Any input on Bithound?

IndigoIdentity

Expert Member
Joined
May 10, 2010
Messages
1,964
Does anyone have any working experience with BitHound?

It supposedly provides an analysis on your repositories in Github and Bitbucket but I was wondering if anyone actually uses this and has found the analysis to be useful?

Also, is there anything else that you use for this purpose of how do you go about it?
 

Dark Agent

Expert Member
Joined
Nov 30, 2008
Messages
2,312
Does anyone have any working experience with BitHound?

It supposedly provides an analysis on your repositories in Github and Bitbucket but I was wondering if anyone actually uses this and has found the analysis to be useful?

Also, is there anything else that you use for this purpose of how do you go about it?

I used it for 4 months, I never found it useful.
Good
For backend development the package dependency was very useful if you have multiple projects.
Security Alerts on support projects that kept on github and bitbucket.
Good price.
Very easy to setup. Took 20 mins.
Online cloud base so no setup or server required.

Bad
Analysis is as per website, not very useful.
The code analysis is too strict and lot false positives.
Front end dependencies updates is a nightmare and this was the killer.

Conclusion
Short team it very useful and gets you started quick but long term you might want a bit more useful analysis.

I went back to sonarqube since the reports, analysis, feedback and integration is way more useful. The configuration was a pain but the results are beauty.
Sonarqube I got 11 projects, unit test coverage, e2e coverage, code analysis, lately package dependency(no security vulnerabilities detection yet) and team analysis.
 
Top