What is Sonarqube?

The SonarQube platform delivers automated code quality and security analysis for modern development teams. Designed to seamlessly integrate with your CI/CD pipelines and DevOps tooling, it continuously reviews your source code to uncover bugs, security vulnerabilities, security hotspots, code smells, and architecture issues before code is merged or released. With broad support for 40+ programming languages and frameworks, SonarQube empowers developers and organizations to uphold high standards of code health across web, mobile, embedded, and cloud-native apps. It’s trusted by more than 7 million developers, underscoring its industry leadership as a critical solution for secure, maintainable, and high-quality software development.

Customers can choose between two delivery methods for SonarQube—as a cloud-based, software-as-a-service (SaaS) offering or as a self-managed, self-hosted server side solution.

The SonarQube platform also includes an IDE plugin, SonarQube for IDE, that brings real-time static analysis, quick-fix guidance, and security issue detection directly into your coding editor.

Key capabilities of our platform include:

• Automated code review

• Code quality analysis

• Code security analysis

• Architecture

• Remediation

• Secrets detection

• IaC scanning

• Static Application Security Testing (SAST)

• Taint analysis

• Mobile Application Security Testing (MAST)

• Open source license management

• CI/CD integration

• Project and portfolio management

• Governance and compliance

• Reporting and analytics