SonarQube Continuous Code Quality

SonarQube is a free and open-source platform for continuous inspection of code quality and security, performing automatic static analysis to detect bugs, code smells, security vulnerabilities, and code duplications across multiple programming languages. Developed by SonarSource SA (headquartered in Geneva, Switzerland, founded by Olivier Gaudin, Freddy Mallet, and Simon Brandhof in 2008), SonarQube has been adopted by millions of developers worldwide. Key features: multi-language support: analyzes over 30 programming languages including Java, C/C++, C#, JavaScript, TypeScript, Python, Go, PHP, Ruby, Kotlin, Swift, Scala, Apex, ABAP, COBOL, PL/SQL, T-SQL, VB.NET, XML, HTML, and CSS. Quality gates: configurable quality gates that define the criteria a codebase must meet (e.g., code coverage above 80%, no new bugs, no new vulnerabilities, technical debt ratio below 5%). Quality gates can block CI/CD pipelines when quality thresholds are not met. Rules and rule profiles: over 5,000 static analysis rules across languages, organized into profiles (Sonar Way, custom profiles), covering bug detection, vulnerability detection, code smell detection, security hotspots, and complexity metrics. Metrics tracked: reliability (bugs by severity: Blocker, Critical, Major, Minor), security (vulnerabilities, security hotspots), maintainability (code smells, technical debt), coverage (line coverage, branch coverage), duplications (duplicated lines, blocks), complexity (cyclomatic complexity, cognitive complexity), and size. Integration: integrates with CI/CD systems (Jenkins, GitHub Actions, GitLab CI, Azure DevOps, Bamboo, TeamCity) via SonarScanner. SCM integration: tracks new code vs overall code. PR decoration: comment on pull requests with quality findings. Dashboard: web interface showing project quality, technical debt, coverage trends, and issue management. LGPL-3.0 (Community Edition).