SonarQube

Home

Request trial

CODE QUALITY AND SECURITY, UNDER YOUR CONTROL

Keep AI generated code clean

Unlock the power of AI coding assistants without the risk of bad, insecure code. SonarQube is your Clean Code solution that deploys anywhere, on-prem, or in your cloud environment.

Request a demo
passing branch is merged
Interstitial

USED AND LOVED BY 7 MILLION DEVELOPERS & 400,000+Organizations

  • Barclays
  • Airfrance
  • IBM
  • NASA
  • Microsoft
  • ebay
  • Request demo
  • Take a product tour
  • Sonar Community
  • Contact us
SONARQUBE FEATURES

The code quality tool for better code

Your code is a business asset. Achieve the highest value from your code by reaching a state of Clean Code with SonarQube.

Integration with top DevOps platforms

Easily onboard projects. Integrate with GitHub Actions, GitLab CI/CD, Azure Pipelines, Bitbucket Pipelines, and Jenkins to auto-trigger analysis and show code health status where you work.


Clear go/no-go Sonar Quality Gate

Fail build pipelines when code quality doesn’t meet your defined standards. Prevent issues from being merged or released, reducing risk and saving costs from late discovery in the SDLC.

High performance and operability

Deploy your way, on-prem, in the cloud, as a server, with Docker, or with Kubernetes. Multi-threading, multiple compute engines, and language-specific loading delivers optimal performance.

Top tier analysis speed and accuracy

Receive actionable Clean Code metrics in minutes instead of hours. Clean as You Code inspects smaller pieces of code as you work giving you accurate feedback on the quality of your new code.


Critical security rules for vital languages

Coding issues are found at the right time and in the right place seamlessly in your dev workflow. Benefit from 5,000+ rules and industry-leading taint analysis of Java, C#, PHP, Python, and more.

Shared, unified configurations

Set your specific coding standards to align your team on code health and achieve your code quality goals. Plus Learn as You Code elevates your developer's skills to the same high level.


Sonarlint IDE integration

Add the SonarLint extension to your favorite IDE and find coding issues on the fly as you code. SonarQube settings synchronize to SonarLint, ensuring your team follows a single governed standard of Clean Code.

Measure code coverage

View the percentage of your codebase exercised by your tests for valuable insights into your code's health. Guides you to areas of low coverage to make improvements.

Explore code coverage

AI at Sonar

New AI Code Assurance

Sonar AI Code Assurance is a robust and streamlined process for validating AI-generated code through a structured and comprehensive analysis. This ensures that every new piece of code meets the highest standards of quality and security before it moves to production. 

View AI Code Assurance

Introducing AI CodeFix

Sonar AI CodeFix is a powerful capability that suggests code fixes for issues discovered by our code analysis solutions SonarQube and SonarCloud. With just one click, you can receive suggestions on how to resolve a range of issues, streamlining the issue resolution process.

View AI CodeFix
NEW - More powerful enhanced secrets detection

Explore SonarQube with this interactive product demo

See how SonarQube allows you to deliver and meet high code quality standards, for every project, at every step of the workflow. 

Interstitial
SECURITY AND SECRETS DETECTION

Enhanced developer security tools

Static code analysis

Sonar’s static application security testing (SAST) engine detects security vulnerabilities in your code so they can be eliminated before you build and test your application. Achieve robust application security and compliance for complex projects with SAST. 

Explore SAST

Secrets detection

SonarQube includes a powerful secrets detection tool, one of the most comprehensive solutions for detecting and removing secrets in code. Together with SonarLint, it prevents secrets from leaking out and becoming a serious security breach.

Explore secrets detection

Security standards compliance

SonarQube helps you comply with common code security standards, such as the NIST SSDF. Using SonarQube with SonarLint automatically checks your projects' code for security vulnerabilities and enhances overall code quality.

Explore NIST SSDF

Flexibility & governance: the perfect enterprise code quality tool

Deeply integrated with your enterprise environment

Self-managed, with deep integration into your enterprise environment. Extensible to meet your special needs and flexible in scale & pricing. And always private unless you choose otherwise.

Enterprise-level reporting and aggregation

Security reports, executive aggregation, and PDF reports provide the oversight larger organizations need to evaluate risks on their software assets.

CLEAN CODE EVERYWHERE, FOR EVERYONE

Shared code quality expectations across the enterprise organization

SonarQube coalesces developers around a shared vision of Clean Code. Sonar Quality Gates, focused on new/changed code, sets clear quality expectations for the team and ensures they deliver Clean Code every day.

Image shows shared quality scores across a production environment

Open source roots, editions for all needs

Community Edition

Free and open source for dev productivity and code quality.

Get started

Developer Edition

Essential capabilities for small teams and businesses.

View features

Enterprise Edition

Deeper insights and performance for the modern enterprise.

View features

Data Center Edition

Mission critical high availability, scalability, and performance.

Learn features

Your programming language.
covered.

Coverage for dozens of the most popular languages, frameworks and IaC platforms

Want to learn more about Clean Code and SonarQube?

Need help getting started?

The Sonar Community is a vibrant, interactive space where Sonar team members and community users get together to discuss all things Sonar. You’ll find detailed articles and technical discussions that cover the most common use cases, and some tricky ones. Plus, the Community is the place to collaborate on new features, provide feedback, and learn more from other developers.

Community Manager, Colin, makes an announcement for the launch of SonarCloud Enterprise.
man entering credit card information on website

"The greatest impact it’s had has been that it has allowed us to focus our effort on making sure new code is clean instead of addressing technical debt"

Bijay Mangaraj, Senior Vice PresidentM&T Bank LOGO

Read customer story
M&T Bank LOGO
man entering credit card information on website

Bijay Mangaraj, Senior Vice President

"The greatest impact it’s had has been that it has allowed us to focus our effort on making sure new code is clean instead of addressing technical debt"

Get SonarQube updates delivered directly to your inbox

By signing up, you will receive product and marketing information about upcoming SonarQube updates, new releases, news, and events.

Select your preferred languages

By submitting this form, you agree to the storing and processing of your personal data as described in the  Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.