Security analysis shield Security Analysis

Static Application SecurityTesting (SAST) with
SonarQube Developer Edition

Commit to developer-led project security by detecting Security Vulnerabilities and Security Hotspots during code review

Request a Free Trial
Detect security issues in code review with Static Application Security Testing (SAST)

Detect Security Vulnerabilities and Security
Hotspots during code review

Security Hotspots

Hotspots chevron Code review

Find and review Security Hotspots (uses of
security-sensitive code) in

Available for:

java js vb c-sharp pyhton php
Security Vulnerabilities

Vulnerabilities chevron Code change/fix

Automatically detect Vulnerabilities (including
Injection Flaws) in:

Available for:

java c-sharp c-sharp php

Watch how SonarQube empowers developers to own Code Security

  • 3:05min

    SonarQube and Static Application Security Testing

  • 4:49min

    SonarQube’s Code Security for Developers

  • 5:16min

    SonarQube’s Security Vulnerabilities & Hotspots overview

  • 9:00min

    5 minutes Demo of SonarQube in Action!

  • 15:22min

    Summary & wrap up

  • Bitbucket Bitbucket
  • GitHub GitHub
  • Azure DevOps Azure DevOps
  • GitLab GitLab
Your pull request from Bitbucket using SonarQube
Get security findings in
pull request analysis

Empowering developers means shifting security left and presenting Security Vulnerabilities as early as possible in your process when the code is fresh in mind and the fix is still easy

Taint Analysis tracks non-trusted user input throughout the execution flow for Java code
  • Java
  • PHP
  • C#
  • Python
Chase down the bad actors

Application security comes from making sure that data is sanitized before hitting critical system parts (Database, File System, OS, etc.)

Sometimes called taint analysis - it's the ability to track untrusted user input throughout the execution flow from the vulnerability source to the code location (‘sink’) where the compromise occurs.

Guided developer experience

The issue visualizer is crafted for clarity so developers easily understand the problem flow across methods and from file to file.

In-app guidance helps developers really understand the problem so they can build the most secure fix.

Dedicated UI navigation from the vulnerability source to the code location
Clear security issues, clear actions
We believe in empowering developers to own Code Security.
Project Security security starts in the code; SonarQube helps you own it
Request a Free Trial