SonarQube

(15)
4.3 out of 5 stars

SonarSource products have innovative features to maximize quality and manage risk for both small and large software portfolios.

Work for SonarQube?

Learning about SonarQube?

We can help you find the solution that fits you best.

Find the Right Product

SonarQube Reviews

Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • User Industry
Ratings
Company Size
User Role
User Industry
Showing 15 SonarQube reviews
LinkedIn Connections
SonarQube review by <span>Tushar B.</span>
Tushar B.
Validated Reviewer
Invitation from G2 Crowd
Reviewed On

Used for maintaining your code quality

What do you like best?

I really like the UI and how easy it is to navigate to the right set of granularity for each project. It has good set of testing support also including Junit tests and integration tests. It is better than using just findbugs. It has really helped me find critical issues in my code that I was unable to.

What do you dislike?

It is difficult to configure for the first time. I and my team took a lot of time for configuring it specific to our project. Some plugins don't work out of the box and need code configuration.

Recommendations to others considering the product

It is a good tool out of the box with a lot of features like code coverage, testing, code health and much more. Definitely a must try!

What business problems are you solving with the product? What benefits have you realized?

We are using in our team to check the health of our code and test coverage.

Sign in to G2 Crowd to see what your connections have to say about SonarQube
Headshots
SonarQube review by <span>Samuel B.</span>
Samuel B.
Validated Reviewer
Verified Current User
Invitation from G2 Crowd
Reviewed On

Code Analytics Tool That Has Gotten Better with Age

What do you like best?

Sonarqube is my one stop shop to find out the health of my code and the ability to integrate it with build tools and continuous integration ensures I'm always getting up to date information. It can quickly help you highlight trouble (hot-spots) in your code base and has integration with JIRA so that you can create a ticket and make sure the work to fix it isn't lost. Support for multiple projects with multiple configurations is also a huge plus because not all projects are the same. Sonarqube has been my go-to code analytics tool for many years as a Java developer.

What do you dislike?

Initial set up when using build tools like Maven or Gradle can be a bit challenging if you're just learning but once you've got the set up correct you usually don't need to edit it much after that point.

Recommendations to others considering the product

I wouldn't hesitate to plug SonarQube into one of your current projects and see what metrics it can generate for you and if they are helpful. I have a feeling that once you start to see what it can uncover that you'll use it more often than not to feel confident that your code is healthy and that your team is adhering to best practices for your company and the wider coding community.

What business problems are you solving with the product? What benefits have you realized?

I use SonarQube to ensure that my team and I are adhering to coding best practices defined as static rules and that we are maintaining good code coverage while not adding to technical debt. Sonarqube makes it extremely simple to tweak what is/is not considered technical debt for your team and as mentioned, makes it easy to identify hot spots to remedy. I use SonarQube as an early warning system that there may be some issues in the code that the team needs to address and the dashboard and drill down metrics make it easy to identify these issues.

What Static Code Analysis solution do you use?

Thanks for letting us know!
SonarQube review by <span>Eric M.</span>
Eric M.
Validated Reviewer
Verified Current User
Invitation from G2 Crowd
Reviewed On

Static Code Analysis with centralized reporting and tracking made easy!

What do you like best?

The ability to run both locally within your IDE (Eclipse, Jetbrains, etc) via the SonarQube plugin so you can correct any issues before committing your code, and you can also run it from your CI server (I use Bamboo) as part of the build step. There are quality gates that will let you fail the build if it doesn't meet certain quality criteria. That quality gate can fail the build. PCI compliance requires that you perform static code analysis against your in-scope code. This tool is a great addition to your code deployment pipeline! It also supports many languages such as Java, Python, C but expect to pay for plugins for Objective-C and Swift.

What do you dislike?

They discontinued the JIRA plugin that allows you to create a story for a problem found in your code, right within the SonarQube web interface. I feel like everyone uses JIRA for story/bug tracking so why get rid of that plugin?

Recommendations to others considering the product

It is a free (excluding the extra plugins and support they offer), open source project and only takes an hour to get up and running. It will help you understand your code better and become a better coder overall.

What business problems are you solving with the product? What benefits have you realized?

To ensure quality code and meet PCI compliance requirements, SonarQube allows us to analyze code from a central location and make it part of the code deployment pipeline for all code before it ships.

SonarQube review by <span>Juan Carlos R.</span>
Juan Carlos R.
Validated Reviewer
Verified Current User
Organic
Reviewed On

Ensuring Quality

What do you like best?

In the programming world, quality is always a subjective and hard to measure aspect, Sonarqube is the tool we use to ensure code quality through code analysis for each project we are working on.

What do you dislike?

So far nothing has stood out that I don't like.

What business problems are you solving with the product? What benefits have you realized?

In the programming world, quality is always a subjective and hard to measure aspect, Sonarqube helps us with a number associated to code covered by tests and three grades on our code quality for each project.

SonarQube review by <span>Attila C.</span>
Attila C.
Validated Reviewer
Verified Current User
Invitation from G2 Crowd
Reviewed On

SONARQube for the best code quality

What do you like best?

Several Integrated code quality tools like PMD, Checkstyle or Findbugs.

Offer one place of configuration over your codebase

Easy clear UI interface to get a great overview about your code quality from different angle

Easy configuration for plugins

What do you dislike?

Some IDE's plugins not support all SONARQube version, so you should follow which plugin you should use to work properly with the latest versions.

Recommendations to others considering the product

You should identify which kind of quality you try to achieve and pick the right plugin

You can always override SONARQube's default quality settings over PMD, Checkstyle or findbugs, so you can get the most out from this system.

What business problems are you solving with the product? What benefits have you realized?

Easy to integrate into agile workflow by defining / filtering code quality issues and define test for them

By following the suggested code quality problems, you can increase your code quality rapidly.

Thanks to plugins we can use this product to analyze different language based components

SonarQube review by Administrator in Aviation & Aerospace
Administrator in Aviation & Aerospace
Validated Reviewer
Verified Current User
Invitation from G2 Crowd
Reviewed On

Valuable tool for code quality analysis

What do you like best?

After getting the setup right, it's a "set it and forget it" solution. Also, the defaults are very sensible and we rarely needed to change them. It is very useful and provides a good integration with our existing build system, including Gradle and Jenkins. We recently upgraded to a newer major version and the upgrade went almost completely smooth, which is a big plus.

What do you dislike?

The setup can be somewhat frustrating and (especially for older versions) some of the functionality, like the history, can be very, very slow. This got fixed in recent versions but now you can have huge, huge elastic search indices, which can be somewhat of a problem.

Recommendations to others considering the product

It's a very nice tool but make sure to have somebody who can administer and set it up correctly, as the integration with different database backends, etc. can be troublesome at times.

What business problems are you solving with the product? What benefits have you realized?

We are using it, surprise, to keep up with our code quality. This means that it is integrated with our continuous builds and reports are autogenerated when builds happen. The main benefit is that it not only does the analysis but gives the reason why something was marked and how to solve it.

Kate avatar
Kate from G2 Crowd

Learning about SonarQube?

I can help.
* We monitor all SonarQube reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.