Code Quality & Code Security for the Federal Government

Code Quality & Code Security for the Federal Government

SonarSource provides developer-first solutions to deliver secure, reliable, maintainable code. We offer the functionality developers need with the security and stability government agencies and contractors require.

SonarSource provides developer-first solutions to deliver secure, reliable, maintainable code
DoD stamp of approval

DoD stamp of approval

Our Docker images are hardened to U.S. Department of Defense standards (STIG-hardened) and available in the Iron Bank.

A pen-tested, secure part of your pipeline

A routine part of delivery is periodic penetration testing. Here’s what our pen tester, Cure53, had to say about SonarQube 8.9 LTS:
A pen-tested, secure part of your pipeline

In Cure53’s expert opinion, this project confirmed a very solid security premise at SonarSource… [SonarQube] is currently well protected against a broad number of web application attack vectors.

One can argue that the outcome highlights the development team’s commitment to maintaining security features with due diligence and adherence to best practices. Despite extensive deep-dives and exemplary coverage toward a plethora of application features by the Cure53 testers, no serious issues were detected.

In addition to hardening SonarQube itself, we’ve also hardened our own build
pipeline so you can be sure we’re delivering SonarQube to you securely.

Already a public sector standard

With more than 1,000 live instances, SonarQube is already trusted by leaders in the public sector including the FBI, NASA, the U.S. Department of Justice and many more:

Trusted by the FBI, the Department of Justice, and NASA
Trusted by Sandia National Laboratories, the Social Security Administration (SSA), the SEC (Securities and Exchange Commission), Department of State, U.S. Army, U.S. Navy, U.S. Airforce, Homeland Security, Northrop Grumman, Raytheon Technologies, USPS (United States Postal Service) and many more.

Continuous feedback throughout your
development workflow

Our solutions integrate with your existing developer tools and workflows to give early, continuous
feedback on whether your code meets the release standards set by your organization.

Continuous feedback throughout your development workflow

Security reporting to document
what you’ve delivered

OWASP / CWE Top 25 security reports in projects and portfolios

Dedicated reports track project security against the OWASP Top 10 and CWE Top 25 standards with a PDF export of the top reports. But securing your code isn’t just about reports. That’s why our custom SonarSource Vulnerability categorization helps translate security categorizations into language developers understand.

Code Quality and Code Security
deliver the fundamentals

SonarSource’s ongoing research and innovation mean continuous delivery of important
new rules and rule implementations.

Developer-led security helps protect your assets

The pace of delivery is always increasing. That means you don’t have time to wait for periodic audits. SonarSource’s developer-led security approach means its highly accurate Vulnerability reports get into developer hands - and fixed - sooner. So your vulnerabilities are patched faster and your assets are more secure.

Reliability means your code does what it should

Sensitive projects deployed in critical environments have to work right. Every. Time. Buggy, unstable code is simply unacceptable. SonarSource provides valuable rules to find critical Bugs early, before they can make it into production. Every version brings you more and smarter rules to keep your code - and your reputation - reliable.

Maintainability keeps overall project costs in check

Estimates vary, but industry and academic experts agree that the vast majority of project costs (up to 90%) go to maintenance. With a deep store of maintainability-related rules across all supported languages, SonarQube helps improve efficiency so developer time is spent delivering value.

Doing business is easy

Easy sign up, simple annual licensing, and outstanding product support.

Get started today