Sign in
Categories
Your Saved List Partners Sell in AWS Marketplace Amazon Web Services Home Help

SonarQube packaged by Bitnami

Bitnami by VMware | 9.5.0-2 on Debian 11

Linux/Unix, Debian 11 - 64-bit Amazon Machine Image (AMI)

Reviews from AWS Marketplace

1 AWS reviews
  • 1
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

43 reviews
from G2

External reviews are not included in the AWS star rating for the product.


    Pranay J.

SonarQube: Continuous Code Quality & Code Security

  • May 21, 2022
  • Review verified by G2

What do you like best?
I'm using SonarQube for almost 5 years now, it's an open-source tool that can be self-host in the cloud or on-prem or can be run inside a docker container. It's backed by a large community and they are updating it continuously from both features and capability wise.
What do you dislike?
It's a legacy tool but I would like to see some UI changes as it's not up to mark as compared to the other modern tools like GitGuardian and Snyk. Creating custom rules can be very tricky sometimes. There should be some kind of repository for keeping and sharing the rules.
What problems is the product solving and how is that benefiting you?
We use SonarQube for checking the quality of every piece of code written by our team. We have SonarQube running on cloud-based server where our team can go and check the quality of their code.


    Piyushkumar R.

Nice tool to get your Code and Coding skills right!!

  • March 27, 2022
  • Review provided by G2

What do you like best?
Sonar Qube provides suggestions on Coding standard violations and helps us to improve the Code quality. It categorizes coding issues while compiling code in Major, Minor, Critical etc so we can fix it and improve. It also provides us to track and assign issues. I improved my coding skills somewhat using this tool's suggestion.
What do you dislike?
Sometimes we get warnings for legitimate issues but that is fine as this tool provides suppress issue functionality.
What problems is the product solving and how is that benefiting you?
Improved Coding standard and code quality. Make code efficient. remove redundant code.


    Information Services

Comlex to integrate with cloud applications

  • March 25, 2022
  • Review provided by G2

What do you like best?
Detailed report about the vulnerabilities and clear indication with expected time it will take to resolve the issues
What do you dislike?
Complex integration with cloud applications and IDE's plugins
What problems is the product solving and how is that benefiting you?
Code coverage and vulnerabilities in code


    Sarath N.

Protects my application from vulnerable code and libs

  • March 11, 2022
  • Review provided by G2

What do you like best?
Development perspective it
1. checks the library that I am using whether it's outdated or it's vulnerable.
2. Checks my code coverage if I go ace any code that does not have any tests to validate
3. Checks it my code smells (like unwanted statements, unused imports etc)
From testing perspective
4. Checks my code if that smells
5. Checks and inform Jenkins dsl pipeline if that job is success or failed
What do you dislike?
Configuration to suppress some of the components should have been bit easier I.e kind of plug and play. In this way we should be able to manage what components that suits my app or test code needs
What problems is the product solving and how is that benefiting you?
We where using Jenkins on a descriptive pipeline (CI) to run our automation suite and there is a restriction that we should run our suite only in docker slave container instead of master. Since we are calling a shell script in Jenkins which always sends 200 for job status even if some tests failed this is giving me false positive as the pipeline is always green actually it should be RED. When we integrate SonarQube inside our container we were able to distinguish the failed tests thereby failing the Jenkins job and provide a positive feedback with our tests. This helps us in delivering a quality product to Custer rather a defective one


    Financial Services

Helps us in maintaining the coding standards and avoid security risk code

  • March 08, 2022
  • Review provided by G2

What do you like best?
The way it analyzes all the code written and provides the violations of standard coding helps us optimize the written code ensuring the minimal number of lines are written to cover the functionality effectively. It has a beautiful user interface where the violations are categorized into different groups ranging from minor to major and involve resolving the unnecessary complexity of the code.It also helps us in removing the duplicate code which has been used multiple times and maintaining the standards in methods.
What do you dislike?
At times I find the blocker during the times of emergency code deployment where it doesn't allow the code to be checked-in to the repository unless the violations are fixed, which should enable the user to bypass the number of lines that should be part of the written method. The build failure messages which is triggered to the group when the coding violation occurs
What problems is the product solving and how is that benefiting you?
Code analysis and minimizing the violations of the code and ensure the complexity of the code is resolved and meets the industry standards and run the health report in every code check-in to the repository to ensure the coding violations are minimal, removal of duplicate methods or code and empty methods and ensure we have a plan in place with regards to the specified format.


