Discover and share technology stacks from companies around the world.

Product

Stacks
Tools
Companies
Feed

Company

About
Blog
Contact

Legal

Privacy Policy
Terms of Service

© 2025 StackShare. All rights reserved.

API Status Changelog

SonarQube - StackShare | StackShare

Home
Code Review
SonarQube

By

SonarQube

Code Review

OverviewOverview Pros & ConsPros IntegrationsIntegrations DiscussionsDiscussions AlternativesAlternatives

What is SonarQube?

SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.

SonarQube is a tool in the Code Review category of a tech stack.

Key Features

Multi-languageDetect tricky issuesSecurity analysisEnhance your workflow

SonarQube Pros & Cons

Pros of SonarQube

✓Tracks code complexity and smell trends
✓IDE Integration
✓Complete code Review
✓Difficult to deploy

Cons of SonarQube

✗Paid support is poor, techs arrogant and unhelpful
✗Sales process is long and unfriendly
✗Does not integrate with Snyk

SonarQube Alternatives & Comparisons

What are some alternatives to SonarQube?

Jira

Jira's secret sauce is the way it simplifies the complexities of software development into manageable units of work. Jira comes out-of-the-box with everything agile teams need to ship value to customers faster.

ESLint

A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.

Prettier

Prettier is an opinionated code formatter. It enforces a consistent style by parsing your code and re-printing it with its own rules that take the maximum line length into account, wrapping code when necessary.

TSLint

An extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors. It is widely supported across modern editors & build systems and can be customized with your own lint rules, configurations, and formatters.

RuboCop

RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide.

Stylelint

A mighty, modern CSS linter that helps you enforce consistent conventions and avoid errors in your stylesheets.

SonarQube Integrations

Gradle, Apache Maven, Jenkins, TeamCity, Appveyor and 7 more are some of the popular tools that integrate with SonarQube. Here's a list of all 12 tools that integrate with SonarQube.

Try It

Adoption

On StackShare

Companies

498

S I M D A M +492

Developers

1.16k

J S C M Z H +1151

SonarQube Discussions

Discover why developers choose SonarQube. Read real-world technical decisions and stack choices from the StackShare community.Showing 8 of 10 discussions.

Arnolfo C Aquino

May 3, 2021

Needs adviceon

Is it possible to integrate Black Duck, SonarQube and Coverity with Fortify SSC?

0 views0

Senior Fullstack Developer at QUANTUSflow Software GmbH

Apr 27, 2020

Needs adviceon

Our whole DevOps stack consists of the following tools:

GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
Respectively Git as revision control system
SourceTree as Git GUI
Visual Studio Code as IDE
CircleCI for continuous integration (automatize development process)
Prettier / TSLint / ESLint as code linter
SonarQube as quality gate
Docker as container management (incl. Docker Compose for multi-container application management)
VirtualBox for operating system simulation tests
Kubernetes as cluster management for docker containers
Heroku for deploying in test environments
nginx as web server (preferably used as facade server in production environment)
SSLMate (using OpenSSL) for certificate management
Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
PostgreSQL as preferred database system
Redis as preferred in-memory database/store (great for caching)

The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
Scalability: All-in-one framework for distributed systems.
Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.

0 views0

SRE Manager

Apr 1, 2020

Needs adviceon

I'm beginning to research the right way to better integrate how we achieve SCA / shift-left / SecureDevOps / secure software supply chain. If you use or have evaluated WhiteSource, Snyk, Sonatype Nexus, SonarQube or similar, I would very much appreciate your perspective on strengths and weaknesses and how you selected your ultimate solution. I want to integrate with GitLab CI.

0 views0

Jul 25, 2019

Needs adviceon

It is very important to have clean code. To be sure that the code quality is not really bad I use a few tools. I love SonarQube with many relevant hints and deep analysis of code. codebeat isn't so detailed, but it can find complexity issues and duplications. Codacy cannot find more bugs then your IDE. The winner for me is SonarQube that shows me really relevant bugs in my code.

0 views0

Ganesa Vijayakumar

Full Stack Coder | Technical Architect

May 13, 2019

Needs adviceon

I'm planning to create a web application and also a mobile application to provide a very good shopping experience to the end customers. Shortly, my application will be aggregate the product details from difference sources and giving a clear picture to the user that when and where to buy that product with best in Quality and cost.

I have planned to develop this in many milestones for adding N number of features and I have picked my first part to complete the core part (aggregate the product details from different sources).

As per my work experience and knowledge, I have chosen the followings stacks to this mission.

UI: I would like to develop this application using React, React Router and React Native since I'm a little bit familiar on this and also most importantly these will help on developing both web and mobile apps. In addition, I'm gonna use the stacks JavaScript, jQuery, jQuery UI, jQuery Mobile, Bootstrap wherever required.

Service: I have planned to use Java as the main business layer language as I have 7+ years of experience on this I believe I can do better work using Java than other languages. In addition, I'm thinking to use the stacks Node.js.

Database and ORM: I'm gonna pick MySQL as DB and Hibernate as ORM since I have a piece of good knowledge and also work experience on this combination.

Search Engine: I need to deal with a large amount of product data and it's in-detailed info to provide enough details to end user at the same time I need to focus on the performance area too. so I have decided to use Solr as a search engine for product search and suggestions. In addition, I'm thinking to replace Solr by Elasticsearch once explored/reviewed enough about Elasticsearch.

Host: As of now, my plan to complete the application with decent features first and deploy it in a free hosting environment like Docker and Heroku and then once it is stable then I have planned to use the AWS products Amazon S3, EC2, Amazon RDS and Amazon Route 53. I'm not sure about Microsoft Azure that what is the specialty in it than Heroku and Amazon EC2 Container Service. Anyhow, I will do explore these once again and pick the best suite one for my requirement once I reached this level.

Build and Repositories: I have decided to choose Apache Maven and Git as these are my favorites and also so popular on respectively build and repositories.

Additional Utilities :) - I would like to choose Codacy for code review as their Startup plan will be very helpful to this application. I'm already experienced with Google CheckStyle and SonarQube even I'm looking something on Codacy.

Happy Coding! Suggestions are welcome! :)

Thanks, Ganesa

0 views0

Joshua Dean Küpper

CEO at Scrayos UG (haftungsbeschränkt)

Mar 14, 2019

Needs adviceon

We use SonarQube because of the big inbuilt database of code-smells, pitfalls and best-practices. We were already using Checkstyle, PMD and SpotBugs before, but decided that an "in-depth" analysis – after those three tools already submitted their reports – would be a welcomed addition for the presentation of found issues. The blame-feature of SonarQube is brilliant for internal communication and the integration of the already generated reports of the other tools saves time and speeds up build pipelines.

0 views0

Gonçalo Faustino

Staff SRE

Dec 22, 2018

Needs adviceon

Red Hat OpenShift

We use Docker for our #DeploymentWorkflow along with OpenShift SonarQube Sonatype Nexus GitLab Vault Apache Maven AngularJS Spring-Boot

0 views0

Timur Olzhabayev

Head of Development at Trusted Shops SE

Jan 23, 2017

Needs adviceon

To increase our code quality and make vulnerabilities visible, we added SonarQube to our Git(lab) workflow, so every commit is analyzed and code flaws are shown directly at the Mergerequest. SonarQube

0 views0

View all 10 discussions