SonarQube Reviews & Product Details

SonarQube Overview

What is SonarQube?

SonarQube products have innovative features to maximize quality and manage risk for both small and large software portfolios.

SonarQube Details
Website
Product Description

SonarQube products have innovative features to maximize quality and manage risk for both small and large software portfolios.


Seller Details
Seller
SonarSource S.A
Company Website
Year Founded
2008
HQ Location
Geneva, Switzerland
Twitter
@SonarSource
4,177 Twitter followers
LinkedIn® Page
www.linkedin.com
198 employees on LinkedIn®
Show More
Answer a few questions to help the SonarQube community
Have you used SonarQube before?
Yes

SonarQube Reviews

Write a Review
Filter reviews
LinkedIn®
Connections
Popular Mentions
Showing 29 SonarQube reviews
Popular Mentions
Showing 29 reviews
Filter Reviews
Filter Reviews
Sort by
Ratings
Company Size
User Role
For Category
All Industries
Region
Already have SonarQube?
Write a Review
Software Engineer
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2
What do you like best?

The ability to run my scans against a default set of code rules (in the free version) or to run it against an organisation wide set of rules (paid versions).

Sonarqube also provides a plugin for IntelliJ which makes it very easy for me to run the static code analysis straight out of my IDE as soon as I make the changes.

The integration with Jenkins also is one of the biggest benefits. Makes the whole process smooth and the ability to add the concept of tollgate makes it a great feature for enterprise applications. Review collected by and hosted on G2.com.

What do you dislike?

Setup can be a bit challenging, considering the latest version requires Java 11 and we had a challenging time setting up the system due to various issues faced with other components not being compatible with Java 11. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Code Quality Metrics, Static code analysis and bad coding practice detection. Review collected by and hosted on G2.com.

Show More
Show Less
Information Technology Project Manager
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2
What do you like best?

What I like the most about this program is that it performs a very high-quality analysis of the source code, and this makes the code much more reliable, and also reduces potential errors in the projects that are carried out.

Another thing that I really like is the ability to support different languages, and to that is added the use of characters such as C, C ++, Python and many others.

It is quite adaptable to the needs that are required in terms of quality adjustments, and allows to generate checks and projects that respond effectively to what is required. Review collected by and hosted on G2.com.

What do you dislike?

One of the things I dislike about this tool is that it takes a great deal of effort to get everything up and running. Additionally, you need to balance quantity and quality in order to produce low-quality code that is functional.

Likewise, a mechanism that evidences the real quality in the mutation tests is not shown, although numbers appear, these can be modified. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

It is important when using this tool, take into account that not all IDE codes can be used in SonarQube, so you have to be aware when selecting them. Similarly, the security terms of the code must be taken into account, these could be better. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

With the help of this program I identify technical problems in the codes I generate, in this way I avoid or reduce vulnerability factors, and in turn reduce errors in the codes.

One of the benefits that seem most outstanding to me is the ability of the tool to track the origin of errors in the codes. Also, the ability to adapt to user specifications, which allows greater customization in projects.

With the help of this program I identify technical problems in the codes that it generated, in this way I avoid or reduce vulnerability factors, and in turn reduce errors in the codes.

One of the benefits that seem most outstanding to me is the ability of the tool to track the origin of errors in the codes. Also, the ability to adapt to user specifications, which allows greater customization in projects. Review collected by and hosted on G2.com.

Show More
Show Less
Open Discussions in SonarQube
UH
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2
What do you like best?

Continuous code inspection has a great deal of benefits, from increasing team velocity through first pass code reviews, to reduced maintenance costs. My favorite feature of SonarQube, however, is the IDE integration between SonarQube (server-side) and SonarLint (client-side). By allowing rules / qualify profiles to be centralized, we are able to essentially have a spell-checker for our code, while it is in active development, helping to shift feedback about as far left as it can get. Review collected by and hosted on G2.com.

What do you dislike?

The pricing model is prohibitive as many critical features are found only in higher tiered versions of the application. One in particular is high-availability. Any corporation making SonarQube a part of their delivery pipeline essentially is required to get the highest tiered version of the application to have HA capabilities and boy will it cost you. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Reduced code review times. Improved readability and maintainability. Helps to educate junior developers with explanation of the violations and examples for how to be in compliance. Review collected by and hosted on G2.com.

