Sonar Logo
Start for FreeExplore Pricing

Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

What is Clean Code?

If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.


But what is Clean Code, and what does it encompass?

Read More
https://assets-eu-01.kc-usercontent.com:443/2fe34236-f012-013e-0792-c742810b83e3/ddb995eb-cb89-4435-82fb-1b937cdf11dc/what_is_clean_code_blog_feature.webp
Image shows various elements of code security, languages and bugs
Blog post

We Are Adjusting Rules Severities

With the release of SonarQube 5.6, we introduced the SonarQube Quality Model, which pulls Bugs and Vulnerabilities out into separate categories to give them the prominence they deserve. Now we're tackling the other half of the job: "sane-itizing" rule severities, because not every bug is Critical.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

SonarAnalyzer for C#: The Rule Engine You Want to Use

If you’ve been following the releases of the Scanner for MsBuild and the C# plugin over the last two years, you must have noticed that we significantly improved our integration with the build tool and at the same time added a lot of new rules. Also, we introduced SonarLint for Visual Studio, a new tool to analyze code inside the IDE. With these steps completed we are deprecating the SonarQube ReSharper plugin to be able to provide a consistent, high-level experience among our tools.

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

Image shows various elements of code security, languages and bugs
Blog post

Bugs and Vulnerabilities are 1st Class Citizens in SonarQube Quality Model along with Code Smells

In SonarQube 5.5 we adopted an evolved quality model, the SonarQube Quality Model, that takes the best from SQALE and adds what was missing. In doing so, we've highlighted project risks while retaining technical debt.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Why You Shouldn't Use Build Breaker

There have been some heated discussions recently about the Build Breaker plugin... SonarSource doesn't want to continue the feature. The community has come to see it as a must have... So I'd like to explain why at SonarSource we no longer think it should be used.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Analysis of Visual Studio Solutions with the SonarQube Scanner for MSBuild

At the end of April 2015 during the Build Conference, Microsoft and SonarSource Announced SonarQube integration with MSBuild and Team Build. Today, half a year later, we’re releasing the SonarQube Scanner for MSBuild 1.0.2. But what exactly is the SonarQube Scanner for MSBuild? Let’s find out!

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Water Leak Changes the Game for Technical Debt Management

A few months ago, at the end of a customer presentation about “The Code Quality Paradigm Change”, I was approached by an attendee who said, “I have been following SonarQube & SonarSource for the last 4-5 years and I am wondering how I could have missed the stuff you just presented. Where do you publish this kind of information?”. I told him that it was all on our blog and wiki and that I would send him the links. Well...

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Unit Test Execution in SonarQube

Starting with Java Ecosystem version 2.2 (compatible with SonarQube version 4.2+), we no longer drive the execution of unit tests during Maven analysis. Dropping this feature seemed like such a natural step to us that we were a little surprised when people asked us why we'd taken it.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Three options for pre-commit analysis

As a quality-first focus becomes increasingly important in modern software development, more and more developers are asking how to find new issues before they check their code in. For some of you, it's a point of pride. For others, it's a question of keeping management off your back, and for still others it's simply a matter of not embarrassing yourself publicly. Fortunately, the SonarQube developers (being developers themselves) understand the problem and have come up with three different ways of dealing with it: the Eclipse plugin, the IntelliJ plugin, and the Issues Report plugin.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Already 158 Checkstyle and PMD rules deprecated by SonarQube Java rules

Already 158 Checkstyle and PMD rules deprecated by SonarQube Java rules

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Everything's a component

Something occurred to me recently that I wanted to share. Sometimes I'm late to the party, so this may have been obvious to you all along, but it didn't jump out at me at first, so I thought it might be worth talking about. It's the fact that the Views plugin turns a project into just another component.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Differentials: Four ways to see what's changed

After a Sonar analysis, it's easy to see your project's current state - just browse to the project dashboard and it's laid out for you. Want details? Just start clicking. But it's not always enough to know where you are. Sometimes, you need to know where you are in comparison to where you've been.

Read Blog post >