Detect Tricky Issues

issues tracking bugs

Detect Bugs

Issues raised by SonarQube are on either demonstrably wrong code, or code that is more likely not giving the intended behavior. Find trickiest bugs navigating easily through the code paths while pointing out issues found in multiple locations.

Code Smells

“Smelly” code does (probably) what it should, but it will be difficult to maintain. In the worst cases, it will be so confusing that maintainers can inadvertently introduce bugs. Examples include duplicated code, uncovered code by unit tests and too complex code.

issues tracking code smells

issues tracking vulnerabilities

Security Vulnerability

It’s probably Pollyanna-ish to think you’ll never be targeted by hackers. When you are, what vulnerabilities will they find in your system? SonarQube helps you find and track the insecurities in your code. Examples include SQL injection, hard-coded passwords and badly managed errors.

Activate The Rules You Need

SonarQube code analyzers include default Quality Profiles that offer strong value with non-controversial rule sets. The default Quality Profiles will work for most projects, but you can easily tune them to fully match your needs.

The rules page enables to find rules by multiple criteria, alone or in combination. From the search results you can activate or deactivate rules in your Quality Profile.

activate the rules

explore paths

Explore All Execution Paths

SonarQube relies on several path-sensitive dataflow engines and thus code analyzers explore all possible execution paths to spot the trickiest bugs.

Even a simple function containing only 10 different branches might lead to 100 different possible execution paths at runtime. Manually checking that those 100 execution paths are error proof is simply impossible.