10 SonarQube Community Edition for Red Hat Enterprise Linux 8 with support Reviews
I have used this as AMI in my AWS environment for this version of the React application and found it to be fond of worthy. This integrated approach helped save time tha manual work. Review collected by and hosted on G2.com.
Working in the AWS environment itself has cost factors involved I find this smooth integration I found it to be worthwhile but got to pay as well for using it apart from aws service cost. Review collected by and hosted on G2.com.
SonarQube helps me in showing the issues in the code while developing itself. Many times it showed me the security related issues thus helps a lot in my day to day development. Review collected by and hosted on G2.com.
Sometimes, you want to go for a specific piece of code that is not correct analysed by sonarqube. In such cases you have no option incase you have sonar checked enabled in your project. Review collected by and hosted on G2.com.
Sonarqube standalone helps detect security vulnerabilities and various bugs via integrations on CI/CD pipeline to ensure 100% code control. The preconfigured apps via support system ( Kurian ) helps make wholesome management easy to go like - Jenkins, CMS, DB support, Ansible, and many others, making DevOps job easy. It's also cost-effective so you just need to pick the EC2 instance as per your requirements, and game is on !! Review collected by and hosted on G2.com.
While going through the automated test cases, If dynamic injection of support is obtained then the whole experience would be much more beneficial from QA perspective. Review collected by and hosted on G2.com.
1. It can be self-host on-prem or can be hosted in the cloud with the help pre-configured OS image
2. Can be easily integrated with any CICD pipeline with help of inline scan command or docker-cli scan Review collected by and hosted on G2.com.
1. It supports only static scan which always forces us to use some other tool with dynamic scanning support
2. For now scanning is available for some common languages, I am expecting the support of IaC scan in future updates Review collected by and hosted on G2.com.
Quick informative and easy to understand dashboards and reports and best part the security concerns
It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis. Review collected by and hosted on G2.com.
SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing Review collected by and hosted on G2.com.
1. Supported plugins to multiple IDEs, Easy integration with GitLab etc.
2. Easy to add custom rules as needed for the project requirements. Review collected by and hosted on G2.com.
May be a free version for a limited period of time to the developers would give good market value. Review collected by and hosted on G2.com.
Offered features helped us to deliver bug free code with quality. Customisations like quality gates and many other helped us take baby steps in improving the standards in one of our legacy application. Review collected by and hosted on G2.com.
Looking at the history of this tool, it is offering much better in the recent past but still a lot to do to catch up with modern tools who are offering features to catch runtime issues. Review collected by and hosted on G2.com.
it shows review comments as per rule selection which help to avoid security scan Review collected by and hosted on G2.com.
Too many rules for selection hence it is complex for selection Review collected by and hosted on G2.com.
Compatible with all operating systems and technology languages. Easy to
Configure and reporting helps bringing team maturity and value delivery to customers. Review collected by and hosted on G2.com.
Few aspects on shell script and other niche are not covered well. Review collected by and hosted on G2.com.
The recommendations are very usefull, identifies problem areas and helps manage large code bases. Scores can estimate the quality of the code Review collected by and hosted on G2.com.
sometimes the recommendations are useless, does not help in any meaningful way and makes development mone tedious. However, this is not the case most of the time Review collected by and hosted on G2.com.
