SonarQube

Avantages

The main feature of SonarQube is that it detects code complexities within the code so that the developer can optimize it. It also detects accessibility and security issues; code smells and suggests changes.

Inconvénients

It is a bit difficult to integrate with existing services and the quality checks may also conflict with other integrations.

Avantages

SonarQube provides important metrics such as code smells, bugs, vulnerabilities, and code coverage. Easy integration with CI/CD tools.

Inconvénients

SonarQube may produce false positives, as with any static analysis tool.

Avantages

This is very good and user friendly application.

Inconvénients

As such i didn't found any con for this application.

Avantages

Easily add source code analysis for potential bugs and pitfalls to warrant against developers' errors or just not efficient coding by novices, projects dependencies on vulnerable platforms and potential long-term support issues due to how your code is structured. Simple deployment of binaries needed for scans for major target build environments OSes, plus easy to use APIs, all for the benefit of easy integration into CI/CD pipelines.

Inconvénients

Caps and limits on key server instance component required when obtaining config for project and preset rules, when sending analysis results or getting quality gate results may make the pipelines seem to fail without easier discerning real reasons.

Avantages

1. Calculate the quality of code and also helps to improve the quality by providing the solution
2. Highlight the vulnerabilities , repetitive line of code
3. Developer Friendly tool as it provides recommendations on the line of code which needs an improvement.
4. Create Scan reports on demand
5. Option to add exception in code

Inconvénients

1. Report Generation sometime take long time.
2. User Interface should be enhanced.
3. Lack custom rule set
4. As per cost, it is little bit expensive.

Alternatives envisagées 

Pourquoi choisir SonarQube 

Avantages

I like sonarqube dashboard and the flexibility that quality gates provide to measure your software quality. You can set up you own thresholds for maintenance, reliability, security, code coverage and many other metrics, and allow only versions passing this quality gate to be deployed.

Inconvénients

Unfortunately it lacks an easy way to see trends and go deep into which developers are the best/the worst. Also, it is paid if you need to analyse software in some languages, available only on the cloud.

Alternatives envisagées 

Logiciel antérieur 

Avantages

Sonarqube allows anyone to run a scan for code smells, bugs or vulnerabilities. There is no reason not to use it or integrate it into your CI/CD pipelines. Even if you do not enforce passing the quality gate, it helps a lot in tracking and highlighting where are your weaknesses. Code duplication and Code coverage are very useful tools to understand the overall quality of your development.

Inconvénients

It is hard to view historic data, and once you run a new analysis you cannot see the previous ones anymore from the same unified dashboard, you have to enter into each metric and check the history link. Please bring back the history dashboard from sonar 5!

Alternatives envisagées 

Avantages

Great knowledgebase in understanding the bugs and vulnerabilities and fixing them. Highly informational dashboard and tools to filter huge amount of repos.

Inconvénients

Customizing rules are difficult. Certain times they will catch comments and rule engine still needs tweaking

Avantages

Static code analysis, support for Java, .Net, JavaScript, typescript, html, CSS, etc. Helps you set custom quality gates and rules as well

Inconvénients

Community version does not support high availability. You need to pay for this feature, would have preferred it to be free. Tools upgrade process can be improved as we have to take down the tool instance.

Avantages

it allows us to correct the grammatically wrong code , unused imports ,variables etc. It Helps us to optimize the code with the rules specified for that project. Allows us to remove the duplicate code as well.

Inconvénients

Integration with visual studio code and binding with project is tad difficult . Duplicate code block appears only after the build , so we have to wait till the build is completed to view whether any duplicate is present in our code.

Avantages

The vulnerability scans that it uses encompasses a lot of languages. It also has ability where user can define custom profiles and rules. Dashboards created are easy to use and decipher.

Inconvénients

Technical support is very expensive and need to use their community forums to get support.

Avantages

All the vulnerabilities and possible exceptions are flagged which becomes easy for developer. Rules can be customized as per the requirement. Provides the examples of compliant and non-compliant code.

Inconvénients

Sometimes there are false positive issues

Avantages

The best feature I liked about this tool is it even suggests relevant code be changed. So just a copy-paste will do the job. Less time consuming

Inconvénients

Initial setup. Have to setup multiple items separately. Would have been good if it was a complete installation as a EXE

Avantages

Deployment Features and the ease of access

Inconvénients

Customer support sometimes get delayed

Avantages

The tool that got us better code. The integration of libraries and the amount of languages is enough to work with and integrate with other DevOps applications which is easy. Everything is very intuitive including the initial setup. Setting up multiple rules for languages is included as well as security. The static code scanning feature is good. The only thing is that the UI integration could be improved.

Inconvénients

The only thing is that the UI integration could be improved, maybe even better documentation, but otherwise I am satisfied with the application, deployment without problems, integration with other applications as well.

Avantages

Security Hotspot feature
Code Smells
Multi language support

Inconvénients

The free version has limitations on development languages and support.
Setup process
Would require a UI / CX refresh