Sign in
Sign in
or
Create a new account
Categories
Your Saved List Partners Sell in AWS Marketplace Amazon Web Services Home Help

SonarQube(TM) packaged by Bitnami

Bitnami by VMware | 9.9.0-5-r08 on Debian 11

Linux/Unix, Debian 11 - 64-bit Amazon Machine Image (AMI)

Reviews from AWS Marketplace

1 AWS reviews
  • 5 star
    1
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

48 reviews
from G2

External reviews are not included in the AWS star rating for the product.

    Benoît F.

Lightweight statis code analysis tool

  • March 17, 2023
  • Review verified by G2

What do you like best about the product?
Is very responsible and light. Quickly report issues in code
What do you dislike about the product?
Requires a certain level of knowledge (ex: CI-CD / pipeline). Cannot be implemented by security teams without assistance from the developer teams.
What problems is the product solving and how is that benefiting you?
Helps applying best practices in coding. Is a complement to our dynamic app scanning tools.

    Sourabh G.

Sonar Qube - great tool for code scan and quality

  • September 16, 2022
  • Review provided by G2

What do you like best about the product?
It provides multiple options to track vulnerabilities, code coverage etc.
What do you dislike about the product?
New next-gen better code scan tools are available in the market, and sonar has not been upgraded with new features for many years.
What problems is the product solving and how is that benefiting you?
We use sonar qube to track coverage and run style check etc in pipelines, it helps in track us code quality.

    Information Technology and Services

Best tool to found code issues.

  • August 03, 2022
  • Review verified by G2

What do you like best about the product?
Help to avoid some runtime error.
Helps to found some code bugs,coverage, blockers, smell,etc
Easy to configure.
What do you dislike about the product?
Take to long time to update the latest report
What problems is the product solving and how is that benefiting you?
Helps to found some code bugs,coverage, blockers, smell,etc.
Can implement with Jenkins too.
Code review is too easy

    Tigran M.

SonarQube for checking code quality

  • July 20, 2022
  • Review provided by G2

What do you like best about the product?
Sonarqube it's an open-source application, that you can run on your server and with that tool you can check your code quality, and fined which part is tested and which one is not
What do you dislike about the product?
It's the first time it's hard to configure, you need some platform for deployment, ex Docker, wich need to run the sonarQube server and after that you can use it
What problems is the product solving and how is that benefiting you?
It help developer to understand which part of their code is tested and which part is closed, it's need for checking the code quality, and can be use with some testing tools

    Sachin S.

Great Tool for code Analysis

  • July 06, 2022
  • Review provided by G2

What do you like best about the product?
As a DevOps team, we are managing and offering this tool to different teams within the organisation. Its seamlessly easy integration with other tool CI/CD tools such as Jenkins, and Azure DevOps Services is very useful. By which we can easily Analyze code in Sonarqube based on the predefined rules setup in the quality gate and quality profile. After analysis, we will get a detailed overview of the vulnerabilities, security hotspots, bugs and other parameters. We can review those parameters and work on the fixes. In this way, it improves the code quality.
What do you dislike about the product?
We are using the Sonarqube Enterprise version we do sometimes face issues while getting additional help from the Sonarqube. If we have to check code coverage of the test case of Java language we need to rely on a third-party plugin like Jacoco. Apart from these, we didn't encounter many issues so far.
What problems is the product solving and how is that benefiting you?
Being in DevOps teams are offering Sonarqube to our end customers. Sonarqube helps to analyze code and review the vulnerabilities, security hotspots and bugs along with other parameters. We have integrated with CI/CD tools. Once a Pull request is done on the master branch Sonaranlysis began if it passes the standards as defined in the quality gate and quality profile only merge will otherwise it will block it. In this way, we are ensuring developers follow good practices of coding and review their code against common vulnerabilities.

    Piyushkumar R.

Nice tool to get your Code and Coding skills right!!

