SonarQube™ packaged by 12 Tech
12 Tech | 1.0Linux/Unix, Amazon Linux Amazon Linux 2 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Exceptional
What do you like best about the product?
Great way to measure quality and ensure all new dev meets expected quality standards.
What do you dislike about the product?
Pricing is a little too expensive - we need local pricing tiers.
What problems is the product solving and how is that benefiting you?
We know exactly what standard code is at when it merges into our main branch.
Shift testing left into the IDE with SonarLint
Shift testing left into the IDE with SonarLint
- Leave a Comment |
- Mark review as helpful
Deeper insights into code quality
What do you like best about the product?
Automated Pullrequest decoration for quick insights into new code.
What do you dislike about the product?
Onboarding of new GitHub Actions was difficult - I believe however, that this flow has been vastly improved since then.
What problems is the product solving and how is that benefiting you?
Automated validating of simple errors, that are caught in static analysis, to ease load off other developers.
Sonarqube is a great tool for monitoring codebases.
What do you like best about the product?
Quick, easy way to see major issues with code, duplications, security issues, etc. Easy to setup and maintain. Support has been very quick and helpful when I have needed them.
What do you dislike about the product?
While it supports a decent ammount of prgoramming languages, it definitely doesn't support all of them. Specifically Dart projects in Flutter which we use for mobile app developement (though apparently there are plans to add it in the future).
What problems is the product solving and how is that benefiting you?
It helps us to make sure we are not duplicating code, using depricated libraries and methodes, and helps to identify any security issues.
SonarQube Review
What do you like best about the product?
It's very easy to use and the customer support is fantastic. Very easy to integrate with other tools like TeamCity.
What do you dislike about the product?
Nothing in special we dislike about the product.
What problems is the product solving and how is that benefiting you?
We have been using sonar for Statis code analysis.
Best performance/cost SAST tooling
What do you like best about the product?
- We are using a self hosted SonarQube server - hosting and upgrading our instance is a relatively painless process. The online documentation is clear and easy to follow
- The SonarQube scanner integrated easily into our existing Bitbucket and Cloud Build CI/CDs
- When comparing the findings with other SAST tooling, out-of-the-box SonarQube analysis had a low false positive rate, yet found extensive legitimate security/code quality issues
- Very happy with the speed of analysis, completes in only a few minutes on large repos (an order of magnitude faster than certain other SAST services)
- Surprised that language support is actually slightly better than documented - we were able to sucessfully analyze projects with older versions of .NET framework (4.5 and 4.0) than indicated in the documenation
- The triage and review process is easy for individual teams to execute on a regular basis
- The WEB API is well documented and enabled automating steps around user maintenance
- Bitbucket OAuth worked seamlesses to onboard users
- Installing additional plugins is also easy - we use Dependency-Check to add SCA to projects
- Bug fixes and features added to each new release are well documented, I appreciate being able to review all changes on the sonarsource atlassian page (and not just rely on the high-level marketing notes)
- The SonarQube scanner integrated easily into our existing Bitbucket and Cloud Build CI/CDs
- When comparing the findings with other SAST tooling, out-of-the-box SonarQube analysis had a low false positive rate, yet found extensive legitimate security/code quality issues
- Very happy with the speed of analysis, completes in only a few minutes on large repos (an order of magnitude faster than certain other SAST services)
- Surprised that language support is actually slightly better than documented - we were able to sucessfully analyze projects with older versions of .NET framework (4.5 and 4.0) than indicated in the documenation
- The triage and review process is easy for individual teams to execute on a regular basis
- The WEB API is well documented and enabled automating steps around user maintenance
- Bitbucket OAuth worked seamlesses to onboard users
- Installing additional plugins is also easy - we use Dependency-Check to add SCA to projects
- Bug fixes and features added to each new release are well documented, I appreciate being able to review all changes on the sonarsource atlassian page (and not just rely on the high-level marketing notes)
What do you dislike about the product?
- While SonarQube is a SAST tool, better support for SCA would be beneficial. The Dependency-Check plugn does not integrate well into the existing triage/remediation process.
- Other tooling does a better job of proving a high level overview of users and their productivity, ie. # of assigned open issues by engineer, # of fixed issues by engineer, etc.
- Other tooling does a better job of proving a high level overview of users and their productivity, ie. # of assigned open issues by engineer, # of fixed issues by engineer, etc.
What problems is the product solving and how is that benefiting you?
SonarQube enables us to perform code and security analysis and comply with our internal security procedures, with clear visibilty into the process via it's clean dashboards. SonarQube's bug and code smell detection has also reduced our technical debt and improved overall codebae quality.
Simple to set up, use, and provides useful feedback on code quality
What do you like best about the product?
- The basic setup (automated analysis) is as simple as it gets to integrate with GitHub and supported languages
- The language-specific rules are of good quality and we rarely encounter false positives
- The overview it provides of the code quality trends is particularly nice
- The language-specific rules are of good quality and we rarely encounter false positives
- The overview it provides of the code quality trends is particularly nice
What do you dislike about the product?
- Manual setup could be documented better (it is not always fully clear which properties you need to define and why)
- There is no way to manually trigger an analysis with an automated analysis setup, which is sometimes necessary as the GitHub application "bugs out" and doesn't provide an analysis
- There is no way to manually trigger an analysis with an automated analysis setup, which is sometimes necessary as the GitHub application "bugs out" and doesn't provide an analysis
What problems is the product solving and how is that benefiting you?
It is generally difficult to track code quality across different projects, and SonarQube offers a simple way with not much additional overhead to track and analyse code quality for each project.
SonarQube: Help Developers to accelerate their productivity
What do you like best about the product?
Using SonarQube transformed our development process by providing comprehensive code analysis. it identified and flagged code smells, bugs and security vulnerabilities enabling our team to address them early in the development cycle
What do you dislike about the product?
Difficult to integrate with. Low integration with other ecosystem especialy with Kubernetes/Openshift.
What problems is the product solving and how is that benefiting you?
code analysis
SonarQube as part of SDLC
What do you like best about the product?
The tool is really good for Static Code Analysis - detecting bugs, vulnerabilities and code smells. CI/CD pipeline integrations are really usesfull and cruical as part of the SDLC. Another great feature is the custom rules - for the advanced users. Apart from theese things - combination with SonarLint is great!
Last but not least eveyone can start with the free version and check if it will match their way of working - which is not available for many other tools!
Last but not least eveyone can start with the free version and check if it will match their way of working - which is not available for many other tools!
What do you dislike about the product?
It would be great if there is better dependencies report!
What problems is the product solving and how is that benefiting you?
It's part of our Secure code review!
Sonar qube
What do you like best about the product?
If you don't have much budget to go for sast products, it's good to go for this product, it's good and provides most of the best practices.
What do you dislike about the product?
It's not easy to integrate with cicd pipeline also you might not get very frequent or recent security recommendation like the commercial products.
What problems is the product solving and how is that benefiting you?
If you don't have much budget to go for sast products, it's good to go for this product, it's good and provides most of the best practices.
Awesome tool for integrated static code analysis along with code smells
What do you like best about the product?
Amazing user interface, fast learning curve, faster installation and deployment, good customer support, security scanning features and code smells
What do you dislike about the product?
lacks in good graphs and reports generations, not very easy to customize the reports and export them, webAPI is not value for money
What problems is the product solving and how is that benefiting you?
Helps in fiding the vulnerabilities in our products and give early detection,. Its able to intergrate well with all our build chain.
showing 21 - 30