Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

SonarQube™ packaged by 12 Tech

12 Tech | 1.0

Linux/Unix, Amazon Linux Amazon Linux 2 - 64-bit Amazon Machine Image (AMI)

Reviews from AWS Marketplace

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

88 reviews
from G2

External reviews are not included in the AWS star rating for the product.

    Mukesh Kumar R.

Essential for clean code

  • May 04, 2024
  • Review provided by G2

What do you like best about the product?
Simple deployment. Very easy installing is practiced particularly on Kubernetes using YAML formats. Moreover, integration with GitHub by means of GitHub actions is fluent because it enables developers to conduct their scans, therefore, receiving their notifications once they complete them. On the other side when it comes to flexibility, SonarQube is unmatched. It offers so much when you want to configure it letting you even prevent vulnerability detection until pull request merges are halted for example while at the same time providing a good way of looking at detected exploitation points - such as their exact location that has been pointed out about them.
What do you dislike about the product?
This tool is exclusively for Static Application Security Testing , other tools provides integrating Dynamic (DAST) and Static (SAST).
What problems is the product solving and how is that benefiting you?
Improve compliance and risk management, reduce the cost of management while enhancing the business process results.

    Ramakrishna B.

Must for high quality development

  • May 03, 2024
  • Review provided by G2

What do you like best about the product?
SonarQube helps to evaluate your code during the development itself. It provides a great amount of reviews/suggestions to improve your code. It also supports a variety of programming languages. The tool is easy to use.
What do you dislike about the product?
Nothing as such, but some of the static analysis could be improved for certain languages like C++.
What problems is the product solving and how is that benefiting you?
We were facing quite a few challenges in manual code reviews and standardizing the coding formats. Sonarqube came to our rescue during our development to have a good quality code with integrated chcks into Developer IDE as well as the build pipeline.

    Medical Devices

Good tool, mixed experience with SonarSource

  • April 28, 2024
  • Review verified by G2

What do you like best about the product?
Good integration with CI tools. Supports many programming languages. Modern web UI.
What do you dislike about the product?
My experience as a SonarSource customer shows that they manifest little interest in small customers. In addition, their quality policy is poor when it comes to fixing major bugs in their code. For instance, this ticket has now been open for 1 year without any time frame for fix:
https://sonarsource.atlassian.net/browse/CPP-4175
This is unsatifying and quite ironical actually, for a company writing software for code quality.
What problems is the product solving and how is that benefiting you?
Static code analysis, discover potential bugs in code.

    josue d.

Good but I would like to have training courses

  • April 25, 2024
  • Review verified by G2

What do you like best about the product?
I like how complete the tool is, I like that I can have many users with different permissions
What do you dislike about the product?
I don't like the complexity of integrations
I don't like that there is no error documentation
I don't like that there are no training courses.
I would like a certification
What problems is the product solving and how is that benefiting you?
in ease of use, because it is easier to make demos that way

    theo g.

really Bad i have issues to implement on a repo sonaqube free edition

  • April 24, 2024
  • Review provided by G2

What do you like best about the product?
they sell that is good , i don't have a change to fully test
What do you dislike about the product?
complicated to implement , lack of documentation for diff version .
all points to developer edition of sonaclone that is expensive
What problems is the product solving and how is that benefiting you?
unable to make work , java errors for every where

    Kelli K.

SonarQube has Improved our Tech Debt!

  • April 24, 2024
  • Review verified by G2

What do you like best about the product?
We have implemented it across our org, and it has been awesome. Code coverage everywhere has gone up, more bugs are being fixed, and there is more visibility into team's tech debt.
What do you dislike about the product?
The one downside to the new versions is lack of support for older node versions. Our monolith is still using some old versions (which of course we need to work on upgrading!), keeping us from upgrading sonarqube.
What problems is the product solving and how is that benefiting you?
It is helping us increase code coverage across our whole organization, which is making for better code all around.

    Biotechnology

QA with SonarQube

  • April 24, 2024
  • Review verified by G2

What do you like best about the product?
The ease of use of SonarQube (in house we call it sqube) is vital to our teams in increasing the velocity of development
What do you dislike about the product?
The admin interface could be simplified. Also it does't automatically provide pull requests with fixes.
What problems is the product solving and how is that benefiting you?
In BioTech, safety is paramount. We use Sqube as a tool to show that we follow the latest trends to provide GxP methods found in the industry.

    Alan R.

Sonarqube is a great tool to help devs raise the quality of legacy code and new greenfield code

  • April 24, 2024
  • Review provided by G2

What do you like best about the product?
Identification of coding issues across whole codebases, while providing a manageable way to gradually improve the code quality over time by enforcing that new code is of good quality. Developers can be gently guided to better practices without having to solve thousands of code smells all at once. We can refactor code as we work in different areas without introducing new risk of regressions.
Easy to setup and manage and pretty hands off. It integrates well with Azure DevOps and our pull request and CI workflows.
What do you dislike about the product?
Some churn recently in how Sonarqube manages quality gates and what the bar is.
We have a number of limitations in our analysis, particularly in collecting code coverage information.
What problems is the product solving and how is that benefiting you?
Sonarqube provides a level of security review to our code changes.
Sonarqube helps developers maintain a high quality bar in the code they write, provides neutral guidance and learning without code reviewers having to nitpick every commit. Developers are guided to improve the code they touch, gradually helping improve the quality of older legacy codebases without making large changes and introducing regression risk.

    Computer Software

Effective static analysis for bugs and vulnerabilities

  • April 24, 2024
  • Review verified by G2

What do you like best about the product?
Being able to filter issues and assign them to different team members allows each developer to focus on high-priority issues. SonarQube allows you to enable to disable specific rules, and to set the severity of each rule. This further help to prioritize the issues needing attention.

When a developer determines that a particular issue should NOT result in a code change, they can mark that issue as "won't fix" and enter an explanation. This helps provide detailed reports.

SonarQube also provides clear, high-level overviews of the status of your software projects (for managers), along with reports (for customers). This helps take much of the communication burden off of the development team.
What do you dislike about the product?
Like any static analysis tool, there are occasional false-positives. And depending on your code, there may be issues flagged as "problems" which are really just stylistic differences or deviations from best practices.

But it is fairly easy to mitigate these issues. False-positives need to be reviewed, but the detailed analysis provided by SonarQube (including traces through earlier statements showing how the issue was identified) help with the review. As for issues that are merely stylistic differences, these can be given a lower severity rating or even eliminated by customizing the underlying rules.
What problems is the product solving and how is that benefiting you?
Identifies code quality issues. Helps us improve the reliability of our applications and reduce our technical support burden. Also helps us mature the code base, which makes subsequent development faster and easier.
Identifies code security issues. Helps us head off vulnerability crises and the need to develop hotfixes.
Reports the status of unresolved issues and unit test code coverage per project. Helps us track technical debt.
Reports the status of each project or application (set of projects) for consumption by customers. Meets requirements imposed by some customers, allowing certain sales to go through that would otherwise be blocked.

    Franco R.

A powerful tool for more powerful teams

  • April 24, 2024
  • Review verified by G2

What do you like best about the product?
This easy-to-configure tool increases code quality in no time
What do you dislike about the product?
It takes a bit to achieve the cultural change of the team necessary to take advantage of the insights reported by the tool
What problems is the product solving and how is that benefiting you?
We were able to resolve code errors and improve quality. We also increased test coverage by reducing the number of functional errors

showing 1 - 10