Built for Developers By Developers

Innovative features to systematically track and improve Code Quality and Code Security in your applications

Request your 14 day free trial!

Enhance your Workflow with Developer Edition

Automatically analyze branches
and decorate pull requests

Bitbucket
GitHub
Azure DevOps
GitLab

Available for both cloud-based and self-hosted platforms

Your pull request from Bitbucket using SonarQube

Your pull request from GitHub using SonarQube

Your pull request from Azure DevOps using SonarQube

Your Merge request from GitLab using SonarQube

Whether you're self-hosted or SaaS, on-prem or in-cloud, we have you covered.

Import repositories and provision projects from your DevOps Platform.

Easily navigate your environment’s analysis configuration with built-in wizards.

Automatically differentiate between main branch and PR - no extra config required.

Need to manage Code Quality & Code Security across your entire application portfolio?

Enterprise Edition with Portfolio Management and Executive Reporting

Discover more

Commit to Developer-Led Security

Maximum Security Protection with early Vulnerability
detection and taint analysis

Security

Hotspots Code review

Find and review Security Hotspots (uses of
security-sensitive code) in

Available for:

Security

Vulnerabilities Code change/fix

Automatically detect Vulnerabilities (including
Injection Flaws) in:

Available for:

Guided developer experience

The UI is crafted for clarity so developers easily understand the problem flow from the vulnerability source to the code location (‘sink’) where the compromise occurs

Issue visualizer to track untrusted user input throughout the execution flow

Need to track Security Compliance against known standards and across your application portfolio?

Check out Enterprise Edition with OWASP/SANS Security Reports

Discover more

Chase down the bad actors

Making sure user-provided data is sanitized before it hits critical systems (database, file system, OS, etc.) helps ensure your code security. Taint analysis tracks untrusted user input throughout the execution flow - across not just methods but also from file to file.

Dedicated UI navigation from the Vulnerability source to the code location

Taint Analysis tracks non-trusted user input throughout the execution flow for Java code

Taint Analysis tracks non-trusted user input throughout the execution flow for PHP code

Taint Analysis tracks non-trusted user input throughout the execution flow for C# code

"read" overflows write buffer "&ff->data[s]"; passed size "ff->size - s" exceeds buffer size

This 'memset' is likely to be optimized away by the compiler; either remove it or replace it with 'memset_s'

Taint Analysis tracks non-trusted user input throughout the execution flow for Python code

Java
PHP
C#
C++
Python
JS/TS

Critical security rules for vital languages

Get highly relevant rules for critical languages to help keep your code secure.

Application Management

Manage your team's success: Release quality code across projects every time

An Application is a synthetic project composed of projects that ship together; if one isn't ready to ship, none of them are. SonarQube Developer Edition provides you with:

Aggregate quality gate

One place to know if your project set is shippable

Easily visualize the pieces of the projects that work together