Show More
Show Less
AM
Small-Business(50 or fewer emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2
What do you like best?

It's super easy to connect to your organization and get started.

Allows for the flexibility of authentication to use GitHub or other authentication mechanisms.

You can choose to do all of your repos or just select ones.

Has more advanced features that you can integrate with as you gain experience with (and clean up your house) such as using it as a pass/fail during pull or merges, checking for code coverage etc. Review collected by and hosted on G2.com.

What do you dislike?

Some of the navigation is a bit confusing and they could still improve how branches are handled and make it simpler to use in that regard. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Showing security compliance with OWAP top 25, Code coverage, Code complexity. Allows us to focus in on trouble spots in our code. Review collected by and hosted on G2.com.

Show More
Show Less
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2
What do you like best?

These are the below points i love to use it

1) Sonarqube integration to the continuous integration pipelines

2) Graphical viewing & lists the detail description of code bugs, Vulnerability, code smells & time taken to solve the code smells, detecting the duplicate lines & Code coverage

3) integrating the unit test cases to the existing pipelines & reflecting the same in the sonarqube dashboard

4) We have approx 26 tools in the market compare to all i feel like sonarqube is having the most number of pros.

5) In terms of the security features i could see it holds the number one in the market.

6) Integrating the fortifyscan with the sonarqube gives the best result in terms of the security.

7)For the developer it gives the detail description were exactly the code is lacking as per the market standards Review collected by and hosted on G2.com.

What do you dislike?

The only dislike i have is

When ever developer writes any code they use to have habit to use the #(comment)ing the lines if necessary but sometimes sonarqube will detect those are errors, Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Folks, As i said there are 26 tools in approx there in the market w.r.t code quality compare to all the other tools were in terms of dashboard, Security, Easiness, Comfort, depicting the change & etc will be observed in the sonarqube, So i strongly recommend this tool for the business needs to get the quality work

Finally i can say if you want quality & security then sonar qube is the best tool in the market Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

As discussed in the likes especially i like the way it differentiate the code smells, code bugs, vulnerabilities, Time taken to solve the vulnerabilities, Duplicate lines & code coverage Review collected by and hosted on G2.com.

Show More
Show Less
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Code smell detection and quality checks! Great feature for bugs and errors as well as integration with Jenkins. Review collected by and hosted on G2.com.

What do you dislike?

It would be nice to have suggestions from team members to the code smells and assign other people to take care of certain bugs/issues Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Keep checking your code for this! Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Have a more robust test suite. Review collected by and hosted on G2.com.

Show More
Show Less
Software Engineer
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Sonarqube is used for quality check for the software which is under development . I have found so many bugs , vulnerabilities and code smells using sonarqube and then after I minimized them which improved my code quality. SonarQube is very good. Review collected by and hosted on G2.com.

What do you dislike?

Initial setup for the Sonar Qube is very irritating and troublesome . I got hanged so many times in its setup. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

I have used sonar Qube in many projects of my company. I have minimized so many bugs , vulnerabilities and code smells by finding them using Sonar Qube. It helps me for quality check and refactoring of my code. Review collected by and hosted on G2.com.

Show More
Show Less
UI
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

It is really time saving to complete the development by using Sonar Qube as it will do the static code analysis at initial development phase itself Review collected by and hosted on G2.com.

What do you dislike?

I've used it along with VS Code editor and it seems to be working fine. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Mainly the problems related to static code analysis. Review collected by and hosted on G2.com.

Show More
Show Less
CL
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

1. Wide range of Code Metrics

2. Customizations on Quality Profiles / Gates, Rules

3. Great Auditing and Trending capabilities

4. Good number of languages covered in OSS version

Review collected by and hosted on G2.com.

What do you dislike?

1. Lot of features being shifted across OSS and Paid versions creates a great confusion in terms of version upgrades. For instance branch / Portfolio version was introduced in OSS 6.7.4 and then moved to Enterprise version in later releases.

2. Need a clear path for the features that would be provided in OSS vs Enterprise variations.

3. Need better alignment with the new generation Code Configuration tools like GIT.

4. Portfolio management capabilities pivot data always around "master" branch. Tool should be flexible to aggregate data around any branch of development.

