170+ rules for Code Quality and Security
Bug
Security Vulnerability
Security Hotspot
Code Smell
All code should be reachable
Bug
Major
Related "if/else if" statements should not have the same condition
Bug
Major
Increment and decrement operators should not be used
Bug
Major
Fast, accurate analysis with minimal configuration and clear, helpful results.
Unique rules find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your Python code using
Control-flow and data-flow analysis
Cross-file analysis
Type checking
We provide comprehensive static analysis for Python. We’ve made it our mission to root out false positives, and you can get started with zero configuration. That means taking control of your Code Quality and Security is effortless.
A great experience
out of the box
Sophisticated rules to find
highly valuable issues
More reliable and
secure code
A sample of available Maintainability rules
Reliability rules
Security Vulnerability rules
Security Hotspot rules
Where analysis is available
Demo
Rooting out security problems is important to you, your users, and your reputation. We give developers the tools to find, understand and fix security issues.
Code review
Security Hotspots highlight sensitive pieces of code that require human review to determine whether they represent real vulnerabilities.
We offer Security Hotspot detection for seven of the OWASP Top 10 categories:
A1 Injection
A2 Broken Authentication
A3 Sensitive Data Exposure
A5 Broken Access Control
A6 Security Misconfiguration
A7 Cross-Site Scripting (XSS)
A9 Components with Known Vulnerabilities
A10 Insufficient Logging & Monitoring
Code change/fix
Security Vulnerabilities require immediate action. SonarQube provides detailed issue descriptions and code highlights that explain why your code is at risk.
We cover nine of the OWASP Top 10 categories:
A1 Injection
A2 Broken Authentication
A3 Sensitive Data Exposure
A4 XML External Entities (XXE)
A5 Broken Access Control
A6 Security Misconfiguration
A7 Cross-Site Scripting (XSS)
A8 Insecure Deserialization
A9 Components with Known Vulnerabilities
SonarQube analysis integrates seamlessly into your environment.
Flask, Django,
Jinja2, DTL
Python 2.7-3.8
Django ORM, Flask-SQLAlchemy
Flake8 imports
Custom rules
Most modern projects are multi-language. Our static analysis is too! That means you get a consolidated, consistently great experience across the board, no matter how many of our 27 languages you use.
Product announcements delivered directly to your inbox!
We will never share your email address or spam you
