sonarqube ☆

« Back to VersTracker

Description:
Manage code quality

Type: Formula | Tracked Since: Dec 3, 2024

Links: Homepage | @SonarSource | formulae.brew.sh

Category: Developer tools

Tags: code-analysis security devops static-analysis quality

Install: brew install sonarqube

About:
SonarQube is a self-managed, on-premise static application security testing (SAST) platform for continuous code quality and security analysis. It automatically scans source code across multiple languages to detect bugs, vulnerabilities, code smells, and security hotspots, providing detailed reports and metrics.

Key Features:

Static Code Analysis (SAAT)
Multi-language Support (Java, C#, JS, Python, etc.)
Security Vulnerability Detection
Integration with CI/CD Pipelines
Quality Gate and Leak Period Concepts

Use Cases:

Enforcing code quality standards in development teams
Continuous security scanning in DevOps pipelines

Alternatives:

snyk – Snyk is primarily a cloud-native, SaaS-focused DevSecOps platform with a stronger emphasis on open-source dependency scanning (SCA) and container security, whereas SonarQube is a self-hosted SAST-focused platform.
codacy – Codacy is a cloud-based automated code review tool, offering a simpler SaaS model compared to SonarQube's more comprehensive, self-managed enterprise platform.

Version History

Detected	Change	Commit
Dec 3, 2024 10:13pm	VERSION_BUMP	a1800202
Oct 3, 2024 12:53pm	VERSION_BUMP	c0cedaa0
Sep 27, 2024 6:45pm	VERSION_BUMP	8647240f