5. More fine grained Access Control.

6. Leak period feature is a little confusing to understand Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Invest to integrated Static scans in your DevOps lifecycle are minimal while the Benefits achieved are multifold. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Static Code Quality Scans

Code Coverage checks

Quality Gating

Code Quality Monitoring / Dashboarding Review collected by and hosted on G2.com.

Show More
Show Less
AB
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Organic
What do you like best?

Code Quality , Code Coverage, code scan and code vulnerabilities Review collected by and hosted on G2.com.

What do you dislike?

Integration with testing tools like UTF doesn't cover all the functionalities like a Standalone Sonar. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Integrates greatly with CI server like Cloudbees and Jenkins along with version control and testing tool like UFT. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Implementing SonarQube to figure out the quality gate, code coverage, code scan and code vulnerabilities. Review collected by and hosted on G2.com.

Show More
Show Less
AB
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Quality gate

Code scanning

Code coverage Review collected by and hosted on G2.com.

What do you dislike?

Integration with quality control testing tools. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We have successfully implemented Sonar with code scanning , code coverage and finding out the code quality and vulnerabilities associated with the source code. Review collected by and hosted on G2.com.

Show More
Show Less
Technology Analyst
Information Technology and Services
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

SonarQube is one of the most easy to use DevOps tool which provided insights into the code being build by the developers and helps in measuring the quality of deliverable.

SonarQube provides different metrics for reporting such as bugs, vulnerabilities, code smells, etc. which help lower the technical debt.

SonarQube integrated with various tools in DevOps pipeline such as Jenkins, TeamCity and provides the output in a separate tab / url which reviewers can make use off to determine whether code artifact can be released into market or quality has to be improved. Review collected by and hosted on G2.com.

What do you dislike?

I have not come up with something I dislike about SonarQube since it takes care of our daily code quality needs. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

I would strongly recommend SonarQube since it's very easy to setup, configure and provides us quality deliverable by finding out the quality issues in the code.

SonarQube provides report as well in the form of PDF so that management can have a look at it and analyse the areas where they want their team to focus more. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We have release a quality artifact by making use of SonarQube's in built functionalities which helps developers code in right way, using right code semantics and paying attention to resolving any bugs, hard coded references, etc.

We are making use of SonarQube quality gates feature to determine whether to go ahead with the build or not depending upon certain percentages or threshold which are set up. Review collected by and hosted on G2.com.

Show More
Show Less
AA
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Organic
Business partner of the seller or seller's competitor, not included in G2 scores.
What do you like best?

Analysis deeply and makes suggestions to catch best practices. Review collected by and hosted on G2.com.

What do you dislike?

Reporting over tags or even all projects are not enough Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Quality assurance over the different teams and fit a standard all over the company. Review collected by and hosted on G2.com.

Show More
Show Less
UI
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

This is best code quality tool for both static code analysis and code coverage. It's easy to configure. It supports a bunch of languages like java, groovy, c , php etc. Review collected by and hosted on G2.com.

What do you dislike?

There is noting to dislike in sonarqube. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Used it in applications for code quality and coverage. It runs on a server so anyone can easily see code coverage. Review collected by and hosted on G2.com.

Show More
Show Less
Software Engineer
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

I really like the UI and how easy it is to navigate to the right set of granularity for each project. It has good set of testing support also including Junit tests and integration tests. It is better than using just findbugs. It has really helped me find critical issues in my code that I was unable to. Review collected by and hosted on G2.com.

What do you dislike?

It is difficult to configure for the first time. I and my team took a lot of time for configuring it specific to our project. Some plugins don't work out of the box and need code configuration. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

It is a good tool out of the box with a lot of features like code coverage, testing, code health and much more. Definitely a must try! Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We are using in our team to check the health of our code and test coverage. Review collected by and hosted on G2.com.

Show More
Show Less
Agile Coach aka Scrum Master
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from the seller
What do you like best?

In the programming world, quality is always a subjective and hard to measure aspect, Sonarqube is the tool we use to ensure code quality through code analysis for each project we are working on. Review collected by and hosted on G2.com.

What do you dislike?

So far nothing has stood out that I don't like. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

In the programming world, quality is always a subjective and hard to measure aspect, Sonarqube helps us with a number associated to code covered by tests and three grades on our code quality for each project. Review collected by and hosted on G2.com.

