SonarQube Server Information Reviews & Insights

Score9.5 out of 10

94 Reviews and Ratings

Community insights

TrustRadius Insights for SonarQube Server are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Efficient and Precise Code Quality Reports: Multiple users have praised SonarQube for its highly efficient and precise code quality reports. This feature has allowed them to gain a comprehensive understanding of their code's quality, identify areas for improvement, and enhance the overall quality of their code.

Detection of Bugs and Vulnerabilities: Reviewers have found SonarQube's ability to highlight bugs and vulnerabilities in the codebase to be a valuable asset. This feature has helped them identify potential issues early on, enabling them to take proactive measures to improve the code's quality and security.

Valuable Code Remediation Suggestions: Many users have expressed appreciation for SonarQube's suggestions for code remediation and resolution. These suggestions have proven extremely valuable in helping them make their code cleaner, more maintainable, and ultimately improving long-term code quality.

SonarQube Server Reviews

7 Reviews

InformationComputer Software6Information Services1

Sonarqube - The ultimate tool for end to end code analysis

Rating: 9 out of 10

Incentivized

February 1, 2023

Use Cases and Deployment Scope

SonarQube is the default choice for static analysis tools for all the projects in our organization. We use it extensively for examining code quality, detect code smells, detect security issues in code and identify complexities in code for every project. SonarQube is extremely useful since it works for almost all languages that we write our code in, including python and Java. The plugin based framework ensures extensibility and easy enhancement of functionality for new usecases.

Pros

Easy integration with all coding languages
Plugin integration ensures easy extensibility
Detects code smells and vulnerabilities
Generate test coverage reports
Custom quality gates to ensure no bad code is merged

Cons

Learning curve is steep
Report generation is often very time consuming
Works particularly well for Java, but not so good for Python and R
Initial setup is quite complicated

Likelihood to Recommend

You should buy: If you need static analysis for multiple languages in your teams If static analysis integration with IDEs is an important requirement If you need custom quality gates for code quality analysis If highly detailed test coverage reports is important for your organization Do not buy if you cannot afford a dedicated team to manage the SonarQube instance for your organization

Verified User

Engineer in Engineering (Computer Software company, 1001-5000 employees)

Vetted Review

3 years of experience

Great Code Analysis Tool

Rating: 9 out of 10

Incentivized

January 18, 2023

Use Cases and Deployment Scope

It's always best to catch bugs and other code issues as soon as possible, especially when people from different teams and time zones touch the same code. While code reviews are obviously still necessary, SonarQube does filter the code seamlessly so that obvious issues are immediately detected and resolved. In some cases, there is customisation required for the general best practice rules and SonarQube accommodates this.

Pros

Static code analysis
Code best practices

Cons

Quality profile selection

Likelihood to Recommend

A scenario that is particularly useful is integrating SonarQube into a Github Actions pipeline so that before any new Pull Request is reviewed and/or merged, you know whether the new code is clean of bugs or major issues.
It is also useful to create custom Quality Profiles to educate new developers that join the company.

Gabriel Freire

Staff Network Software Engineer in Information Technology at Equinix (Computer Software, 10,001+ employees)

Vetted Review

3 years of experience

View profile

SonarQube to make your project secure

Rating: 8 out of 10

Incentivized

January 18, 2023

Use Cases and Deployment Scope

We use Sonar in order to ensure our code is secure. We have used it on APIs and on our Frontend. We have also used the Sonar lint for Android. We have a plug in for our Jenkins account which will check our project code coverage etc in Sonar if this fails then our code cannot go live or merged into master

Pros

Code coverage
Shows potential fixes
Speed

Cons

Sometimes the messages can be long and for someone's first time seeing this it can be hard to find what to look for
Sometimes potential fixes are not available
Documentation on setting up with Jenkins was hard to follow at some parts

Likelihood to Recommend

I think having SonarQube in your project is a big bonus as it can spot small vulnerabilities that you might not think of. This also will improve your overall skill in coding securely. They also update regularly so that it can spot new vulnerabilities which may not be known. As package updates there can be more vulnerabilities deep in your project that you may not know about

