SonarQube

ci/cd quality assurance

This item was not updated in last three versions of the Radar. Should it have appeared in one of the more recent editions, there is a good chance it remains pertinent. However, if the item dates back further, its relevance may have diminished and our current evaluation could vary. Regrettably, our capacity to consistently revisit items from past Radar editions is limited.

Nov 2023

Adopt

SonarQube remains a good choice for checking your code quality. However, when using GitLab pipelines, it can be replaced with the built-in functionality provided by GitLab.

Mar 2022

Adopt

To track code quality of our projects and check for security issues (Static Application Security Testing), we recommend SonarQube. At we use it in CI pipelines to scan our code against the quality gate. If possible we even check each merge request to prevent degrading code quality before adding it to our code basis.

Nov 2019

Trial

At AOE, we are using SonarQube to get a historical overview of the code quality in our Projects. With SonarQube, you can get a quick insight into the condition of your code. It analyzes many languages and provides numerous static analysis rules. SonarQube is also being used for Static Application Security Testing (SAST) which scans our code for potential security vulnerabilities and is an essential element of our Secure Software Development Lifecycle.

Mar 2018

Assess

At AOE, we're evaluating SonarQube to get an historical overview of the code quality of our Projects. With SonarQube, you can get a quick hint about the condition of your code. It analyzes many languages and provides numerous static analysis rules.