SonarQube™ packaged by 12 Tech
12 Tech | 1.0Linux/Unix, Amazon Linux Amazon Linux 2 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Wonderful tool to learn from your mistakes
What do you like best about the product?
* Comprehensive Code Analysis
* Very easy to use
* Very easy to integrate with existing CI/CD tools
* Very easy to use
* Very easy to integrate with existing CI/CD tools
What do you dislike about the product?
* Difficult to implement in a rigid environment
What problems is the product solving and how is that benefiting you?
Issues related to code quality
Recurrent mistakes that need to be taught to all new comers can be added as rules
Code Legacy
Recurrent mistakes that need to be taught to all new comers can be added as rules
Code Legacy
- Leave a Comment |
- Mark review as helpful
Sast tooling experience
What do you like best about the product?
SonarQubes ability to analyze the code at local build as well in CI/CD build add an important steps in improving the quality of the code. The recently added security analsyis of the code is very helpful for us for discovering any vulnerabily of the written code.
What do you dislike about the product?
Reporting can be further improved with slice and dice featues
What problems is the product solving and how is that benefiting you?
SonarQube is helping improve the code quality interms of security and as well as overall quality of the code
How our team uses SonarQube
What do you like best about the product?
Our development process is helped alot by SonarQube as it will detect some bugs such as running out of memory, or simple error that we might not see at the first time. Our team is happy to use the product.
What do you dislike about the product?
Getting it to start is a long process. We are having some trouble trying to understand how sonarqube judges our code. As our team is using it for the embedded environment, some suggestions (such as atomic implementations etc) are not really applicable to us. At first we were frustated as it always suggested that our code is wrong, but now we can find a way to silence it.
What problems is the product solving and how is that benefiting you?
It can be integrated easily (after we understand) to our Gitlab server. We can have the analysis out of the box immediately when we are pushing the commits.
Game Changer for Shifting Left
What do you like best about the product?
SonarQube has been an invaluable tool for our development team that helps us catch issue earlier on in the SDLC. We like the wide range of static code analysis rules, easy to use UI, and the large number of supported programming languages.
What do you dislike about the product?
Occasionally, when analyzing large codebases or running complex rules, SonarQube can be resource-intensive and slow down the analysis process. Also, there are more languages we would like to see supported as the product matures.
What problems is the product solving and how is that benefiting you?
The ability to shift left on code quality and application security by using SonarQube in our SDLC.
SonarQube for Static code analysis
What do you like best about the product?
Its pretty effortless to integrate this with DevSecoOps pipeline
What do you dislike about the product?
It would be good if they provide support for more legacy code languages.
What problems is the product solving and how is that benefiting you?
Code quality improvement, early vulnerability findings and resolution.
Easy to use, modular and helpful in improving software quality.
What do you like best about the product?
I use SonarQube mainly for analyzing C, C++ and Python programming languages, and that's why I need a SonarQube developer license. The $160 I spent for a year is really worth it. Think of SonarQube as your peer review, friend and supervisor for your software development.
Analyzing C/C++ is really easy and not tied to an IDE. I simply host SonarQube in Docker, build my software with build-wrapper and analyze it with Sonar-scanner. The analysis results then appear in the SonarQube dashboard.
I use SonarQube both at work and at home for my personal project. Due to the affordable price and ease of use, I have been loyal to SonarQube for 3 years now.
Sonar also has responsive customer support, and I mainly contact them to get a new license due to an issue with my Docker image. The response consistently within 1-2 days, and I always communicate via email. No website to report or form to fill out, which for me is convenience.
Analyzing C/C++ is really easy and not tied to an IDE. I simply host SonarQube in Docker, build my software with build-wrapper and analyze it with Sonar-scanner. The analysis results then appear in the SonarQube dashboard.
I use SonarQube both at work and at home for my personal project. Due to the affordable price and ease of use, I have been loyal to SonarQube for 3 years now.
Sonar also has responsive customer support, and I mainly contact them to get a new license due to an issue with my Docker image. The response consistently within 1-2 days, and I always communicate via email. No website to report or form to fill out, which for me is convenience.
What do you dislike about the product?
I develop embedded software that adheres to MISRA C/C++, and SonarQube does have some MISRA rules, but not all of them are implemented. I really love to see SonarQube being able to adopt all these rules.
A few times I have found alternatives to SonarQube for this reason, but since other tools are expensive, tied to an IDE and the learning curve is unknown (unlike SonarQube, we only need 3 steps to analyze the code), I keep coming back to SonarQube.
A few times I have found alternatives to SonarQube for this reason, but since other tools are expensive, tied to an IDE and the learning curve is unknown (unlike SonarQube, we only need 3 steps to analyze the code), I keep coming back to SonarQube.
What problems is the product solving and how is that benefiting you?
SonarQube became my main platform for consolidating unit test results, code coverage and static code analysis. SonarQube Dashboard becomes my benchmark for software development maturity.
Other static code analyzers can also report errors, but unlike SonarQube, it shows very nice examples of compliant and non-compliant code. This has helped me a lot throughout my software development career.
Other static code analyzers can also report errors, but unlike SonarQube, it shows very nice examples of compliant and non-compliant code. This has helped me a lot throughout my software development career.
Boosts our development
What do you like best about the product?
- Easy to install and use in our pipelines.
- Integrates with GitHub and Jira
- Great support and community for help.
- Integrates with GitHub and Jira
- Great support and community for help.
What do you dislike about the product?
Some dodumentation can be a bit confusing.
What problems is the product solving and how is that benefiting you?
We'll keep releasing quality code.
SonarQube delivers on Code Quality and Code Security
What do you like best about the product?
SonarQube support an extensive number of code languages and provides flexibility to introduce quality rules and quality gates, lastly shifting left for Code Quality with SonarLint. The solution is easy to implement and use. Customer support provides timely responses. We have incorporate SonarQube within our CI/CD SDLC workflow.
What do you dislike about the product?
No support for Elixir, SonarQube Enterprise not offered as a native SaaS Cloud option.
What problems is the product solving and how is that benefiting you?
Improving Code Quality, Code Security and shifting left with SonarLint
Best Tool for Code Quality
What do you like best about the product?
Especially Issues about security, and code smells are great to be better developer
What do you dislike about the product?
To develop new ext or rules for sonarqube
What problems is the product solving and how is that benefiting you?
For huge applications, you can manage code quality easily, best sync for teams
Great tool but getting developers to adopt in large enterprise is very difficult
What do you like best about the product?
It has great features and is very transparent. It relies on open source community and is overall a good product
What do you dislike about the product?
Ease of use is not that great. The datacenter prouct is not relaiable. Customer support for enterprise product is also that that great. Lot of time they point you to KB article which doesnt always help.
What problems is the product solving and how is that benefiting you?
Reducing code smells and improving overall code quality and security
showing 11 - 20