SonarQube remains a good choice for checking your code quality. However, when using GitLab pipelines, it can be replaced with the built-in functionality provided by GitLab.
To track code quality of our projects and check for security issues (Static Application Security Testing), we recommend SonarQube. At DCX we use it in CI pipelines to scan our code against the quality gate. If possible we even check each merge request to prevent degrading code quality before adding it to our code basis.
At DCX, we are using SonarQube to get a historical overview of the code quality in our Projects. With SonarQube, you can get a quick insight into the condition of your code. It analyzes many languages and provides numerous static analysis rules. SonarQube is also being used for Static Application Security Testing (SAST) which scans our code for potential security vulnerabilities and is an essential element of our Secure Software Development Lifecycle.