SonarQube™ packaged by 12 Tech
12 Tech | 1.0Linux/Unix, Amazon Linux Amazon Linux 2 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Great solution, lousy licensing
What do you like best about the product?
Continuous code inspection has a great deal of benefits, from increasing team velocity through first pass code reviews, to reduced maintenance costs. My favorite feature of SonarQube, however, is the IDE integration between SonarQube (server-side) and SonarLint (client-side). By allowing rules / qualify profiles to be centralized, we are able to essentially have a spell-checker for our code, while it is in active development, helping to shift feedback about as far left as it can get.
What do you dislike about the product?
The pricing model is prohibitive as many critical features are found only in higher tiered versions of the application. One in particular is high-availability. Any corporation making SonarQube a part of their delivery pipeline essentially is required to get the highest tiered version of the application to have HA capabilities and boy will it cost you.
What problems is the product solving and how is that benefiting you?
Reduced code review times. Improved readability and maintainability. Helps to educate junior developers with explanation of the violations and examples for how to be in compliance.
- Leave a Comment |
- Mark review as helpful
SonarQube - The go to static code analysis tool
What do you like best about the product?
The ability to run my scans against a default set of code rules (in the free version) or to run it against an organisation wide set of rules (paid versions).
Sonarqube also provides a plugin for IntelliJ which makes it very easy for me to run the static code analysis straight out of my IDE as soon as I make the changes.
The integration with Jenkins also is one of the biggest benefits. Makes the whole process smooth and the ability to add the concept of tollgate makes it a great feature for enterprise applications.
Sonarqube also provides a plugin for IntelliJ which makes it very easy for me to run the static code analysis straight out of my IDE as soon as I make the changes.
The integration with Jenkins also is one of the biggest benefits. Makes the whole process smooth and the ability to add the concept of tollgate makes it a great feature for enterprise applications.
What do you dislike about the product?
Setup can be a bit challenging, considering the latest version requires Java 11 and we had a challenging time setting up the system due to various issues faced with other components not being compatible with Java 11.
What problems is the product solving and how is that benefiting you?
Code Quality Metrics, Static code analysis and bad coding practice detection.
Nice tool for static code analysis
What do you like best about the product?
It is really time saving to complete the development by using Sonar Qube as it will do the static code analysis at initial development phase itself
What do you dislike about the product?
I've used it along with VS Code editor and it seems to be working fine.
What problems is the product solving and how is that benefiting you?
Mainly the problems related to static code analysis.
My opinion about SonarQube
What do you like best about the product?
What I like the most about this program is that it performs a very high-quality analysis of the source code, and this makes the code much more reliable, and also reduces potential errors in the projects that are carried out.
Another thing that I really like is the ability to support different languages, and to that is added the use of characters such as C, C ++, Python and many others.
It is quite adaptable to the needs that are required in terms of quality adjustments, and allows to generate checks and projects that respond effectively to what is required.
Another thing that I really like is the ability to support different languages, and to that is added the use of characters such as C, C ++, Python and many others.
It is quite adaptable to the needs that are required in terms of quality adjustments, and allows to generate checks and projects that respond effectively to what is required.
What do you dislike about the product?
One of the things I dislike about this tool is that it takes a great deal of effort to get everything up and running. Additionally, you need to balance quantity and quality in order to produce low-quality code that is functional.
Likewise, a mechanism that evidences the real quality in the mutation tests is not shown, although numbers appear, these can be modified.
Likewise, a mechanism that evidences the real quality in the mutation tests is not shown, although numbers appear, these can be modified.
What problems is the product solving and how is that benefiting you?
With the help of this program I identify technical problems in the codes I generate, in this way I avoid or reduce vulnerability factors, and in turn reduce errors in the codes.
One of the benefits that seem most outstanding to me is the ability of the tool to track the origin of errors in the codes. Also, the ability to adapt to user specifications, which allows greater customization in projects.
With the help of this program I identify technical problems in the codes that it generated, in this way I avoid or reduce vulnerability factors, and in turn reduce errors in the codes.
One of the benefits that seem most outstanding to me is the ability of the tool to track the origin of errors in the codes. Also, the ability to adapt to user specifications, which allows greater customization in projects.
One of the benefits that seem most outstanding to me is the ability of the tool to track the origin of errors in the codes. Also, the ability to adapt to user specifications, which allows greater customization in projects.
With the help of this program I identify technical problems in the codes that it generated, in this way I avoid or reduce vulnerability factors, and in turn reduce errors in the codes.
One of the benefits that seem most outstanding to me is the ability of the tool to track the origin of errors in the codes. Also, the ability to adapt to user specifications, which allows greater customization in projects.
Recommendations to others considering the product:
It is important when using this tool, take into account that not all IDE codes can be used in SonarQube, so you have to be aware when selecting them. Similarly, the security terms of the code must be taken into account, these could be better.
Very concise analytics tool with good visualization design choices.
What do you like best about the product?
Code smell detection and quality checks! Great feature for bugs and errors as well as integration with Jenkins.
What do you dislike about the product?
It would be nice to have suggestions from team members to the code smells and assign other people to take care of certain bugs/issues
What problems is the product solving and how is that benefiting you?
Have a more robust test suite.
Recommendations to others considering the product:
Keep checking your code for this!
Great for quality check of software
What do you like best about the product?
