Python language logo

Python static code analysis

170+ rules for Code Quality and Security

  • Detect Bugs Bug
  • Detect Security Vulnerability Security Vulnerability
  • Detect Hotspots Security Hotspot
  • Detect Code Smell Code Smell
  • Python, Major Bug: All code should be reachable

    All code should be reachable

    • Detect Bugs Bug
    • Severity Major Major
  • Python, Major Bug: Related 'if/else if' statements should not have the same condition

    Related "if/else if" statements should not have the same condition

    • Detect Bugs Bug
    • Severity Major Major
  • Python, Major Bug: Increment and decrement operators should not be used

    Increment and decrement operators should not be used

    • Detect Bugs Bug
    • Severity Major Major

Fast, accurate analysis with minimal configuration and clear, helpful results.

Unique rules find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your Python code using

green check

Control-flow and data-flow analysis

green check

Cross-file analysis

green check

Type checking

See all the Python rules

Focus on the logic, not the tooling

We provide comprehensive static analysis for Python. We’ve made it our mission to root out false positives, and you can get started with zero configuration. That means taking control of your Code Quality and Security is effortless.

You get double arrow

A great experience
out of the box

Sophisticated rules to find
highly valuable issues

More reliable and
secure code

See the benefits for yourself!

  • 1:34min

    A sample of available Maintainability rules

  • 5:10min

    Reliability rules

  • 7:28min

    Security Vulnerability rules

  • 10:24min

    Security Hotspot rules

  • 13:32min

    Where analysis is available

  • 16:07min

    Demo

Security

Rooting out security problems is important to you, your users, and your reputation. We give developers the tools to find, understand and fix security issues.

Security shield
Security

Hotspots chevron Code review

Security Hotspots highlight sensitive pieces of code that require human review to determine whether they represent real vulnerabilities.


We offer Security Hotspot detection for seven of the OWASP Top 10 categories:

green check

A1 Injection

green check

A2 Broken Authentication

green check

A3 Sensitive Data Exposure

green check

A5 Broken Access Control

green check

A6 Security Misconfiguration

green check

A7 Cross-Site Scripting (XSS)

green check

A9 Components with Known Vulnerabilities

green check

A10 Insufficient Logging & Monitoring

Security lock
Security

Vulnerabilities chevron Code change/fix

Security Vulnerabilities require immediate action. SonarQube provides detailed issue descriptions and code highlights that explain why your code is at risk.


We cover nine of the OWASP Top 10 categories:


green check

A1 Injection

green check

A2 Broken Authentication

green check

A3 Sensitive Data Exposure

green check

A4 XML External Entities (XXE)

green check

A5 Broken Access Control

green check

A6 Security Misconfiguration

green check

A7 Cross-Site Scripting (XSS)

green check

A8 Insecure Deserialization

green check

A9 Components with Known Vulnerabilities

We support

SonarQube analysis integrates seamlessly into your environment.

Your frameworks
green check

Flask, Django,

green check

Jinja2, DTL

Your language version
green check

Python 2.7-3.8

Your ORM
green check

Django ORM, Flask-SQLAlchemy

Your needs
green check

Flake8 imports

green check

Custom rules

Get started analyzing your Python projects today!