About SonarQube

SonarQube is the leading tool for continuously inspecting the Code Quality and Security of your codebases, and guiding development teams during Code Reviews. Covering 27 programming languages, while pairing-up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues, and for teams overall to deliver better and safer software.


Read More

Supported Operating System(s):

9 Reviews of SonarQube

Average User Ratings

Overall

4.44 / 5 stars

Ease-of-use

4.0

Value for money

4.5

Customer support

3.5

Functionality

4.5

Ratings Snapshot

5 stars

(5)

5

4 stars

(3)

3

3 stars

(1)

1

2 stars

(0)

0

1 stars

(0)

0

Likelihood to Recommend

Not likely

Very likely

Filter reviews by:

Sort by: Most Helpful | Most Recent

Showing 1 - 9 of 9 results

Do you use this product?Write a review

July 2021

User Profile Picture

Prateek from Curl Tech

Verified Reviewer

Company Size: 51-200 employees

Industry: Computer Software

Time Used: Less than 2 years

Review Source: Capterra


Ease-of-use

4.0

Functionality

5.0

July 2021

SonarQube: Code Quality and Code Security

SonarQube is one of the best open-source tools I have used for SAST testing but I feel there are so many features that are still missing.

Pros

1. Provides a detailed review of the code 2. It highlights suspicious code snippets 3. Strong integration with popular CI pipelines

Cons

1. Installation process should be smooth 2. Reporting is poor 3. Integration with IDE is not available

August 2021

Daniel from Unik System Design A/S

Company Size: 201-500 employees

Industry: Real Estate

Time Used: More than 2 years

Review Source: Capterra


Ease-of-use

3.0

Value for money

3.0

Customer support

3.0

Functionality

3.0

August 2021

Review

It have been a mixed ride overall. The actualy code analysis is really great, the rest is so so.

Pros

The amount of errors it catches and that developers code look somewhat similar in mindset after using it for some time.

Cons

The setup with CodeCoverage is a nightmare and it seems is not working equallty well all the time. We also have a solution where it doesn't even work.

Response from SonarSource

Replied August 2021

Hi Daniel. Thank you for your review of SonarQube. We appreciate your feedback! Regarding your code coverage issues, have you checked out our Community Forum? There may be a solution/fix already identified and if not, you can easily start a new thread and provide us with the details around your workflow, language(s), etc. Thanks! Community Forum: https://community.sonarsource.com/

August 2021

Chandramouli from Altruista Health Services

Company Size: 501-1,000 employees

Industry: Hospital & Health Care

Time Used: Less than 12 months

Review Source: Capterra


Ease-of-use

3.0

Value for money

3.0

Customer support

2.0

Functionality

3.0

August 2021

Great tool to drive Coding Quality standards

PR analysis and Integration with Bitbucket are most in avoiding the new issues. The tool needs a lot of improvements 1. Number of rules should be increased. 2. Few rules should have custom exclusions. Ex: Naming conventions => Organisation-specific words will be there which should be in Capital. 3. Generating a lot of false positives 4. Executive reports should generate based on scheduled triggers. We have 20 projects which are assigned to a Portfolio. if you are going to generate a report and send an email for the first portfolio calculation then the rest of the 19 projects info for that day will be missed. Higher management will think that the generated report is the latest but it is not. 5. PR analysis reports should be generated Quickly

Pros

PR analysis and Integration with Bitbucket are most helpful.

Cons

1. Number of rules should be increased. 2. Few rules should have custom exclusions. Ex: Naming conventions => Organisation-specific words will be there which should be in Capital. 3. Generating a lot of false positives 4. Executive reports should generate based on scheduled triggers. We have 20 projects which are assigned to a Portfolio. if you are going to generate a report and send an email for the first portfolio calculation then the rest of the 19 projects info for that day will be missed. Higher management will think that the generated report is the latest but it is not. 5. PR analysis reports should be generated Quickly

Response from SonarSource

Replied August 2021

Thank you for your review, Chandramouli. We appreciate your feedback, and invite you to join the SonarSource Community Forum. SonarSource Community Forum: https://community.sonarsource.com/ Posting to the Forum will allow there to be transparency to the community, and allow our product managers & users to understand any issues you are facing. To better assist you, please indicate what language(s), and how long the PR analysis is actually taking; as well as, examples of the false positives. Thanks!

