SonarCFamily for C

SonarSource delivers what is probably the best static code analyzer you can find on the market for C. Based on our own C compiler front-end, it uses the most advanced techniques (pattern matching, dataflow analysis) to analyze code and find code smells, bugs and security vulnerabilities. As for any product we develop at SonarSource, it was built on the following principles: depth, accuracy and speed.

SonarCFamily for C has a great coverage of well-established quality standards. The SonarCFamily for C capability is available in Eclipse CDT for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or on-line SonarCloud.

Samples of Issues Detected
Condition always true
Condition always true
Memory leak
Memory leak
Supported Compilers, Language Standards and Operating Systems
  • Any version of CLang, GCC and Microsoft C compilers
  • Any version of Intel compiler for Linux and OS X
  • ARM5 and ARM6 compilers
  • IAR compiler for ARM, Renesas RL78, Renesas RX, Renesas V850, Texas Instruments MSP430 and for 8051
  • Compilers based wholly on GCC including for instance Linaro GCC and WindRiver GCC are also supported
  • C89, C99, C11, C18 standards
  • GNU extensions
  • Microsoft Windows, Linux and Mac OS X for runtime environment

SonarCFamily for C supports all the standard metrics implemented by SonarQube including Cognitive Complexity. Additionally, it supports the import of Microsoft Visual Studio and GCOV Coverage reports along with the import of CPPUnit unit reports.

Custom Rules

SonarCFamily for C doesn't yet provide the ability to write custom rules.

CWE Compatibility

SonarCFamily for C is officially registered as CWE Compatible

Use in developer edition

See all editions

Issue Tracker

Related Content