Sonarqube is used for quality check for the software which is under development . I have found so many bugs , vulnerabilities and code smells using sonarqube and then after I minimized them which improved my code quality. SonarQube is very good.
What do you dislike about the product?
Initial setup for the Sonar Qube is very irritating and troublesome . I got hanged so many times in its setup.
What problems is the product solving and how is that benefiting you?
I have used sonar Qube in many projects of my company. I have minimized so many bugs , vulnerabilities and code smells by finding them using Sonar Qube. It helps me for quality check and refactoring of my code.
A must tool for the code quality i.e. Sonarqube
What do you like best about the product?
These are the below points i love to use it
1) Sonarqube integration to the continuous integration pipelines
2) Graphical viewing & lists the detail description of code bugs, Vulnerability, code smells & time taken to solve the code smells, detecting the duplicate lines & Code coverage
3) integrating the unit test cases to the existing pipelines & reflecting the same in the sonarqube dashboard
4) We have approx 26 tools in the market compare to all i feel like sonarqube is having the most number of pros.
5) In terms of the security features i could see it holds the number one in the market.
6) Integrating the fortifyscan with the sonarqube gives the best result in terms of the security.
7)For the developer it gives the detail description were exactly the code is lacking as per the market standards
1) Sonarqube integration to the continuous integration pipelines
2) Graphical viewing & lists the detail description of code bugs, Vulnerability, code smells & time taken to solve the code smells, detecting the duplicate lines & Code coverage
3) integrating the unit test cases to the existing pipelines & reflecting the same in the sonarqube dashboard
4) We have approx 26 tools in the market compare to all i feel like sonarqube is having the most number of pros.
5) In terms of the security features i could see it holds the number one in the market.
6) Integrating the fortifyscan with the sonarqube gives the best result in terms of the security.
7)For the developer it gives the detail description were exactly the code is lacking as per the market standards
What do you dislike about the product?
The only dislike i have is
When ever developer writes any code they use to have habit to use the #(comment)ing the lines if necessary but sometimes sonarqube will detect those are errors,
When ever developer writes any code they use to have habit to use the #(comment)ing the lines if necessary but sometimes sonarqube will detect those are errors,
What problems is the product solving and how is that benefiting you?
As discussed in the likes especially i like the way it differentiate the code smells, code bugs, vulnerabilities, Time taken to solve the vulnerabilities, Duplicate lines & code coverage
Recommendations to others considering the product:
Folks, As i said there are 26 tools in approx there in the market w.r.t code quality compare to all the other tools were in terms of dashboard, Security, Easiness, Comfort, depicting the change & etc will be observed in the sonarqube, So i strongly recommend this tool for the business needs to get the quality work
Finally i can say if you want quality & security then sonar qube is the best tool in the market
Finally i can say if you want quality & security then sonar qube is the best tool in the market
Code quality and scanning
What do you like best about the product?
Quality gate
Code scanning
Code coverage
Code scanning
Code coverage
What do you dislike about the product?
Integration with quality control testing tools.
What problems is the product solving and how is that benefiting you?
We have successfully implemented Sonar with code scanning , code coverage and finding out the code quality and vulnerabilities associated with the source code.
SonarQube Implementation
What do you like best about the product?
Code Quality , Code Coverage, code scan and code vulnerabilities
What do you dislike about the product?
Integration with testing tools like UTF doesn't cover all the functionalities like a Standalone Sonar.
What problems is the product solving and how is that benefiting you?
Implementing SonarQube to figure out the quality gate, code coverage, code scan and code vulnerabilities.
Recommendations to others considering the product:
Integrates greatly with CI server like Cloudbees and Jenkins along with version control and testing tool like UFT.
The only tool that stands talls in Code Quality Management
What do you like best about the product?
1. Wide range of Code Metrics
2. Customizations on Quality Profiles / Gates, Rules
3. Great Auditing and Trending capabilities
4. Good number of languages covered in OSS version
2. Customizations on Quality Profiles / Gates, Rules
3. Great Auditing and Trending capabilities
4. Good number of languages covered in OSS version
What do you dislike about the product?
1. Lot of features being shifted across OSS and Paid versions creates a great confusion in terms of version upgrades. For instance branch / Portfolio version was introduced in OSS 6.7.4 and then moved to Enterprise version in later releases.
2. Need a clear path for the features that would be provided in OSS vs Enterprise variations.
3. Need better alignment with the new generation Code Configuration tools like GIT.
4. Portfolio management capabilities pivot data always around "master" branch. Tool should be flexible to aggregate data around any branch of development.
5. More fine grained Access Control.
6. Leak period feature is a little confusing to understand
2. Need a clear path for the features that would be provided in OSS vs Enterprise variations.
3. Need better alignment with the new generation Code Configuration tools like GIT.
4. Portfolio management capabilities pivot data always around "master" branch. Tool should be flexible to aggregate data around any branch of development.
5. More fine grained Access Control.
6. Leak period feature is a little confusing to understand
What problems is the product solving and how is that benefiting you?
Static Code Quality Scans
Code Coverage checks
Quality Gating
Code Quality Monitoring / Dashboarding
Code Coverage checks
Quality Gating
Code Quality Monitoring / Dashboarding
Recommendations to others considering the product:
Invest to integrated Static scans in your DevOps lifecycle are minimal while the Benefits achieved are multifold.
showing 61 - 70