Get started now
C++

C++ Code Quality and Security

  • Detect Bugs

    Bugs

  • Detect Vulnerabilities

    Vulnerabilities

  • Detect Hotspots

    Security Hotspots

  • Detect Code Smells

    Code Smells

Get started now

Coding is a team sport; analysis is the goalie!

Finding static analysis issues in-IDE is great. Collaborating on
them with your team is even better!

  • check

    Advanced, continuously improving static analysis

  • check

    Hundreds of unique, valuable rules

  • check

    Pull Request analysis and decoration

  • check

    IDE integration that remembers your decisions and
    applies your team’s rule set

  • check

    Sophisticated user experience; grow as an
    individual, accelerate your team

Coding is a team sport

The right data

Hundreds of unique rules find Bugs, Vulnerabilities, Security
Hotspots, and Code Smells in your C++ code using

Symbolic
execution

Path-sensitive
analysis

Cross-function,
cross-file analysis

  • Identical expressions should not be used on both sides of a binary operator

    Identical expressions should not be used on both sides of a binary operator

    • Detect Bugs Bug
  • Null pointers should not be dereferenced

    Null pointers should not be dereferenced

    • Detect Bugs Bug
  • Recursion should not be used

    Recursion should not be used

    • Detect Code Smells Code Smells
  • Collapsible 'if' statements should be merged

    Collapsible 'if' statements should be merged

    • Detect Code Smells Code Smells
  • Cognitive Complexity of functions should not be too high

    Cognitive Complexity of functions should not be too high

    • Detect Code Smells Code Smells

Quickly pinpoint the problem

Issues are raised on the exact symbol or
expression that needs work, with secondary
locations highlighting any additional context
needed to understand the problem.

Find issues on the exact symbol or expression in your C++ code
Detailed rule description help you understand the issue and lean from it

Easily understand the issue

Even seasoned developers don't know
everything. Detailed rule descriptions help
you understand and learn from each issue.

Start writing
better code today

Get started now

The right time and place

As a developer your priority is making sure the code
you write today is clean and safe.

In-IDE

SonarLint in your IDE is your first line of defense for keeping the code you write today clean and safe. Issues are raised in-line, with easy access to rule descriptions. Connect to your project in SonarQube or SonarCloud to make sure you’re applying the same rules that will be used during analysis.

Install SonarLint on Visual Studio SonarLint

SonarLint for Visual Studio

Install now arrow
Install SonarLint on Eclipse SonarLint

SonarLint For Eclipse

Install now arrow
Detect issues in your IDE with SonarLint
  • SonarSource products are compatible with GitHub

    GitHub

  • SonarSource products are compatible with Bitbucket

    Bitbucket

  • SonarSource products are compatible with GitLab

    GitLab

  • SonarSource products are compatible with Azure DevOps

    Azure DevOps

  • Pull request analysis available in GitHub
  • Pull request analysis available in Bitbucket
  • Pull request analysis available in GitLab
  • Pull request analysis available in Azure DevOps

PR analysis

Pull Request analysis makes it easy to maintain a high standard. Handle issues at the PR stage to clean up the easy stuff before peer review even starts, boosting team velocity and saving time to focus on what’s important: the logic.

Get started now

Make sure each release is better
than the one before

Making sure the C++ you write today is safe and clean

We believe only developers can truly
impact Code Quality and Security

As a developer, your priority is making sure the C++ you write
today is clean and safe. The SonarQube project homepage
highlights the Code Quality and Security of your New Code
(changed or added) so you can focus on what’s important:
making sure the code you write today is solid.

Quality Gates show your project Releasability

The quality gate status reflects your project's most important aspects

Out of the box, SonarQube and SonarCloud Quality Gates clearly signal whether your commits are clean, and your
projects are releasable. Quality Gates coalesce the team around a shared vision of quality. Everyone knows the standard
and whether it’s being met.

So you won’t be surprised at the last minute with quality problems.

Continuous growth

We support continuous improvement - for you and your code bases. We expect the same of ourselves. We’ve been
providing static analysis since 2008. Every release comes with a commitment to bringing you valuable new rules and
increasing the value of existing rules by eliminating false negatives and false positives.

Of course we support

Your environment

We gather the information required for
analysis by unobtrusively monitoring your
build, so analysis is compatible with:

  • check

    Windows, Linux, macOS

  • check

    Any build system

  • check

    Incremental code analysis

  • check

    Parallel code analysis

Your compilers

We provide support for most popular compilers:

  • check

    Clang, GCC, MSVC, ARM, QNX compilers

  • check

    Intel compilers for Linux, macOS

  • check

    Compilers based wholly on GCC including Linaro GCC

  • check

    Wind River Diab and GCC

  • check

    IAR compilers for 8051, ARM, AVR32, AVR, Renesas RL78, Renesas RX, Renesas V850, Renesas H8, and Texas Instruments MSP430

  • check

    Texas Instruments compilers on Windows and macOS for ARM, C2000, C6000, C7000, MSP430, PRU

Your standards

We provide more than 400 rules that target
the following standards:

  • check

    Classical and modern C++: C++98, C++03, C++ 11, C++14, C++17

  • check

    CPP Core Guidelines

  • check

    MISRA C++2008

All the languages in your project

Is your project multi-language? Our static analysis is too! That means
you get a consolidated, consistently great experience across the board,
no matter how many of our 27 languages you use.

Java
csharp
c
cplus
javascript
typescript
python
go
swift
cobol
apex
php
See All Languages arrow
×

Where do you want to analyze C++?

In the Cloud

Setup is effortless and analysis is automatic for C++

Sign up Free for OS projects

On-premise

Fast, accurate Code Quality and Security analysis for C++

Request a free trial

In your IDE

IDE extension that lets you fix coding issues before they exist!

Install in
Install SonarLint on Visual Studio Install SonarLint on Eclipse
Smoothly integrated with Smoothly integrated with GitLab, GitHub, Bitbucket and Azure DevOps
×

Where do you want to analyze C++?

In the Cloud

Setup is effortless.
Every C++ Pull Request is analyzed and the results are automatically reflected in your cloud-based ALM.

Sign up Free for OS projects

On-premise

Analyze your C++ Pull Requests and see the results in the ALM of your choice.

Request a free trial PR analysis in commercial editions
Smoothly integrated with Smoothly integrated with GitLab, GitHub, Bitbucket and Azure DevOps

Unique Approach

Products

Plans and pricing

Company

© 2008-, SonarSource S.A, Switzerland. All content is copyright protected. SONARSOURCE, SONARLINT, SONARQUBE and SONARCLOUD are trademarks of SonarSource SA.

All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.

Privacy Policy | Terms and Conditions