Sign in
Categories
Your Saved List Partners Sell in AWS Marketplace Amazon Web Services Home Help

SonarQube -Code Quality and Security Pre-configured Stack by Terracloudx

terracloudx | 8.6-v20210526

Linux/Unix, Ubuntu Ubuntu 20.04.1 - 64-bit Amazon Machine Image (AMI)

Reviews from AWS Marketplace

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

35 reviews
from G2

External reviews are not included in the AWS star rating for the product.


    Akshata P.

Best tools for Continuous PR reviewing and code checking.

  • November 25, 2021
  • Review provided by G2

What do you like best?
It provides reasons as to why a particular code is marked for review.
Issues generated can be assigned in bulk to a user in GitHub and tracked accordingly.
Thus making it the best tool for code quality.
What do you dislike?
Sonarlint is a minor tool used by sonarqube that runs in background could be in sync with the vscode(other similar IDE) - Most awaited feature.
If this feaure is implemented then there won't be hassle to switch between IDE and Sonarqube server.
What problems are you solving with the product? What benefits have you realized?
Below is the list of problems that we previously faced and are solved by Sonarqube:
1. Code reviews - (along with creation/assigning of issues)
2. Security issues - (With resolution)
3. Technical Debt calculator
Recommendations to others considering the product:
Best to consider this tool only if the size of your team is above 10. For groups below 10, it is recommended to use the community version or integrate Sonarlint with IDE(free to use).
It is recommended to be used by the team lead esp for the management of technical debts and security concerns.


    Taimoor A.

Best Tool For Code Testing

  • November 18, 2021
  • Review provided by G2

What do you like best?
SonarQube gives the platform for QA to test the quality of code. SonarQube accepts many languages for testing the code. It generates the testing code report and shows all the loopholes in the code.
What do you dislike?
There is nothing to say major bug in SonarQube, but one thing is that when we integrate SonarQube to Jenkins, it's complicated to combine both because it's not a localhost URL. We must provide an instance IP address.
What problems are you solving with the product? What benefits have you realized?
I'm a QA, I will test UI and functionality for any software, but when we try to code, it's challenging; SonarQube provides the best way to test the code and find the bugs on any software code.


    Shubham P.

To Maintain Quality Of the Codebase

  • October 21, 2021
  • Review verified by G2

What do you like best?
SonarQube is the real troubleshooter for a software developer. Sonarqube is really helpful to maintain the code quality of the code and also to maintain the code coverage. With the help of its preconfigured rules for specific languages, you will be able to write high-quality and bug-free code. It is also helping us with our project audits which clearly and loudly shows the audit people that we are indeed maintaining the project's code quality.
What do you dislike?
The biggest headache of the sonarQube is that if you are planning to use it for the code coverage purpose of your test cases, you have to configure a 3rd party plugin like JaCoCo in the case of Java which is an extra thing for configuration. The biggest headache of the sonarQube is that if you are planning to use it for the code coverage purpose of your test cases, you have to configure a 3rd party plugin like JaCoCo in the case of Java which is an extra thing for configuration. Once you write the code in java and expecting your sonarqube to show code coverage of your applications testcases you have to configure the plugin.
What problems are you solving with the product? What benefits have you realized?
Sonarqube is helpful to maintain the code quality of the code and also to maintain the code coverage. With the help of its preconfigured rules for specific languages, you will be able to write high-quality and bug-free code. About the benefits I would say it helped to maintain our project code quality to a topmost level with the help of Sonar developer can quickly identify their mistakes and correct it and also learn the coding standards to maintain the code conventions which is very good in the case of the new learners/ beginners for the professionals of the specific language.
Recommendations to others considering the product:
Yes I would definitely recommend this to use it to every developer infact I would say we don't have a better option than this. It will help you in learning code conventions, maintaining code quality and also code coverage.


    Riddhi G.

SonarQube - Perfect tool to enhance code quality

  • September 29, 2021
  • Review provided by G2

What do you like best?
SonarQube offers the best functionality to manage your code quality by making it bug-free, in results it improves code security as well
What do you dislike?
As SonarQube shows perfect errors in code with line number as well there is nothing missing or about dislike in it.
What problems are you solving with the product? What benefits have you realized?
We can improve code quality, we can make it bug free


    Debnita G.

