SonarQube™ packaged by 12 Tech
12 Tech | 1.0Linux/Unix, Amazon Linux Amazon Linux 2 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Elevate the quality of code with ease!
What do you like best about the product?
Runs complex static code analysis rules to help elevate the quality of code and promote a more clean, better secure, and optimized version of the code achieved ahead of the production release.
What do you dislike about the product?
A good amount of time is required to integrate the Sonarqube in CI/CD Pipelines and may need even more time if the developer is relatively newer. The available guide should have more real-time solutions, so it is pretty quick to resolve issues and complete the integration.
What problems is the product solving and how is that benefiting you?
This tool helps to catch unusual code vulnerabilities/bugs using various complex level analytics and ultimately help prevent a deteriorated version of the code from being introduced to the end-users. Overall it also helps to increase the velocity of the code by reducing the technical debt being piled up and generating a clean, maintainable, and optimized version of the code.
- Leave a Comment |
- Mark review as helpful
SonarQube: Great tool for Code Quality
What do you like best about the product?
1. Open SOurce tool for code quality check
2. Easy to install on various OS and can be used as a Docker container
3. Supports multiple common programming languages
4. Easy to implement in CI pipelines
2. Easy to install on various OS and can be used as a Docker container
3. Supports multiple common programming languages
4. Easy to implement in CI pipelines
What do you dislike about the product?
1. Requires to self-host for the community version
2. PDF report generation available only in the enterprise version
3. UI is very outdated in comparison to other tools in the market
4. IaC scanning is missing in the community version
2. PDF report generation available only in the enterprise version
3. UI is very outdated in comparison to other tools in the market
4. IaC scanning is missing in the community version
What problems is the product solving and how is that benefiting you?
We were looking for a tool to check the Code Quality which we can add to our CI pipelines. Now we are using SonarQube and getting the reports on the dashboard after every code commot.
An ok static analyzer
What do you like best about the product?
Sonarqube shows us how well programmers are adhering to the rules of code and does that admirably. Also, it does show CWEs, unnecessary code duplication, and code smells, which is a great addition.
What do you dislike about the product?
This tool is not in the same league as Synopsis Coverity as it does not analyze the code for a potential null pointer or buffer overflow errors in the execution tree. Additionally, it does not detect any threading race conditions like Coverity.
What problems is the product solving and how is that benefiting you?
Best practices in coding, style adherence, flag CWEs, reduce duplications of code, on all levels, java, c++.
Best tools for Continuous PR reviewing and code checking.
What do you like best about the product?
It provides reasons as to why a particular code is marked for review.
Issues generated can be assigned in bulk to a user in GitHub and tracked accordingly.
Thus making it the best tool for code quality.
Issues generated can be assigned in bulk to a user in GitHub and tracked accordingly.
Thus making it the best tool for code quality.
What do you dislike about the product?
Sonarlint is a minor tool used by sonarqube that runs in background could be in sync with the vscode(other similar IDE) - Most awaited feature.
If this feaure is implemented then there won't be hassle to switch between IDE and Sonarqube server.
If this feaure is implemented then there won't be hassle to switch between IDE and Sonarqube server.
What problems is the product solving and how is that benefiting you?
Below is the list of problems that we previously faced and are solved by Sonarqube:
1. Code reviews - (along with creation/assigning of issues)
2. Security issues - (With resolution)
3. Technical Debt calculator
1. Code reviews - (along with creation/assigning of issues)
2. Security issues - (With resolution)
3. Technical Debt calculator
Recommendations to others considering the product:
Best to consider this tool only if the size of your team is above 10. For groups below 10, it is recommended to use the community version or integrate Sonarlint with IDE(free to use).
It is recommended to be used by the team lead esp for the management of technical debts and security concerns.
It is recommended to be used by the team lead esp for the management of technical debts and security concerns.
Best Tool For Code Testing
What do you like best about the product?
SonarQube gives the platform for QA to test the quality of code. SonarQube accepts many languages for testing the code. It generates the testing code report and shows all the loopholes in the code.
What do you dislike about the product?
There is nothing to say major bug in SonarQube, but one thing is that when we integrate SonarQube to Jenkins, it's complicated to combine both because it's not a localhost URL. We must provide an instance IP address.
What problems is the product solving and how is that benefiting you?
I'm a QA, I will test UI and functionality for any software, but when we try to code, it's challenging; SonarQube provides the best way to test the code and find the bugs on any software code.
