What is Sonarqube?
Pros from reviewers
-
PR Decoration and Analysis: SonarQube's PR decoration feature allows results to be visible in CI/CD tools, and commits to the master branch only if these pass, ensuring that only quality code is merged into the main codebase.
-
Integration with CI/CD tools: SonarQube can be easily integrated with CI/CD tools like Azure DevOps and Jenkins, making it a valuable tool for continuous integration and deployment workflows
-
Insights into vulnerabilities and threats: SonarQube provides detailed insights into code vulnerabilities and common threats, enabling developers to take necessary actions to ensure security and adhere to good coding practices
-
Customizable Quality Gates and Quality Profiles: SonarQube allows users to use default Quality Gates and Quality Profiles for code scanning, and even modify these to define their own rules, offering flexibility and control over code quality standards
-
Code Analysis and Reporting: SonarQube's Code Analysis feature provides detailed reports on code quality, offering solutions for enhancement and pointing out vulnerabilities and repetitive lines of code
Cons from reviewers
-
Generates many false positives: SonarQube has been reported to generate a significant number of false positives, which can lead to unnecessary work and potential confusion.
-
Report generation can be time-consuming: Despite its many benefits, SonarQube can sometimes take a considerable amount of time to generate reports, which can slow down the development process
-
User interface could be improved: Some users have found the user interface of SonarQube to be less than optimal, suggesting that it could be made more user-friendly
-
Lacks a custom rule set: While SonarQube does offer default Quality Gates and Quality Profiles for code scanning, it does not allow for the creation of a custom rule set, limiting its flexibility
-
Somewhat costly: Some users have found SonarQube to be on the expensive side, which could be a barrier for smaller organizations or projects with limited budgets
Main features
Starting Price
Free Plan
Code Quality Management
Continuous Inspection
Security Analysis
Language Support
Integration Capability
Starting Price
N/A
Free Plan
No
Code Quality Management
Continuous Inspection
Security Analysis
Language Support
Integration Capability
How Sonarqube compare to similar software?
Product
Price
N/A
Free plan
No
Main features
Pros
Cons
Alternatives
Deal
No available deal at the moment
Who is Sonarqube best for according to our reviewers?
Software Developers: They can use SonarQube to detect code smells, unused lines of code, errors, and issues with third-party libraries. It provides accurate information about the location of these problems and offers solutions, making troubleshooting and fixing straightforward
Security Analysts: SonarQube is beneficial for these users as it offers insights into vulnerabilities and common threats, enabling them to take necessary actions to ensure security and adhere to good coding practices
Project Managers: SonarQube's dashboard and reporting features allow these users to track code quality metrics and identify areas for improvement, aiding in effective code quality management and decision-making
Quality Assurance Teams: These users can use SonarQube to maintain code quality. They can utilize it to scan code after each JIRA story completion, which can significantly improve code quality and coding standards. The reports it generates are incredibly useful, as it calculates the quality of code and offers solutions for enhancement.
DevOps Engineers: These users can integrate SonarQube with their CI/CD tools, such as Azure Devops and Jenkins. Features like PR decoration allow results to be visible in CI/CD tools, and commits to the master branch only if these pass
Sonarqube Reviews
4.6
Sonarqube rating
4.5
Ease of use
4.0
Customer service
4.5
Value for money
4.5
Likelihood to recommend
4.4
Features
19 Sonarqube Reviews
-
Debra J
Outstanding Community Support: A Lifeline for SonarQube Users
The community support for SonarQube is excellent. Whenever we encounter challenges or need guidance, we can rely on the active community for assistance.
August 10, 2024
-
Hugo
Streamlined Workflow: SonarQube's IDE Integration
SonarQube's integration with popular IDEs like Eclipse and IntelliJ IDEA has streamlined our workflow. We can now analyze and fix issues without leaving our development environment
August 6, 2024
-
Kenneth N
Go-to Software for Detecting Code Smells in Company Repositories
I find SonarQube to be an easy-to-use tool with great functionality for monitoring the security of code using the SAST methodology. It can integrate with Jenkins, GitHub, and other tools, and even allows the build to fail if the code doesn't meet a certain score. However, when a new repository is added, there's no prompt to create a SonarQube project for it. Currently, as a user or administrator, I have to manually check for new repositories in the organization without any system notification of a new repository that I might want to add for scanning.
July 27, 2024
-
Dennis Rodriguez
Outstanding Software!
This software has boosted my team's productivity by removing duplicate code and making the code more comprehensible. It has also made the difficult task of code maintenance simpler.
July 23, 2024
-
Timothy Rodriguez
Commendable Security Hotspot Identification in SonarQube: Mitigating Potential Risks
The security hotspot identification feature of SonarQube is commendable. It helps us identify and mitigate potential security risks before they become critical issues
July 16, 2024
-
Paul Brown
SonarQube: Enhancing Codebase Maintainability with Efficient Code Duplication Tracking
I am impressed by SonarQube's ability to track code duplication. This feature has helped us reduce redundancy and improve the maintainability of our codebase
July 8, 2024
-
Rowan D
SonarQube's Technical Debt Feature: Informed Resource Allocation
The technical debt feature of SonarQube is particularly useful. It provides an estimate of the effort required to fix issues, helping us make informed decisions about resource allocation
June 30, 2024
-
Jeremy E
SonarQube: The Indispensable Tool for Code Quality Analysis
In summary, I believe that SonarQube is a crucial tool that should be compulsory in all software development companies. Its capability to analyze code quality with each deployment or integration, along with the ability to modify rules for deployment based on error quantity or criticality, and vulnerability analysis, enables the creation of superior software. It consistently reminds developers about the significance of code quality and security. However, like all tools, it necessitates time to properly configure and integrate with other systems. It also requires regular maintenance and updates of standards, rules, and vulnerabilities based on the programming language and newly published security news.
