SonarQube

SonarQube

SonarQube is code review and management software. The software is developed by SonarSource, which was founded in 2008 by Freddy Mallet, Simon Brandhof and Olivier Gaudin. Development of SonarQube actually began a year before, in 2007, after it was realized that no product existed that could preform comprehensive code review effectively. Notable customers of the company include Michelin, Deutsche Bank, Samsung, Telefonica and BNP Paribas. More than 85,000 organizations use products by SonarSource.

Download SonarQube
Features of SonarQube
  • Automated quality control for large code development operations
  • Administrative dashboard that continuously monitors progress and errors
  • Plenty of plugins available to enhance the features of the software
Pros of SonarQube
  • A community edition is free and open source
  • Pricing scales with lines of code output for more advanced editions
Cons of SonarQube
  • Developers who produce millions of lines of code a year will be shelling out up to $62,000 per year to use the software, depending on output, and costs per year for huge, high availability database applications could reach $1 million per year
SonarQube Reviews

Code development is an ever-growing business, and the small, basement teams of yesteryear have been replaced with giant enterprises with hundreds of programmers working on the same product. Managing such huge teams is a challenge, and quality control can be a nightmare. SonarQube by SonarSource can help with that. By implementing a process called Continuous Inspection, SonarQube is able to constantly check on the quality of a product in development. It keeps tabs on overall quality with a Quality Gate and also monitors leak management, parallel report processing, branch analysis, governance features, a short feedback loop, high availability and more. The Quality Gate features a GO/NO-GO check to determine whether an application or feature has passed set quality criteria, informing administrators about whether or not a program is ready for development, at least as far as quality is concerned. SonarQube supports over 20 programming languages, including Python, Flex, Java, C#, C/C++, PL/I, Swift, COBOL, Objective-C, PL/SQL, ABAP, RPG, TypeScript, VB.Net and more. Furthermore, more than 60 plugins by commercial sources or an active community can enhance the software with extra languages, pages or metrics, making it easy to customize the software for the unique needs of a development team. The software can also be used online via SonarCloud, which can track public projects using the same features as SonarQube.

SonarQube Video

Alternatives to SonarQube

StyleCop

StyleCop is a small tool built on open-source code that is designed to analyze C# in order to determine its consistency with the coding syntax that StyleCop designates. Since the tool was designed
Show details

Codacy

Freemium
Codacy is a software which allows for the automated code testing and reviewing of a piece of programming. You can sign up for Codacy with GitHub or use a different account to sign up. Codacy is
Show details

CodeSonar

CodeSonar, produced by GrammaTech, is source and binary code analysis software that finds critical defects that can crash systems, result in unexpected operations, threaten security, and
Show details

FindBugs

Free
Findbugs is a tool that looks for bugs in Java code. Findbugs finds the bugs by analyzing computer software without actually executing programs. Using this software allows for easy debugging
Show details

PyCharm

Paid
PyCharm is an IDE with a rich set of tools for Python developers. The software was developed by JetBrains, and it is available for Windows, Mac, and Linux. PyCharm will analyze, test, and debug
Show details

WhiteSource Software

WhiteSource offers an open source license management and security solution. WhiteSource automates the entire process of open source selection, approval, detection of vulnerable or problematic
Show details

JSHint

Free
New JSHint website. Anton Kovalyov Oct 1st, 2013. For the last couple of weeks I've been working on a new homepage for JSHint and today I'm proud to announce the new jshint.com! JSHint Website.
Show details

Clang

Free
Some of the goals for the project include the following:
Show details

Black Duck

Organizations worldwide use Black Duck Software’s solutions to ensure open source security and license compliance in their applications and containers.
Show details

Klocwork

*/ /*-->*/ Faster delivery of secure, reliable, and conformant code As teams develop code with more features, shorter timelines, and stricter standards than ever before, it gets increasin
Show details

Kiuwan

Application security platform for every stage and all the stakeholders in the SDLC. OWASP, CWE, PCI-DSS, NIST
Show details

PyLint

Free
Python, pylint, pyreverse, code analysis, checker, logilab, pep8
Show details

Cppcheck

Free
Cppcheck is an analysis tool for C/C++ code. It detects the types of bugs that the compilers normally fail to detect. The goal is no false positives.
Show details