To Maintain Quality Of the Codebase
What do you like best about the product?
SonarQube is the real troubleshooter for a software developer. Sonarqube is really helpful to maintain the code quality of the code and also to maintain the code coverage. With the help of its preconfigured rules for specific languages, you will be able to write high-quality and bug-free code. It is also helping us with our project audits which clearly and loudly shows the audit people that we are indeed maintaining the project's code quality.
What do you dislike about the product?
The biggest headache of the sonarQube is that if you are planning to use it for the code coverage purpose of your test cases, you have to configure a 3rd party plugin like JaCoCo in the case of Java which is an extra thing for configuration. The biggest headache of the sonarQube is that if you are planning to use it for the code coverage purpose of your test cases, you have to configure a 3rd party plugin like JaCoCo in the case of Java which is an extra thing for configuration. Once you write the code in java and expecting your sonarqube to show code coverage of your applications testcases you have to configure the plugin.
What problems is the product solving and how is that benefiting you?
Sonarqube is helpful to maintain the code quality of the code and also to maintain the code coverage. With the help of its preconfigured rules for specific languages, you will be able to write high-quality and bug-free code. About the benefits I would say it helped to maintain our project code quality to a topmost level with the help of Sonar developer can quickly identify their mistakes and correct it and also learn the coding standards to maintain the code conventions which is very good in the case of the new learners/ beginners for the professionals of the specific language.
Recommendations to others considering the product:
Yes I would definitely recommend this to use it to every developer infact I would say we don't have a better option than this. It will help you in learning code conventions, maintaining code quality and also code coverage.
SonarQube - Perfect tool to enhance code quality
What do you like best about the product?
SonarQube offers the best functionality to manage your code quality by making it bug-free, in results it improves code security as well
What do you dislike about the product?
As SonarQube shows perfect errors in code with line number as well there is nothing missing or about dislike in it.
What problems is the product solving and how is that benefiting you?
We can improve code quality, we can make it bug free
One of the most helpful tool to get the Perfect code coverage and improving coding standards
What do you like best about the product?
The best thing is the code smell detected by the sonarqube and it also indicates if there is any code vulnerability.
What do you dislike about the product?
It would be good if there is any way to download the report and share it with teams.
What problems is the product solving and how is that benefiting you?
We look at the test case coverage and try to increase the coding standard with the help of Sonarqube.
Recommendations to others considering the product:
This is the best tool to check the Test case coverage and detect any security hole/ code smell in the application. The suggestions given by the sonarqube highly help to increase the coding standard.
Code Analysis by Sonar
What do you like best about the product?
Scanning the source code is a basic requirement to identify the gaps. Sonar does it very efficiently and also you can create your own custom rules and quality gates. It provides you all the info about code coverage, bugs, reliability , vulnerability, code smells etc that you can fix and make sure a issue free code delivery. It has good ui for the reports to analyze and can send automated notifications to subscribers on each scans. It also can be easily integrated with CI pipeline to make it more effective and improve the over code quality
What do you dislike about the product?
Setup of project to scan the codes and cost issues due to branching - it used to consider each branch code as a separate repo which was fixed in one of the recent release so the only issue is cost
What problems is the product solving and how is that benefiting you?
Scanning code as part of CI pipeline in an automated way and send notification to stakeholders. Since we use multiple technologies we needed something that can support across tech stack and in an automated manner
Really about the Cloud.
What do you like best about the product?
It's super easy to connect to your organization and get started.
Allows for the flexibility of authentication to use GitHub or other authentication mechanisms.
You can choose to do all of your repos or just select ones.
Has more advanced features that you can integrate with as you gain experience with (and clean up your house) such as using it as a pass/fail during pull or merges, checking for code coverage etc.
Allows for the flexibility of authentication to use GitHub or other authentication mechanisms.
You can choose to do all of your repos or just select ones.
Has more advanced features that you can integrate with as you gain experience with (and clean up your house) such as using it as a pass/fail during pull or merges, checking for code coverage etc.
What do you dislike about the product?
Some of the navigation is a bit confusing and they could still improve how branches are handled and make it simpler to use in that regard.
What problems is the product solving and how is that benefiting you?
Showing security compliance with OWAP top 25, Code coverage, Code complexity. Allows us to focus in on trouble spots in our code.
showing 51 - 60