One of the most helpful tool to get the Perfect code coverage and improving coding standards

  • September 09, 2021
  • Review provided by G2

What do you like best?
The best thing is the code smell detected by the sonarqube and it also indicates if there is any code vulnerability.
What do you dislike?
It would be good if there is any way to download the report and share it with teams.
What problems are you solving with the product? What benefits have you realized?
We look at the test case coverage and try to increase the coding standard with the help of Sonarqube.
Recommendations to others considering the product:
This is the best tool to check the Test case coverage and detect any security hole/ code smell in the application. The suggestions given by the sonarqube highly help to increase the coding standard.


    Banking

Code Analysis by Sonar

  • September 08, 2021
  • Review provided by G2

What do you like best?
Scanning the source code is a basic requirement to identify the gaps. Sonar does it very efficiently and also you can create your own custom rules and quality gates. It provides you all the info about code coverage, bugs, reliability , vulnerability, code smells etc that you can fix and make sure a issue free code delivery. It has good ui for the reports to analyze and can send automated notifications to subscribers on each scans. It also can be easily integrated with CI pipeline to make it more effective and improve the over code quality
What do you dislike?
Setup of project to scan the codes and cost issues due to branching - it used to consider each branch code as a separate repo which was fixed in one of the recent release so the only issue is cost
What problems are you solving with the product? What benefits have you realized?
Scanning code as part of CI pipeline in an automated way and send notification to stakeholders. Since we use multiple technologies we needed something that can support across tech stack and in an automated manner


    Medical Devices

Really about the Cloud.

  • November 11, 2020
  • Review verified by G2

What do you like best?
It's super easy to connect to your organization and get started.
Allows for the flexibility of authentication to use GitHub or other authentication mechanisms.
You can choose to do all of your repos or just select ones.
Has more advanced features that you can integrate with as you gain experience with (and clean up your house) such as using it as a pass/fail during pull or merges, checking for code coverage etc.
What do you dislike?
Some of the navigation is a bit confusing and they could still improve how branches are handled and make it simpler to use in that regard.
What problems are you solving with the product? What benefits have you realized?
Showing security compliance with OWAP top 25, Code coverage, Code complexity. Allows us to focus in on trouble spots in our code.


    Human Resources

Great solution, lousy licensing

  • September 20, 2020
  • Review verified by G2

What do you like best?
Continuous code inspection has a great deal of benefits, from increasing team velocity through first pass code reviews, to reduced maintenance costs. My favorite feature of SonarQube, however, is the IDE integration between SonarQube (server-side) and SonarLint (client-side). By allowing rules / qualify profiles to be centralized, we are able to essentially have a spell-checker for our code, while it is in active development, helping to shift feedback about as far left as it can get.
What do you dislike?
The pricing model is prohibitive as many critical features are found only in higher tiered versions of the application. One in particular is high-availability. Any corporation making SonarQube a part of their delivery pipeline essentially is required to get the highest tiered version of the application to have HA capabilities and boy will it cost you.
What problems are you solving with the product? What benefits have you realized?
Reduced code review times. Improved readability and maintainability. Helps to educate junior developers with explanation of the violations and examples for how to be in compliance.


    Prathamesh S.

SonarQube - The go to static code analysis tool

  • September 18, 2020
  • Review verified by G2

What do you like best?
The ability to run my scans against a default set of code rules (in the free version) or to run it against an organisation wide set of rules (paid versions).

Sonarqube also provides a plugin for IntelliJ which makes it very easy for me to run the static code analysis straight out of my IDE as soon as I make the changes.

The integration with Jenkins also is one of the biggest benefits. Makes the whole process smooth and the ability to add the concept of tollgate makes it a great feature for enterprise applications.
What do you dislike?
Setup can be a bit challenging, considering the latest version requires Java 11 and we had a challenging time setting up the system due to various issues faced with other components not being compatible with Java 11.
What problems are you solving with the product? What benefits have you realized?
Code Quality Metrics, Static code analysis and bad coding practice detection.


    Information Technology and Services

Nice tool for static code analysis

  • August 31, 2020
  • Review provided by G2

What do you like best?
It is really time saving to complete the development by using Sonar Qube as it will do the static code analysis at initial development phase itself
What do you dislike?
I've used it along with VS Code editor and it seems to be working fine.
What problems are you solving with the product? What benefits have you realized?
Mainly the problems related to static code analysis.