June 23, 2024
-
Madison
SonarQube: Versatile Support for Multiple Programming Languages
I appreciate SonarQube's support for a wide range of programming languages. This versatility allows us to maintain high code quality across different projects
June 18, 2024
-
George F
Unlocking Code Improvement with SonarQube: A Free Source Code Analysis Tool
SonarQube has helped me improve my code by suggesting potential solutions, saving me time. Its best feature is the code analysis, providing detailed error reports and possible fixes, which greatly reduces development time. The large community is also a great help for resolving issues. However, the reports sometimes give false positives, so I need to carefully review the results to avoid inaccuracies.
June 10, 2024
-
Jennifer
Customizable Rule-Based Code Analysis: SonarQube Impresses with Alignment to Coding Standards
SonarQube's rule-based approach to code analysis is impressive. We can customize rules according to our project needs, ensuring that the tool aligns with our coding standards
June 1, 2024
-
Sandra
Developer-Friendly Static Analysis with SonarQube
I really value the IDE tool SonarLint that comes with SonarQube, as it enables developers to seamlessly integrate with most IDEs and lint their code before committing it to the repositories. I also find it advantageous that we can self-host our own instance on our Kubernetes cluster and manage the versions based on the containers we decide to pull. However, other engines appear to scan the same code base quicker, but this isn't a significant problem as the process is automated.
May 25, 2024
-
Nathan Garcia
Robust Tool for Enhancing Code Quality
As a user, I find SonarQube's integration with CI/CD tools like Jenkins, GitLab, and Travis CI beneficial as it simplifies code analysis automation during development. I value its customizable rules and profiles for code analysis. Its dashboard and reporting features allow me to track code quality metrics and identify areas for improvement, aiding in effective code quality management and decision-making. However, I feel that improved documentation could help users understand how to use the tool more effectively.
May 20, 2024
-
Barbara
SonarQube: A Valuable Tool for Developers!
I have successfully identified numerous code-related issues in our application using SonarQube, significantly enhancing its quality. This tool is incredibly valuable, simplifying the process for developers to detect code smells, unused lines of code, errors, and issues with third-party libraries. It provides accurate information about the location of these problems and offers solutions, making troubleshooting and fixing straightforward. It's an excellent tool for developers like me. Additionally, we can establish our own rules for checking code quality. It can detect code issues that are susceptible to cyber attacks like XSS and SQL Injection. However, using the SonarQube on-premise application was a challenge. Every time we pushed a new code section, the server had to restart for the application to function. I chose SonarQube because it provides a greater number of facilities and suggests options for resolving issues.
May 12, 2024
-
Sophia E
Intuitive Interface and Comprehensive Dashboard in SonarQube
The user interface of SonarQube is intuitive and easy to navigate. The dashboard provides a comprehensive overview of our project's health, making it easier to prioritize tasks
May 6, 2024
-
Raymond M
Excellent Instrument for Upholding Coding Quality Standards
I appreciate the PR analysis and Bitbucket integration of SonarQube as it helps prevent new issues. However, I think the tool needs several enhancements. First, the number of rules should be increased. Second, some rules should allow custom exclusions, like permitting organization-specific words to be capitalized in naming conventions. Third, the tool generates many false positives. Fourth, executive reports should be scheduled to ensure all projects are included. Currently, if a report is generated for the first portfolio calculation, the remaining projects for that day are missed, which can lead to misunderstandings with higher management. Lastly, PR analysis reports should be generated faster. I value the vendor's response and their invitation to join the SonarSource Community Forum for further discussion and transparency.
April 27, 2024
-
Bobby G
Seamless Integration of SonarQube in CI/CD Pipeline.
SonarQube's integration with our CI/CD pipeline has been seamless. It has helped us catch potential issues early in the development cycle, saving us valuable time and resources
April 23, 2024
-
Jason Martinez
SonarQube: Enhancing Code Quality for Developers
As a software developer, I find SonarQube to be an invaluable tool for maintaining code quality. Its ability to detect bugs, vulnerabilities, and code smells in real-time has significantly improved my productivity
April 16, 2024
-
Paul
Top-notch Tool for Enhancing Code Quality
I am finding great value in using SonarQube for maintaining code quality. I utilize it to scan code after each JIRA story completion, which has significantly improved my code quality and coding standards. The reports it generates are incredibly useful, as it calculates the quality of code and offers solutions for enhancement. It points out vulnerabilities and repetitive lines of code, making it a very developer-friendly tool. It also provides recommendations on lines of code that need improvement and can generate scan reports on demand. There's even an option to add exceptions in code. However, I have noticed that report generation can sometimes be time-consuming and the user interface could be improved. It also lacks a custom rule set and is somewhat costly. I switched to SonarQube because it offers a better quality percentage and provides more insights.
April 13, 2024