  • March 27, 2022
  • Review provided by G2

What do you like best about the product?
Sonar Qube provides suggestions on Coding standard violations and helps us to improve the Code quality. It categorizes coding issues while compiling code in Major, Minor, Critical etc so we can fix it and improve. It also provides us to track and assign issues. I improved my coding skills somewhat using this tool's suggestion.
What do you dislike about the product?
Sometimes we get warnings for legitimate issues but that is fine as this tool provides suppress issue functionality.
What problems is the product solving and how is that benefiting you?
Improved Coding standard and code quality. Make code efficient. remove redundant code.

    Information Services

Comlex to integrate with cloud applications

  • March 25, 2022
  • Review provided by G2

What do you like best about the product?
Detailed report about the vulnerabilities and clear indication with expected time it will take to resolve the issues
What do you dislike about the product?
Complex integration with cloud applications and IDE's plugins
What problems is the product solving and how is that benefiting you?
Code coverage and vulnerabilities in code

    Sarath N.

Protects my application from vulnerable code and libs

  • March 11, 2022
  • Review provided by G2

What do you like best about the product?
Development perspective it
1. checks the library that I am using whether it's outdated or it's vulnerable.
2. Checks my code coverage if I go ace any code that does not have any tests to validate
3. Checks it my code smells (like unwanted statements, unused imports etc)
From testing perspective
4. Checks my code if that smells
5. Checks and inform Jenkins dsl pipeline if that job is success or failed
What do you dislike about the product?
Configuration to suppress some of the components should have been bit easier I.e kind of plug and play. In this way we should be able to manage what components that suits my app or test code needs
What problems is the product solving and how is that benefiting you?
We where using Jenkins on a descriptive pipeline (CI) to run our automation suite and there is a restriction that we should run our suite only in docker slave container instead of master. Since we are calling a shell script in Jenkins which always sends 200 for job status even if some tests failed this is giving me false positive as the pipeline is always green actually it should be RED. When we integrate SonarQube inside our container we were able to distinguish the failed tests thereby failing the Jenkins job and provide a positive feedback with our tests. This helps us in delivering a quality product to Custer rather a defective one

    Financial Services

Helps us in maintaining the coding standards and avoid security risk code

  • March 08, 2022
  • Review provided by G2

What do you like best about the product?
The way it analyzes all the code written and provides the violations of standard coding helps us optimize the written code ensuring the minimal number of lines are written to cover the functionality effectively. It has a beautiful user interface where the violations are categorized into different groups ranging from minor to major and involve resolving the unnecessary complexity of the code.It also helps us in removing the duplicate code which has been used multiple times and maintaining the standards in methods.
What do you dislike about the product?
At times I find the blocker during the times of emergency code deployment where it doesn't allow the code to be checked-in to the repository unless the violations are fixed, which should enable the user to bypass the number of lines that should be part of the written method. The build failure messages which is triggered to the group when the coding violation occurs
What problems is the product solving and how is that benefiting you?
Code analysis and minimizing the violations of the code and ensure the complexity of the code is resolved and meets the industry standards and run the health report in every code check-in to the repository to ensure the coding violations are minimal, removal of duplicate methods or code and empty methods and ensure we have a plan in place with regards to the specified format.

    Pranay J.

SonarQube: Continuous Code Quality & Code Security

  • January 31, 2022
  • Review verified by G2

What do you like best about the product?
I'm using SonarQube for almost 5 years now, it's an open-source tool that can be self-host in the cloud or on-prem or can be run inside a docker container. It's backed by a large community and they are updating it continuously from both features and capability wise.
What do you dislike about the product?
It's a legacy tool but I would like to see some UI changes as it's not up to mark as compared to the other modern tools like GitGuardian and Snyk. Creating custom rules can be very tricky sometimes. There should be some kind of repository for keeping and sharing the rules.
What problems is the product solving and how is that benefiting you?
We use SonarQube for checking the quality of every piece of code written by our team. We have SonarQube running on cloud-based server where our team can go and check the quality of their code.

showing 1 - 10