SonarSource Rules

static code analysissince

We believe secure, quality software comes from secure, quality code

Since 2008, we've been devoted to helping developers around the world deliver clean, secure code. At SonarSource, we’re passionate about helping developers deliver the best applications that delight users, while keeping them safe and secure.

For us, delivering a great product starts with transparency. We're an open company, and our rules database is open as well! We put all our static analysis rules on display so you can explore them and judge their value for yourself.

For each rule, we provide code samples and offer guidance on a fix. Even more importantly, we also tell you why. We offer it all here publicly because whether or not you choose to use our analysis - we want to help you and your team write better code!

5000+ Static Analysis Rules
across 30+ programming languages

Carefully annotated and continuously refined
Covering all angles
  • Reliability

    Avoid bugs and undefined behavior

  • Security

    Avoid breaches or attacks

  • Maintainability

    Ease code updates, and increase developer velocity

Sample RuleSample Rule

  • Classified by severity

  • Mapped to standards (cert, misra, cwe, sans, owasp, etc.)

  • Fully documented

  • Learn best practices & improve coding
  • Fully

  • Up-to-speed with
    latest frameworks

  • Benefits shared
    across dev teams

In your IDE and in your Pipeline,
analyze your code against these rules

Open products, open communities, free for open source


Code Quality and Security Self-Hosted with SonarQube

IDE extension that lets you fix coding issues before they exist!

Install in
Install SonarLint on IntellijInstall SonarLint on EclipseInstall SonarLint on VS CodeInstall SonarLint on Visual Studio


Code Quality and Security in the cloud with SonarCloud

Nicely pairs with your existing cloud-based CI/CD workflows

Sign Up


Code Quality and Security Self-Hosted with SonarQube

Fast, accurate analysis; enterprise scalability

Smoothly integrated with GitLabGitHubBitbucketAzure DevOps

© 2008-2024 SonarSource S.A., Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, and SONARCLOUD are trademarks of SonarSource S.A. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.

Sonar helps developers write Clean Code.
Privacy Policy | Cookie Policy