Sonar's latest blog posts
Announcing SonarSweep: Improving training data quality for coding LLMs
Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.
Why You Shouldn't Use Build Breaker
There have been some heated discussions recently about the Build Breaker plugin... SonarSource doesn't want to continue the feature. The community has come to see it as a must have... So I'd like to explain why at SonarSource we no longer think it should be used.
Read Blog >
Analysis of Visual Studio Solutions with the SonarQube Server Scanner for MSBuild
At the end of April 2015 during the Build Conference, Microsoft and SonarSource Announced SonarQube Server integration with MSBuild and Team Build. Today, half a year later, we’re releasing the SonarQube Server Scanner for MSBuild 1.0.2. But what exactly is the SonarQube Server Scanner for MSBuild? Let’s find out!
Read Blog >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Water Leak Changes the Game for Technical Debt Management
A few months ago, at the end of a customer presentation about “The Code Quality Paradigm Change”, I was approached by an attendee who said, “I have been following SonarQube Server & SonarSource for the last 4-5 years and I am wondering how I could have missed the stuff you just presented. Where do you publish this kind of information?”. I told him that it was all on our blog and wiki and that I would send him the links. Well...
Read Blog >
Unit Test Execution in SonarQube Server
Starting with Java Ecosystem version 2.2 (compatible with SonarQube Server version 4.2+), we no longer drive the execution of unit tests during Maven analysis. Dropping this feature seemed like such a natural step to us that we were a little surprised when people asked us why we'd taken it.
Read Blog >
Three options for pre-commit analysis
As a quality-first focus becomes increasingly important in modern software development, more and more developers are asking how to find new issues before they check their code in. For some of you, it's a point of pride. For others, it's a question of keeping management off your back, and for still others it's simply a matter of not embarrassing yourself publicly. Fortunately, the SonarQube Server developers (being developers themselves) understand the problem and have come up with three different ways of dealing with it: the Eclipse plugin, the IntelliJ plugin, and the Issues Report plugin.
Read Blog >
Already 158 Checkstyle and PMD rules deprecated by SonarQube Server Java rules
Already 158 Checkstyle and PMD rules deprecated by SonarQube Server Java rules
Read Blog >
Everything's a component
Something occurred to me recently that I wanted to share. Sometimes I'm late to the party, so this may have been obvious to you all along, but it didn't jump out at me at first, so I thought it might be worth talking about. It's the fact that the Views plugin turns a project into just another component.
Read Blog >
Differentials: Four ways to see what's changed
After a Sonar analysis, it's easy to see your project's current state - just browse to the project dashboard and it's laid out for you. Want details? Just start clicking. But it's not always enough to know where you are. Sometimes, you need to know where you are in comparison to where you've been.
Read Blog >
Customizing Sonar to Fit Your Needs
Sonar is a super-radiator for code quality and as such, you can expect it brings value to all stakeholders in a development group. To achieve this, Sonar must be able to show only relevant information in a certain context and shut off the noise to facilitate investigation and decision making. In this post, I will show how to customize Sonar to fit your needs by:
Read Blog >
Manage Duplicated Code with Sonar
If you use Sonar already, I am sure that you know already the worse of all 7 developer's deadly sins: And if you don't, I would assume you know about duplicated / cloned / similar code when you talk about quality of code and that you have heard of tools such PMD CPD or Simian. But why does copy paste matters from a code quality point of view? How can you benefit from Sonar to improve this? Let’s try to figure this out.
Read Blog >
Effective Code Review with Sonar
At SonarSource, we like eating our own dog food as much as possible. This is not always the case in software development, but in our case since we develop software for software companies, we can do it. We therefore have an instance of Sonar that analyses all our products daily.
Read Blog >