GENEVA – September 20, 2023 – Sonar, the leading integrated code quality and code security solution provider, today announced zero-configuration, automatic analysis for programming languages C and C++ within SonarQube Cloud. This new capability enables C and C++ projects hosted on GitHub to be analyzed by SonarQube Cloud in one click, and it works with all compilers. Free for open-source projects, SonarQube Cloud provides fast and efficient identification and remediation of code-level issues that lead to accumulation of technical debt. Sonar is the world’s leading integrated code quality and code security solution, helping organizations increase innovation and productivity while decreasing business risk.
Sonar’s automatic analysis capability enables SonarQube Cloud to scan C and C++ projects without having to make any manual time-consuming configurations, which is required by all other commercial tools available today. This manual configuration process can take up to several days to complete, requires expertise in development, and a comprehensive understanding of the application and the way it is built. This ultimately takes time away from the architects, operators, and developers, and is the primary reason to not use a integrated code quality and code security solution.
“I am very proud of the team that has delivered this innovation,” said Olivier Gaudin, founder and co-CEO of Sonar. “The cost it takes to configure static analysis is a big reason why project teams hesitate to use an integrated code quality and code security solution. Not only have we delivered a zero-configuration option, but data also shows that for more than 80% of projects analyzed, the analysis is just as performant as the manual configuration. This is a significant breakthrough for the C and C++ ecosystem.”
"Until now, it seemed impossible to offer C or C++ static analysis with a seamless configuration experience. Users had to suffer the pain of manual configuration or not use it at all,” said Geoffray Adde, C++ Ecosystem Product Manager at Sonar. “We have made the impossible possible with a one-step process, which also expands our coverage to all compilers. What’s more – anyone can take advantage of the new feature, as it’s free for open-source projects."
“IDC developer research shows that C++ remains one of the top three languages used today. The language is found in many security-sensitive places, including operating systems, safety-critical software, and the infrastructure of many tools, so the efficient and effective analysis of C++ is important,” said Katie Norton, Senior Research Analyst, DevOps & DevSecOps, IDC. “An easy to deploy, automatic analysis process will benefit organizations by enabling developers to take the time saved and put it towards more fulfilling, bigger-impact work.”
Zero-configuration analysis for C and C++ projects helps development teams achieve high quality and secure code – defined as code that is consistent, intentional, adaptable, and responsible. The result of high quality and secure code is software that is secure, maintainable, and reliable. Automatic analysis of C and C++ with SonarQube Cloud is available today, in addition to supporting over 20 languages, including Java, JavaScript, TypeScript, Python, and C#. To learn more, view our feature page here and visit our SonarQube Cloud page here.
About Sonar
Sonar is the trust and verification layer for AI code, and the industry standard for automated code review for 17+ years. Integrating code quality and code security into a single platform, Sonar delivers deterministic, repeatable, and actionable code verification at scale, analyzing over 750 billion lines of code daily to ensure software is secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at Microsoft, Adobe, Deutsche Bank, AstraZeneca, and Ford Motor Company.
To learn more about Sonar, please visit https://www.sonarsource.com/