July 2021

Anonymous

Verified Reviewer

Company Size: 10,000+ employees

Time Used: More than 2 years

Review Source: Capterra


Ease-of-use

4.0

Value for money

5.0

Customer support

5.0

Functionality

4.0

July 2021

Great tool to drive Coding Quality standards

Driving code quality standards across enterprise and inducing code quality gates in the continuous integration workflow

Pros

Static code analysis, support for Java, .Net, JavaScript, typescript, html, CSS, etc. Helps you set custom quality gates and rules as well

Cons

Community version does not support high availability. You need to pay for this feature, would have preferred it to be free. Tools upgrade process can be improved as we have to take down the tool instance.

April 2021

kiruthiga from eviCore

Company Size: 5,001-10,000 employees

Industry: Information Technology and Services

Time Used: More than 2 years

Review Source: Capterra


Ease-of-use

5.0

Value for money

4.0

Customer support

2.0

Functionality

5.0

April 2021

SonarQube Usage review

Cheap and good for Code Vulnerability scans.

Pros

The vulnerability scans that it uses encompasses a lot of languages. It also has ability where user can define custom profiles and rules. Dashboards created are easy to use and decipher.

Cons

Technical support is very expensive and need to use their community forums to get support.

Reasons for Choosing SonarQube

SonarQube provides continuous code quality checks . Can provision Quality Gates to fix the leaks immediately.

August 2021

Adrian from Cleeng

Company Size: 51-200 employees

Industry: Computer Software

Time Used: Less than 12 months

Review Source: Capterra


Ease-of-use

4.0

Value for money

4.0

Customer support

4.0

Functionality

5.0

August 2021

SQ for Quality and Security

In general SQ is great. We use it extensively in multiple projects to provide valuable metrics, measure technical debt and spot issues as quickly as possible. SonarQube rocks!

Pros

Quality matters as much as Security. SonarQube supports both of those aspects very well. What is more it is done automatically with minimum configuration. Speed, reliability and flexibility makes SQ must have solution in every Organization.

Cons

Limited support for self-hosted repository was challenging. Another one is diversity of versions: ZIP, Docker and Cloud.

Response from SonarSource

Replied August 2021

Thank you for your feedback, Adrian! We are glad to hear that you are enjoying SonarQube!

August 2021

Sebastian from VHV

Company Size: 1,001-5,000 employees

Industry: Insurance

Time Used: More than 2 years

Review Source: Capterra


Ease-of-use

5.0

Value for money

5.0

Customer support

5.0

Functionality

5.0

August 2021

A developers friend

I am very happy with its reliability and performance. best-in-class

Pros

Supporting developers to build high-quality apps

Cons

The very high Performance when comparing to CAST.

Reasons for Choosing SonarQube

High Performance and easy CI/CD-Integration

Response from SonarSource

Replied August 2021

Thank you for your review, Sebastian!

February 2021

Anonymous

Verified Reviewer

Company Size: 501-1,000 employees

Time Used: Less than 12 months

Review Source: Capterra


Ease-of-use

4.0

Value for money

5.0

Functionality

4.0

February 2021

Simple static analysis out of the box

SonarQube provides some grest feedback on code quality to stop preventable bugs from geting to production.

Pros

The ability to run up a Docker container with SonarQube and run static analysis on our codebase within half an hour was superb. Built in support for multiple languages enabled a quick start and got us looking at potential bugs, hotspots and code smells in no time. Integration with VSCode using SonarLint is awesome. Integration into a CI/CD pipeline provides a good code quality gate.

Cons

Some of the setup documentation was a little lacking and could be improved. Time was wasted initially trying to pass parameters into the cli command that had no effect. It turned out that some properties had to be set in a sonar-project.properties in the source repository.

July 2021

Puneet from IT

Company Size: 10,000+ employees

Industry: Information Technology and Services

Time Used: Less than 2 years

Review Source: Capterra


Ease-of-use

5.0

Value for money

5.0

Customer support

4.0

Functionality

5.0

July 2021

Ease of Using SonarQube

Excellent to work with

Pros

Deployment Features and the ease of access

Cons

Customer support sometimes get delayed

Response from SonarSource

Replied August 2021

Thank you for your review, Puneet! I am sorry to hear that you're experiencing a delay with support. Do you have Commercial Support or do you use the SonarSource Community forum? Visit: https://community.sonarsource.com/