Show More
Show Less
UI
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Code coverage, Adding templates of custom rule sets, existing rule sets, check the code quality, apply different solutions to adhere to the code quality and rectify the code quality violations and secure coding is very important aspect and very essential for gaining client trust. code coverage and unit test report is generated. Very well used in Continuous Integration. Review collected by and hosted on G2.com.

What do you dislike?

Nothing as such. As per my usage knowledge, I have no dislikes with respect to SonarQube. Sonar qube is best used in all of the code coverage purpose and finding code quality. Improving the code quality is very important for client. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Yes, I would like to recommend to every developer and project to track and enhance the code quality and this facilitates code reviews. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Banking applications, Development and maintenance. Code coverage and code quality checks and report generation. Review collected by and hosted on G2.com.

Show More
Show Less
UI
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Freedom to implement different type of analyses and the ability to quite quickly get some results. Its quite clear that the tool is going in the rigth direction and have the support from the community to carry on. Review collected by and hosted on G2.com.

What do you dislike?

Requires some technical knowledge to deploy it and then analyse some results. If there is any way to automate a few steps and provide some basic help that with a few clicks people can see results it coud push it to another level. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

Really try it! I become a fan! Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Monitoring of development code regarding some quality rules and best practices.

Some basic errors made by junior resources were identified and fixed even before going fwd for future 'copy-paste'. Review collected by and hosted on G2.com.

Show More
Show Less
UF
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2
What do you like best?

Data visualization. Did a good job of using graphs and charts to better understand code quality Review collected by and hosted on G2.com.

What do you dislike?

Recognizing code coverage. Speed. Recognizing accurate code issues sometimes poor. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Trying to improve code coverage and software quality. Review collected by and hosted on G2.com.

Show More
Show Less
UI
Small-Business(50 or fewer emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2
What do you like best?

Several pre defined coding standards , IDE support, Free community edition Review collected by and hosted on G2.com.

What do you dislike?

Too much noise. No easy way to ignore all existing issues with several release mode projects. Licensed versions too costly

Takes long time to run rules

IDE support - cannot run analysis at package level Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Enforce coding standards Review collected by and hosted on G2.com.

Show More
Show Less
Senior Java Backend Developer
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: Invitation from G2
What do you like best?

All valuable software metrics could be found packed in this nice piece of software. Review collected by and hosted on G2.com.

What do you dislike?

I am so impressed by this software that can't see any downside in it. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Keeping an eye on the quality of software being developed like cohesion and technical debt. Review collected by and hosted on G2.com.

Show More
Show Less
AI
Mid-Market(51-1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

Real time tracking of unit tests and code coverage Review collected by and hosted on G2.com.

What do you dislike?

Nothing much, serves our purpose. UI is intuitive, so nothing I can think of. Review collected by and hosted on G2.com.

Recommendations to others considering the product:

I would recommend everyone to try this software if you are evaluating tools for code coverage analysis Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Unit test

Code coverage by unit tests

Quality gates for CI/CD implementation Review collected by and hosted on G2.com.

Show More
Show Less
DevOps Engineer
Information Technology and Services
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: Invitation from G2
What do you like best?

The best thing i like in SonarQube is - it not only helps to find bugs, it also provides solution to fix the bugs. Review collected by and hosted on G2.com.

What do you dislike?

Nothing specific. I don`t have any anything. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

Checking code quality, detect bugs and finding duplicate code Review collected by and hosted on G2.com.

Show More
Show Less
AF
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: G2 Gives Campaign
What do you like best?

The ability to create stage gates and quality rules that tell me at a glance how many issues, and of what type, need to be addressed. Review collected by and hosted on G2.com.

What do you dislike?

Integrations with Continuous Integration (CI) software requires workarounds, and there aren't many pre-built libraries to support them. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

We can see at a glance whether the code is meeting quality standards, and can easily review and accept or schedule issues for remediation. Review collected by and hosted on G2.com.

Show More
Show Less
Specialist Master
Management Consulting
Enterprise(> 1000 emp.)
Validated Reviewer
Review source: G2 Gives Campaign
What do you like best?

Accurate output every time when you use the sonar cube Review collected by and hosted on G2.com.

What do you dislike?

ease of use can be improved. There should be ability for user to add new rulesets. Review collected by and hosted on G2.com.

What problems are you solving with the product? What benefits have you realized?

code review Review collected by and hosted on G2.com.

Show More
Show Less