    Shreyans M.

Elevate the quality of code with ease!

  • January 30, 2022
  • Review provided by G2

What do you like best?
Runs complex static code analysis rules to help elevate the quality of code and promote a more clean, better secure, and optimized version of the code achieved ahead of the production release.
What do you dislike?
A good amount of time is required to integrate the Sonarqube in CI/CD Pipelines and may need even more time if the developer is relatively newer. The available guide should have more real-time solutions, so it is pretty quick to resolve issues and complete the integration.
What problems is the product solving and how is that benefiting you?
This tool helps to catch unusual code vulnerabilities/bugs using various complex level analytics and ultimately help prevent a deteriorated version of the code from being introduced to the end-users. Overall it also helps to increase the velocity of the code by reducing the technical debt being piled up and generating a clean, maintainable, and optimized version of the code.


    Computer Software

SonarQube: Great tool for Code Quality

  • January 18, 2022
  • Review verified by G2

What do you like best?
1. Open SOurce tool for code quality check
2. Easy to install on various OS and can be used as a Docker container
3. Supports multiple common programming languages
4. Easy to implement in CI pipelines
What do you dislike?
1. Requires to self-host for the community version
2. PDF report generation available only in the enterprise version
3. UI is very outdated in comparison to other tools in the market
4. IaC scanning is missing in the community version
What problems is the product solving and how is that benefiting you?
We were looking for a tool to check the Code Quality which we can add to our CI pipelines. Now we are using SonarQube and getting the reports on the dashboard after every code commot.


    Olafur B.

An ok static analyzer

  • January 07, 2022
  • Review provided by G2

What do you like best?
Sonarqube shows us how well programmers are adhering to the rules of code and does that admirably. Also, it does show CWEs, unnecessary code duplication, and code smells, which is a great addition.
What do you dislike?
This tool is not in the same league as Synopsis Coverity as it does not analyze the code for a potential null pointer or buffer overflow errors in the execution tree. Additionally, it does not detect any threading race conditions like Coverity.
What problems is the product solving and how is that benefiting you?
Best practices in coding, style adherence, flag CWEs, reduce duplications of code, on all levels, java, c++.


    Akshata P.

Best tools for Continuous PR reviewing and code checking.

  • November 25, 2021
  • Review provided by G2

What do you like best?
It provides reasons as to why a particular code is marked for review.
Issues generated can be assigned in bulk to a user in GitHub and tracked accordingly.
Thus making it the best tool for code quality.
What do you dislike?
Sonarlint is a minor tool used by sonarqube that runs in background could be in sync with the vscode(other similar IDE) - Most awaited feature.
If this feaure is implemented then there won't be hassle to switch between IDE and Sonarqube server.
What problems is the product solving and how is that benefiting you?
Below is the list of problems that we previously faced and are solved by Sonarqube:
1. Code reviews - (along with creation/assigning of issues)
2. Security issues - (With resolution)
3. Technical Debt calculator
Recommendations to others considering the product:
Best to consider this tool only if the size of your team is above 10. For groups below 10, it is recommended to use the community version or integrate Sonarlint with IDE(free to use).
It is recommended to be used by the team lead esp for the management of technical debts and security concerns.


    Taimoor A.

Best Tool For Code Testing

  • November 18, 2021
  • Review provided by G2

What do you like best?
SonarQube gives the platform for QA to test the quality of code. SonarQube accepts many languages for testing the code. It generates the testing code report and shows all the loopholes in the code.
What do you dislike?
There is nothing to say major bug in SonarQube, but one thing is that when we integrate SonarQube to Jenkins, it's complicated to combine both because it's not a localhost URL. We must provide an instance IP address.
What problems is the product solving and how is that benefiting you?
I'm a QA, I will test UI and functionality for any software, but when we try to code, it's challenging; SonarQube provides the best way to test the code and find the bugs on any software code.