What is SonarQube and what are its top alternatives?
Top Alternatives to SonarQube
It is a popular developer productivity extension for Microsoft Visual Studio. It automates most of what can be automated in your coding routines. It finds compiler errors, runtime errors, redundancies, and code smells right as you type, suggesting intelligent corrections for them. ...
It is a provider of state-of-the-art application security solution: static code analysis software, seamlessly integrated into development process. ...
Codacy automates code reviews and monitors code quality on every commit and pull request on more than 40 programming languages reporting back the impact of every commit or PR, issues concerning code style, best practices and security. ...
It detects possible bugs in Java programs. Potential errors are classified in four ranks: scariest, scary, troubling and of concern. This is a hint to the developer about their possible impact or severity. ...
It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production. ...
It is an IDE extension that helps you detect and fix quality issues as you write code. Like a spell checker, it squiggles flaws so that they can be fixed before committing code. ...
It is a free code coverage library for Java, which has been created based on the lessons learned from using and integration existing libraries for many years. ...
ShiftLeft CORE provides fast and accurate application security findings built directly into the development workflow. ...
SonarQube alternatives & related posts
- Refactor also using different code5
- Early discover bugs4
- IDE Integration4
- Highlighted //todo //bug3
- Spell checking2
- Visual studio become slower8
related ReSharper posts
related Checkmarx posts
- Automated code review42
- Easy setup35
- Free for open source28
- Helps reduce technical debt18
- Best scala support13
- Better coding13
- Faster Employee Onboarding11
- Great UI10
- Duplication detector10
- PHP integration9
- Python inspection6
- Many integrations5
- Tools for JVM analysis4
- Github Integration4
- Must-have for Java3
- Easy Travis integration3
- Items can be ignored in the UI3
- No support for private Git or Azure DevOps git6
related Codacy posts
I'm planning to create a web application and also a mobile application to provide a very good shopping experience to the end customers. Shortly, my application will be aggregate the product details from difference sources and giving a clear picture to the user that when and where to buy that product with best in Quality and cost.
I have planned to develop this in many milestones for adding N number of features and I have picked my first part to complete the core part (aggregate the product details from different sources).
As per my work experience and knowledge, I have chosen the followings stacks to this mission.
Service: I have planned to use Java as the main business layer language as I have 7+ years of experience on this I believe I can do better work using Java than other languages. In addition, I'm thinking to use the stacks Node.js.
Database and ORM: I'm gonna pick MySQL as DB and Hibernate as ORM since I have a piece of good knowledge and also work experience on this combination.
Search Engine: I need to deal with a large amount of product data and it's in-detailed info to provide enough details to end user at the same time I need to focus on the performance area too. so I have decided to use Solr as a search engine for product search and suggestions. In addition, I'm thinking to replace Solr by Elasticsearch once explored/reviewed enough about Elasticsearch.
Host: As of now, my plan to complete the application with decent features first and deploy it in a free hosting environment like Docker and Heroku and then once it is stable then I have planned to use the AWS products Amazon S3, EC2, Amazon RDS and Amazon Route 53. I'm not sure about Microsoft Azure that what is the specialty in it than Heroku and Amazon EC2 Container Service. Anyhow, I will do explore these once again and pick the best suite one for my requirement once I reached this level.
Build and Repositories: I have decided to choose Apache Maven and Git as these are my favorites and also so popular on respectively build and repositories.
Additional Utilities :) - I would like to choose Codacy for code review as their Startup plan will be very helpful to this application. I'm already experienced with Google CheckStyle and SonarQube even I'm looking something on Codacy.
Happy Coding! Suggestions are welcome! :)
It is very important to have clean code. To be sure that the code quality is not really bad I use a few tools. I love SonarQube with many relevant hints and deep analysis of code. codebeat isn't so detailed, but it can find complexity issues and duplications. Codacy cannot find more bugs then your IDE. The winner for me is SonarQube that shows me really relevant bugs in my code.
related FindBugs posts
We use PMD alongside Checkstyle and FindBugs (Spotbugs) for our static code analysis, as a standard stage in all of our pipelines. PMD offers us insight into various optimization possibilities, best-practice alignment, coding convention compliance and general problems with our code.
related Veracode posts
- IDE Integration11
- Not Very User Friendly3
- Non contextual warnings2