Home

Sonar's latest blog posts

Featured Post

The Coding Personalities of Leading LLMs

Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.

Read More
https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/7f6e6498-f9d3-4c75-8cb2-16917f0d95c2/LLMs-coding-personalities_featured-blog%402x.webp
Image shows various elements of code security, languages and bugs
Blog post

Securing access to projects in Sonar

When used out-of-the-box, Sonar is a code quality radiator accessible by everyone at anytime. Like for JIRA, Hudson, a post-it dashboard or any other piece of the development toolset transparency is a key success factor for adoption. So, by default in Sonar, anyone can access any project under continuous inspection and navigate through it.

Read Blog >

Image shows various elements of code security, languages and bugs
Blog post

Sonar to identify security vulnerabilities

During the last few months, Sonar has definitely become the leading Open Source Platform to manage Java code quality. The objective to democratize access to code quality is becoming concrete. However when analyzing source code, quality is only one aspect of things...

Read Blog >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image shows various elements of code security, languages and bugs
Blog post

Reuse in Sonar unit test reports generated by other systems

Reuse in Sonar unit test reports generated by other systems

Read Blog >

Image shows various elements of code security, languages and bugs
Blog post

Using quality profiles in Sonar

Last month, Sonar 1.6 was released. The main feature of the new version is the ability to manage quality profiles. The purpose of this post is to explain what gap the functionality fills, to define what is a quality profile and to explain how to use it. Prior to Sonar 1.6, it was only possible to run analysis with one set of defined coding rules per instance of Sonar. It means that within an instance of Sonar, it was not possible to process differently various types of projects (legacy application, technical libraries, new projects, ...). They were all analyzed with the same set of rules. Therefore there was sometimes unnecessary noise around the quality data that made it difficult to see quickly what real action was required. Sonar 1.6 turns off this noise by allowing to define and simultaneously use several quality profiles.

Read Blog >

Image shows various elements of code security, languages and bugs
Blog post

What makes Checkstyle, PMD, Findbugs and Macker complementary ?

There is often some misunderstanding when people talk about coding rules engines. Everyone tries to take position in favor of his preferred tool and does his best to explain what are the weaknesses of the other ones.

Read Blog >

Image shows various elements of code security, languages and bugs
Blog post

Discussing Cyclomatic Complexity

Googling on Cyclomatic Complexity (CC), gives some interesting results... Among those results, you'll find the two following definitions :

Read Blog >

Image shows various elements of code security, languages and bugs
Blog post

Is 80% of code coverage any good ?

When talking about source code quality, there are always voices to tell you that metrics mean nothing and that plenty of projects have great metrics and poor quality! Let's look at one particular metric: the code coverage by unit tests.

Read Blog >