Python Static Code Analysis & Security Review Tool

All code should be reachable
- Bug
- Major
Related "if/else if" statements should not have the same condition
- Bug
- Major
Increment and decrement operators should not be used
- Bug
- Major

Fast, accurate analysis with minimal configuration and clear, helpful results.

Unique rules find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your Python code using

Control-flow and data-flow analysis

Cross-file analysis

Type checking

See all the Python rules

Focus on the logic, not the tooling

We provide comprehensive static analysis for Python. We’ve made it our mission to root out false positives, and you can get started with zero configuration. That means taking control of your Code Quality and Security is effortless.

You get

A great experience
out of the box

Sophisticated rules to find
highly valuable issues

More reliable and
secure code

See the benefits for yourself!

1:34min
A sample of available Maintainability rules
5:10min
Reliability rules
7:28min
Security Vulnerability rules
10:24min
Security Hotspot rules
13:32min
Where analysis is available
16:07min
Demo

Security

Rooting out security problems is important to you, your users, and your reputation. We give developers the tools to find, understand and fix security issues.

Security

Hotspots Code review

Security Hotspots highlight sensitive pieces of code that require human review to determine whether they represent real vulnerabilities.

We offer Security Hotspot detection for seven of the OWASP Top 10 categories:

A1 Injection

A2 Broken Authentication

A3 Sensitive Data Exposure

A5 Broken Access Control

A6 Security Misconfiguration

A7 Cross-Site Scripting (XSS)

A9 Components with Known Vulnerabilities

A10 Insufficient Logging & Monitoring

Security

Vulnerabilities Code change/fix

Security Vulnerabilities require immediate action. SonarQube provides detailed issue descriptions and code highlights that explain why your code is at risk.

We cover nine of the OWASP Top 10 categories:

A1 Injection

A2 Broken Authentication

A3 Sensitive Data Exposure

A4 XML External Entities (XXE)

A5 Broken Access Control

A6 Security Misconfiguration

A7 Cross-Site Scripting (XSS)

A8 Insecure Deserialization

A9 Components with Known Vulnerabilities

We support

SonarQube analysis integrates seamlessly into your environment.

Your frameworks

Flask, Django,

Jinja2, DTL

Your language version

Python 2.7-3.8

Your ORM

Django ORM, Flask-SQLAlchemy

Your needs

Flake8 imports

Custom rules

Get started analyzing your Python projects today!

Get started for free

All the languages in your project

Most modern projects are multi-language. Our static analysis is too! That means you get a consolidated, consistently great experience across the board, no matter how many of our 27 languages you use.

Features See what you get out of
the box

ALM Integration Analysis results right where
your code lives

Concepts Learn how to get the most out
of SonarQube

Features See what you get out of
the box

ALM Integration Analysis results right where
your code lives

Concepts Learn how to get the most out
of SonarQube

Python static code analysis