It's still a good tool that help the dev teams to increase their knowledge in a specific language, it's still gives good indicator, overall it's still a good companion

It's free, as a Self hosted instance with sonarqube, and it's free for open source project. I like the advice they give that my IDE doesn't

It's a bit using a lot of RAM as it is written in Java

SonarCloud improves software quality and developers' skills since it shows where the bugs and security hotspots are and how to correct them.

I use GitHub integration to run analysis on Pull Requests via GitHub workflows. Pull Request decoration is a great feature, it adds analysis results directly to GitHub PR's page.

SonarCloud reports also the code coverage by automated test, but it does not execute the report itself. You have to configure an external plugin (based on the nature of the project) that produces a report that SonarCloud can read and include in its dashboard and PR decoration.

SonarCloud has a strong focus on security and compliance, with features such as vulnerability detection, security hotspots, and compliance reporting.

A potential drawback is the complexity of SonarCloud. While SonarCloud's comprehensive feature set can be a strength, it can also make the platform more challenging to use and configure

Overall it was great

Super easy to setup. Took literally minutes to do and then maybe another hour to tweak to fully operational. Gives community standard results very quickly.

The inability to add in some extra key scanners/rules is quite limiting.

We've seen a large increase in our code coverage and quality over the past two years of using SonarCloud. Some of our software had 0% coverage or less than 30% and a large majority of our code repositories have over 80% coverage now.

It tracks code quality over time. It does static analysis to look for duplicate code blocks, code smells, cyclomatic complexity, security issues, and more. It will also ingest code coverage reports to track test coverage over time. Integrates with GitHub (and other tools) so you can gate PR's based on the percent of code coverage and absence of flaws. We utilize it on mobile Xamarin projects, Kotlin projects, React web projects. It's a pretty mature product that has been around for a while. Its available in a free form, SonarQube, for you to test it out and run things locally. Static analysis helps ease the burden of code reviewers since it finds many common issues such as not null checking a parameter. It shoes metrics over time so you can see how your code base is improving over time. It basically automates code quality checking and metrics.

It can be a pain to set up your CI/CD pipeline to download and run all the necessary things to integrate with SonarCloud. It requires running some commands before you do a build and then some more after you do a build. SonarQube helps a lot with setting things up and testing your workflow locally though.

We have more than 45 repos, and we practice continuous delivery, Sonar help us reduce the overhead by automating some tasks that previously were executed by a developer. They gain more control over their time, without sacrificing code quality

Helps my team to reduce time on checking several controls that are very standard in our projects, like code coverage, code smells, complexity, and security.

I used to like one functionality they had on the open source version (Sonarqube) in which the software commented the code directly on GitHub, helping the developer to notice their mistakes; I haven´t been able to use it again.Sometimes the configuration and customization are not very straightforward, and developers spend a lot of time trying to tune the tools.

very good and super useful

easiness and robustness of integration with cloud.

a bit costly in sonarcloud but when you compare management cost ,its okey