Sonar's latest blog posts

Featured Post

Announcing SonarSweep: Improving training data quality for coding LLMs

Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.

Read More
https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/c4c32669-0e01-4074-926a-1b257686a90c/sonarsweep_blog_or_press_featured_with_mark__2x.webp
Image shows various elements of code security, languages and bugs
Blog post

Using quality profiles in Sonar

Last month, Sonar 1.6 was released. The main feature of the new version is the ability to manage quality profiles. The purpose of this post is to explain what gap the functionality fills, to define what is a quality profile and to explain how to use it. Prior to Sonar 1.6, it was only possible to run analysis with one set of defined coding rules per instance of Sonar. It means that within an instance of Sonar, it was not possible to process differently various types of projects (legacy application, technical libraries, new projects, ...). They were all analyzed with the same set of rules. Therefore there was sometimes unnecessary noise around the quality data that made it difficult to see quickly what real action was required. Sonar 1.6 turns off this noise by allowing to define and simultaneously use several quality profiles.

Read Blog >

Image shows various elements of code security, languages and bugs
Blog post

What makes Checkstyle, PMD, Findbugs and Macker complementary ?

There is often some misunderstanding when people talk about coding rules engines. Everyone tries to take position in favor of his preferred tool and does his best to explain what are the weaknesses of the other ones.

Read Blog >

Get new blog posts delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By clicking “Sign up”, you consent to receive email communications from SonarSource containing blog updates, product news, and other relevant content. We will store and process your personal data for this purpose as described in our Privacy Policy. You can withdraw your consent at any time by clicking the unsubscribe link in our emails or by contacting us in accordance with the Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image shows various elements of code security, languages and bugs
Blog post

Discussing Cyclomatic Complexity

Googling on Cyclomatic Complexity (CC), gives some interesting results... Among those results, you'll find the two following definitions :

Read Blog >

Image shows various elements of code security, languages and bugs
Blog post

Is 80% of code coverage any good ?

When talking about source code quality, there are always voices to tell you that metrics mean nothing and that plenty of projects have great metrics and poor quality! Let's look at one particular metric: the code coverage by unit tests.

Read Blog >