Verified User

Employee in Information Technology (Computer Software company, 10,001+ employees)

Vetted Review

2 years of experience

Quick and easy static analysis and bug detection

Rating: 9 out of 10

Incentivized

January 18, 2023

Use Cases and Deployment Scope

Standardized scanning tools to make sure code doesn't use obvious code smells
Enfrocement of standardized naming conventions in code
Identification of potentially needlessly complicated code

Pros

Identify code smells
Low level bugs
Basic static analysis

Cons

Reports can take a bit of time
Custom rules can be a bit annoying to setup

Likelihood to Recommend

If you are looking for something that is reasonably simple and validates your code, this is the tool you are looking for. It works well and gives very helpful feedback, especially for more junior devs.

Verified User

Employee in Engineering (Computer Software company, 1001-5000 employees)

Vetted Review

3 years of experience

A very thorough code analysis tool that helps improve overall quality

Rating: 8 out of 10

Incentivized

January 18, 2023

Use Cases and Deployment Scope

We are using SonarQube to do static source analysis on our C# projects. This allows us to monitor unit test coverage and discover code smells that have escaped peer review at the merge request phase.

This may not seem to be of the outmost importance, but it has saved us from publishing bogus software to our clients in a number of occasions.

Pros

Static analysis
Code coverage
Code smells

Cons

Configuration management
Reporting
Rules deactivation flexibility

Likelihood to Recommend

Whenever you are doing C# based development, you will want to do some static analysis. While Visual Studio comes with some tools, SonarQube is much more advanced and targets more than just C#

There are cases, however, when it is not very suited : when trying to use it on languages that it does not support natively. For instance, we'd love to use it on pascal flavored languages, but without official support, this proved to be impractical.

Verified User

Engineer in Information Technology (Computer Software company, 11-50 employees)

Vetted Review

2 years of experience

Quality archway for projects

Rating: 8 out of 10

Incentivized

May 3, 2021

Use Cases and Deployment Scope

We are using it currently while building a .NET CI\CD pipeline for an automated analysis of our code quality and all the vulnerabilities by scanning our various repositories in Bitbucket version control and publishing our stacks for any kinds of bugs found and ensure the proper code coverage and make our projects more reliable

Pros

Best thing about it is that it offers an online instance (SonarCloud) where we can dry run an open source project by forking a github repository
Provides detailed analysis of the stacks that it checks for bugs and issues in code stacks.
Provides a good amount of documentation on how for configuration and installation and how to use it.
Provides a strong integration with azure devops and jenkins for creating DSL pipelines.

Cons

Local dashboard wont work without java installed on your machine
If talking about the local ui the configuration may be quite complex. Needs an experts advise
Its enterprise edition cost a fortune depending on a company size or users that may use it.

Likelihood to Recommend

It is quite a powerful code analysis tool if used by my colleagues in organisation but i would recommend a sonarcloud(cloud instance) or a community edition in order to get a demonstration or to get a quick hands on experience with its user interface and its administration along with local dashboard configuration and installation

Arush Soel

DevOps Engineer in Information Technology at Bebo Technologies Pvt Ltd (Computer Software, 501-1000 employees)

Vetted Review

1 year of experience

Verified on LinkedIn

SonarQube : perfect SONAR for your code

Rating: 8 out of 10

Incentivized

September 13, 2017

Use Cases and Deployment Scope

SobarQube is used by the whole department. We use it for code quality analysis and to check code coverage. Also we use it to know the code smells in the code and adhere to the coding standards as expected.

Pros

Test scripts coverage data. It provides a line by line coverage stats, showing which condition is covered and which one is not
Checking the code quality. We have a particular coding standard which we need to adhere, so it helps in detecting if the code is written in that standard or not
Code smells

Cons

In terms of security of the code, it can improve. It is mostly used to check for coding standards but it would have been nice if we could have got a vulnerability check as well.

Likelihood to Recommend

Saugandh Karan

System Engineer in Information Technology at Infosys (Information Services, 10,001+ employees)

Vetted Review

2 years of experience

View profile

Loading Reviews List....