Issues raised by SonarQube are on either demonstrably wrong code, or code that is more likely not giving the intended behavior. Find trickiest bugs navigating easily through the code paths while pointing out issues found in multiple locations.
“Smelly” code does (probably) what it should, but it will be difficult to maintain. In the worst cases, it will be so confusing that maintainers can inadvertently introduce bugs. Examples include duplicated code, uncovered code by unit tests and too complex code.
It’s probably Pollyanna-ish to think you’ll never be targeted by hackers. When you are, what vulnerabilities will they find in your system? SonarQube helps you find and track the insecurities in your code. Examples include SQL injection, hard-coded passwords and badly managed errors.
Activate The Rules You Need
SonarQube code analyzers include default Quality Profiles that offer strong value with non-controversial rule sets. The default Quality Profiles will work for most projects, but you can easily tune them to fully match your needs.
The rules page enables to find rules by multiple criteria, alone or in combination. From the search results you can activate or deactivate rules in your Quality Profile.
Explore All Execution Paths
SonarQube relies on several path-sensitive dataflow engines and thus code analyzers explore all possible execution paths to spot the trickiest bugs.
Even a simple function containing only 10 different branches might lead to 100 different possible execution paths at runtime. Manually checking that those 100 execution paths are error proof is simply impossible.