Sonar static code analysis

The open source and commercial Sonar solution – SonarQube for IDE, SonarQube Cloud, and SonarQube Server – supports over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 400,000 organizations globally to improve more than half a trillion lines of code, Sonar is integral to delivering better software. From analyzing your code in real-time as you type in your IDE all the way through to code review, pull requests, and branch analysis, Sonar ensures code quality and security at every step in your workflow.

If you’re looking for a hosted static analysis option, then SonarQube Cloud is a great choice. As a hosted offering, users do not have to worry about installation or maintenance. At a high level, SonarQube Cloud offers: 

• Automatic, zero-configuration, analysis with GitHub for many popular languages, and immediate access to new features and functionality
• Authentication integration with GitHub, Azure DevOps, Bitbucket and GitLab
• Free open-source analysis for public projects or usage-based pricing model for private projects

If you’re looking for a self-managed static code analysis option, then open-source based SonarQube Server is a great choice. SonarQube Server Developer Edition and Enterprise Edition also include additional enterprise features that may be valuable to your organization’s specific use case(s). At a high level, SonarQube Server offers: 

• Run your instance your way, as a virtual machine, on Docker, or with Kubernetes with vertical and horizontal scaling support
• Easy project onboarding with integration to GitHub, GitLab, Azure and Bitbucket; in-cloud and on-premises
• Commerical features include executive-level reporting capabilities, security reports including coverage for OWASP Top 10 and CWE Top 25 and more, portfolios support, multiple DevOps platform support and more
• Advanced security analysis with deeper SAST

• Open-source analysis is always free with SonarQube Community Build and SonarQube Cloud, and a no-commitment, 14-day free trial offering covering 30+ languages and frameworks
• Both are based on the same underlying static analysis engine to catch bugs, vulnerabilities, and code smells - generating valuable code quality metrics
• IDE Support with SonarQube for IDE integration and integration with CI/CD workflow in most DevOps platforms
• Efficient and fast SAST analysis and more!

SonarQube for IDE is your first line of defense for ensuring the code you write today is high-quality and secure. Issues are raised in-line with clear rule descriptions and guidance.

The impact is immediate, and no configuration is required. You learn from the real-time feedback provided and quickly resolve issues with contextual guidance and automatic Quick Fixes.

SonarQube for IDE is available from your IDE marketplace:
Visual Studio | VS Code | JetBrains | Eclipse