lines of code license for now. We are a service product company, so some projects were finished in maybe less than six months and then maybe that is not useful for us. We need to remove those projects so we can utilize those lines of code for another project. That's something we need to see about. We're not sure how that works.
What do I think about the stability of the solution?
The solution is quite stable. Before, I used to generate reports by using some manual techniques. Now those are available right in SonarQube. The flexibility of rule configurations is great.
What do I think about the scalability of the solution?
We found the solution to be scalable. We already integrated SonarQube with our CI/CD pipeline in Azure DevOps, and it works really well. We also integrated with the Jenkins CI/CD pipeline, and we also linked with the Visual Studio using SonarLint. That works really well.
We plan on expanding and need more licenses.
How are customer service and support?
When we purchased the license, they actually charged an additional amount for the support. Therefore, we haven't bought the support. Plus, we already know SonarQube. We have enough team members available who already have experience in it. For that reason, support is not required from us. That said, across the internet or on Google, there is enough documentation available. Even on the SonarQube website, there is enough documentation.
How was the initial setup?
The initial setup is really straightforward. The supports are really good from the SonarQube. Enough documentation is also available. t's really straightforward to figure out how to do it.
What's my experience with pricing, setup cost, and licensing?
We purchased a SonarQube developer license. We do not have the enterprise version.
We pay for licensing on a yearly basis.
On the pricing side, it's 3,000 Euros for 1 million lines of code. Even if you look at the open-source, the open-source almost provide similar functions. Of course, some additional language support, among other things, however, the rest is available in open-source. If they can reduce the price, then I believe more people will join the licensed version rather than open-source. Pricing is a bit high based on the fact that they're already providing the open-source for free, and that also includes almost all the necessary items. People will not pay for the license if they can get most items for free. I would suggest if they reduce the price, that definitely it will boost the business.
What other advice do I have?
We already linked with the CI/CD pipeline, and everything is working really smoothly. We already got the additional language support also, which was not available in the open-source version. In the developer version, we have six-plus additional language support onboard. That is actually helpful for us. Overall, it's going really well.
The overall look and feel, the way of presenting the information, is really nice - including the way we can assign items. Everything looks okay. I also already integrated the APA of SonarQube in my external system and that really works. I don't see any integration problems so far. I would suggest those considering the solution simply go for SonarQube as it works really well for any integration of any software or with any third-party tools, including Azure DevOps.
I'd rate the solution at a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.