Learn

Articles

Article

SonarQube AutoConfig: Revolutionizing C and C++ Static Analysis

Have you struggled to set up static analysis for your C or C++ project? Fret no more, because SonarQube AutoScan for C and C++ eliminates all the challenges of the past and makes scanning your project simple and immediate.

Learn More >

Article

Amazon Q: Ensuring Secure, Quality AI-Generated Code

Amazon Q stands out as a leading AI assistant by seamlessly integrating into your IDE to generate, test, and debug code with advanced reasoning and multistep planning, while also offering enterprise data integration for comprehensive documentation, insight discovery, and data summarization—all within a single, powerful tool.

Learn More >

Article

Google Gemini Code Assist: Ensuring Secure, Quality AI Code

Generative AI (GenAI) and large language models (LLMs) are transforming software development by enhancing productivity. Tools like Google’s Gemini Code Assist offer in-IDE code suggestions, autocompletion, and debugging to streamline coding.

Learn More >

Article

Sonar: a powerful ally in meeting NIST SSDF code security requirements

Using SonarLint with SonarQube or SonarCloud helps you follow the best practices laid out in the NIST SSDF to meet code security requirements.

Learn More >

ARTICLE

Increasing developer velocity with GenAI

Developer velocity refers to speed and efficiency with which developers can create, modify, and deploy high-quality code. Learn how can Generative AI coding assistants increase development velocity.

Learn More >

ARTICLE

AI code generation benefits and risks

Artificial Intelligence (AI) code generators have emerged as a transformative force, reshaping the way we approach coding tasks while increasing efficiency & innovation but what are the pitfalls for tech executives and developers?

Learn More >

Article

FIPS Compliance

FIPS, or Federal Information Processing Standards, are publicly announced standards and requirements developed by the National Institute of Standards and Technology (NIST) for use in computer systems by non-military government agencies, contractors, and vendors.

Learn More >

ARTICLE

Modern DevOps transformation begins with Static Code Analysis

DevOps underperformance challenges stem from the ongoing conflict between code quality and faster delivery timeframes. Discover how Static Code Analysis helps solve the underlying performance issues in today's highly automated DevOps cycle.

Learn More >

Article

DevOps implementation guide

In the ever-changing world of software development and IT operations, DevOps aims to improve collaboration, quality, and automation across the entire software development lifecycle. Proper planning and evaluation are essential for ensuring the success of DevOps projects of all sizes.

Learn More >

Article

Integrating SonarCloud and GitHub: as simple as a few clicks

Integrating SonarCloud and GitHub is straightforward. Follow along in an interactive demo to see how simple it is to link these two vital software development services.

Learn More >

Article

Integrating SonarCloud and Azure DevOps: as simple as a few clicks

It is effortless to integrate Azure DevOps with SonarCloud. Discover how easy it is to connect these two essential software development services by following along in an interactive demo.

Learn More >

Article

Integrating SonarCloud and GitLab: as simple as a few clicks

Integrating SonarCloud and GitLab is straightforward. Follow along in an interactive demo to see how easy it is to integrate these two essential DevOps tools.

Learn More >

ARTICLE

Exploring strategies for managing code quality in outsourced software development

In an outsourced setting, where collaboration might involve multiple teams across different locations, maintaining a high standard of code quality becomes even more critical to ensure a seamless integration of efforts.

Learn More >

Article

Outsourced Software Development and Scope Creep: Three Ways to Manage Teams at the Code Level

Tackling scope creep with an outsourced development team requires effective proactive management strategies and contributions from all stakeholders.

Learn More >

Article

Code Standardization and Risk Mitigation in Software Development

Code standardization is pivotal in mitigating risks within software development processes and is a proactive measure to identify and address potential issues early in the development cycle.

Learn More >

Article

Distributed Software Development: A Guide to Achieving Code Quality

Distributed software development presents both opportunities and challenges. While it offers flexibility and access to a global talent pool, it introduces communication, coordination, and cultural issues that can impede productivity and project success. Prioritizing code quality is essential in overcoming these challenges.

Learn More >

Article

Measuring and Identifying Code-level Technical Debt: A Practical Guide

Technical debt accumulates interest over time, meaning the longer it remains unaddressed, the more time and resources it will require to resolve. This makes identifying and measuring technical debt not just a technical necessity but a strategic imperative for businesses invested in their software's health, maintenance, and evolution.

Learn More >

Article

Secure by Design Starts with Code Quality

The philosophy behind Secure by Design is simple yet profound: make systems inherently secure by design, thereby reducing the attack surface and making it significantly harder for attackers to exploit vulnerabilities. This approach not only enhances security but also improves the overall quality and reliability of the software.

Learn More >

Article

Shift-Left Security: Advancing Early Stage Security Integration

The shift-left approach marks a significant evolution in software security practices. It advocates for the early integration of security measures to mitigate risks efficiently and cost-effectively. The following article delves into the essence of the shift-left philosophy and how Sonar's tools and methodologies can be instrumental in redefining organizations' security posture.

Learn More >

Article

LLMs for Code Generation: A summary of the research on quality

Large language model (LLM) code generation uses generative AI, NLP, and ML algorithms to write software code based on natural language descriptions. Integrated into IDEs, these models can quickly and accurately generate, complete, refactor, and optimize code.

Learn More >

Article

GitHub Copilot and Ensuring Quality AI-Generated Code

As developers increasingly rely on AI tools like GitHub Copilot for code generation, ensuring the quality of AI-generated code becomes crucial. This can be solved by implementing best practices such as code reviews and automated testing.

Learn More >

Article

SonarQube Setup Guide: Integrating Quality Gates into Your CI/CD Pipeline

Quality gates are predefined criteria that ensure only high-quality code progresses through the development pipeline. Integrating quality gates into your CI/CD pipelines ensures these checks are performed automatically and continuously to improve software reliability and security.

Learn More >

DEFINITION

what is clean code?

Clean Code is code that’s easily understandable, portable, and capable to change through structure and consistency but remains maintainable, reliable, and secure for performance demands.

Clean Code is well-documented coding standards that are clear and concise for increasing developer collaboration and communication. 

Discover clean code
Image shows various code properties
BETTER BUSINESS VALUE

why clean code?

A clean codebase simplifies the principles and processes to introduce changes to your code allowing business goals and objectives to be prioritized. Ensuring code readability improves team collaboration, communication, and code review processes across your enterprise.

Explore clean code
OUR UNIQUE APPROACH

Clean as You Code™

Clean Code as you write maintainable, readable quality code. Sonar’s tool kit allows you to continually review and make incremental clear quality improvements as you edit or write code. Deliver high-quality, efficient code standards that benefit the entire team or organization. 

Achieve clean code

Clean Code results in software that is:

Secure

Clean Code is secure through early detection and feedback of security vulnerabilities and hotspots during code review.

Learn more about secure code

Reliable

Clean Code creates and sustains reliability. When your software is reliable, anywhere and anytime, it creates trust among your teams and customers.

Learn more about reliable code

Maintainable

Clean Code makes maintenance easy. A codebase that is maintainable enables an optimized development workflow for more scalable software.

Learn more about maintainable code