SonarQube Community Edition for Red Hat Enterprise Linux 8 with support
Kurian | 10.1.0-20230831Linux/Unix, Red Hat Enterprise Linux 8.8 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Great tool for Code Quality Analysis
What do you like best about the product?
SonarQube helps me in showing the issues in the code while developing itself. Many times it showed me the security related issues thus helps a lot in my day to day development.
What do you dislike about the product?
Sometimes, you want to go for a specific piece of code that is not correct analysed by sonarqube. In such cases you have no option incase you have sonar checked enabled in your project.
What problems is the product solving and how is that benefiting you?
SonarQube is a great tool that provides solutions to maintaining the code quality and standards. I helps a lot in my development by highlighting the issues and also suggest fix to them.
- Leave a Comment |
- Mark review as helpful
An automated QA - SonarQube
What do you like best about the product?
I have used this as AMI in my AWS environment for this version of the React application and found it to be fond of worthy. This integrated approach helped save time tha manual work.
What do you dislike about the product?
Working in the AWS environment itself has cost factors involved I find this smooth integration I found it to be worthwhile but got to pay as well for using it apart from aws service cost.
What problems is the product solving and how is that benefiting you?
I got to use it for enhanced security as it is a concern for the React application to be and I found it to be useful the direction and extensive information which Sonarqube provided and the best part is integration with the pipeline In CICD for the further future changes. Because AMI access at port resulted in time-saving also. Worthy enough!
Code Review Tool For SonarQube
What do you like best about the product?
it shows review comments as per rule selection which help to avoid security scan
What do you dislike about the product?
Too many rules for selection hence it is complex for selection
What problems is the product solving and how is that benefiting you?
code review comments
Code quality at its max
What do you like best about the product?
Compatible with all operating systems and technology languages. Easy to
Configure and reporting helps bringing team maturity and value delivery to customers.
Configure and reporting helps bringing team maturity and value delivery to customers.
What do you dislike about the product?
Few aspects on shell script and other niche are not covered well.
What problems is the product solving and how is that benefiting you?
Consistency in coding by team of developers is helping maintaining code quality and documentation. This enabling faster to market product delivery
Very good code quality tool for enterprise applications.
What do you like best about the product?
1. Supported plugins to multiple IDEs, Easy integration with GitLab etc.
2. Easy to add custom rules as needed for the project requirements.
2. Easy to add custom rules as needed for the project requirements.
What do you dislike about the product?
May be a free version for a limited period of time to the developers would give good market value.
What problems is the product solving and how is that benefiting you?
* Easy identification of boilerplate code.
* Create custom rules for what we needed for the projects.
* Speed and ability to integrate with several tools.
* Create custom rules for what we needed for the projects.
* Speed and ability to integrate with several tools.
SonarQube: Best Community Tool for Code Quality
What do you like best about the product?
1. It can be self-host on-prem or can be hosted in the cloud with the help pre-configured OS image
2. Can be easily integrated with any CICD pipeline with help of inline scan command or docker-cli scan
2. Can be easily integrated with any CICD pipeline with help of inline scan command or docker-cli scan
What do you dislike about the product?
1. It supports only static scan which always forces us to use some other tool with dynamic scanning support
2. For now scanning is available for some common languages, I am expecting the support of IaC scan in future updates
2. For now scanning is available for some common languages, I am expecting the support of IaC scan in future updates
What problems is the product solving and how is that benefiting you?
We are working on multiple projects where checking the code quality can be very tedious, With SoanrQube we can get the report on the SonarQube dashboard after every commit and improve the code in the next release.
Decent tool that helped us achieve shiftleft to an extent..!
What do you like best about the product?
Offered features helped us to deliver bug free code with quality. Customisations like quality gates and many other helped us take baby steps in improving the standards in one of our legacy application.
What do you dislike about the product?
Looking at the history of this tool, it is offering much better in the recent past but still a lot to do to catch up with modern tools who are offering features to catch runtime issues.
What problems is the product solving and how is that benefiting you?
As I mentioned in my title and other notes sections, offered features helped us achieve shiftleft to an extent by finding quality gaps in early days of the software development lifecycle.
SonarQube - Best tool for CI/CD integrations for detecting security vulnerabilities
What do you like best about the product?
Sonarqube standalone helps detect security vulnerabilities and various bugs via integrations on CI/CD pipeline to ensure 100% code control. The preconfigured apps via support system ( Kurian ) helps make wholesome management easy to go like - Jenkins, CMS, DB support, Ansible, and many others, making DevOps job easy. It's also cost-effective so you just need to pick the EC2 instance as per your requirements, and game is on !!
What do you dislike about the product?
While going through the automated test cases, If dynamic injection of support is obtained then the whole experience would be much more beneficial from QA perspective.
What problems is the product solving and how is that benefiting you?
The ability and agileness is the integration ability and gets various outputs in various formats. Categories DevSecOps, static code analysis, SAST, and developer workflow integration is a boon to app integration.
Recommendations to others considering the product:
To help team have control 100% of code coverage, bugs and other analysis with supports, Sonarqube helps detect security vulnerabilities via integrations on CI/CD pipeline to ensure 100% code control
One of the best tools to improve code quality and code security
What do you like best about the product?
Quick informative and easy to understand dashboards and reports and best part the security concerns
It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis.
It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis.
What do you dislike about the product?
SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing
What problems is the product solving and how is that benefiting you?
The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes
A very useful product
What do you like best about the product?
The recommendations are very usefull, identifies problem areas and helps manage large code bases. Scores can estimate the quality of the code
What do you dislike about the product?
sometimes the recommendations are useless, does not help in any meaningful way and makes development mone tedious. However, this is not the case most of the time
What problems is the product solving and how is that benefiting you?
keeping the codebase tidy and identifying possible security issues or problem areas.
showing 1 - 10