SonarSource Rules

SonarSource
static code analysissince
2008

We believe secure, quality software comes from secure, quality code

Since 2008, we've been devoted to helping developers around the world deliver clean, secure code. At SonarSource, we’re passionate about helping developers deliver the best applications that delight users, while keeping them safe and secure.

For us, delivering a great product starts with transparency. We're an open company, and our rules database is open as well! We put all our static analysis rules on display so you can explore them and judge their value for yourself.

For each rule, we provide code samples and offer guidance on a fix. Even more importantly, we also tell you why. We offer it all here publicly because whether or not you choose to use our analysis - we want to help you and your team write better code!


6000+ Static Analysis Rules
across 30+ programming languages

Carefully annotated and continuously refined
Covering all angles
  • Reliability

    Avoid bugs and undefined behavior

  • Security

    Avoid breaches or attacks

  • Maintainability

    Ease code updates, and increase developer velocity

Sample RuleSample Rule

  • Classified by severity

  • Mapped to standards (cert, misra, cwe, sans, owasp, etc.)

  • Fully documented

  • Learn best practices & improve coding
  • Fully
    automated

  • Up-to-speed with
    latest frameworks

  • Benefits shared
    across dev teams


In your IDE and in your Pipeline,
analyze your code against these rules

Open products, open communities, free for open source

In-IDE

Code Quality and Security in your IDE with SonarQube Ide

IDE extension that lets you fix coding issues before they exist!

Install in
Install SonarQube Ide on IntellijInstall SonarQube Ide on EclipseInstall SonarQube Ide on VS CodeInstall SonarQube Ide on Visual Studio

SaaS

Code Quality and Security in the cloud with SonarQube Cloud

Nicely pairs with your existing cloud-based CI/CD workflows

Sign Up

Self-Hosted

Code Quality and Security Self-Hosted with SonarQube Server

Fast, accurate analysis; enterprise scalability

Download
Smoothly integrated with GitLabGitHubBitbucketAzure DevOps

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Sonar helps developers write Clean Code.
Privacy Policy | Cookie Policy