report series
The State of Code
Sonar analyzed 7.9 billion lines of code to bring you real-world insights. In this four-part series, discover the most common and critical issues lurking in your codebases and what you can do to fix them before they impact production.
TRUSTED BY OVER 7M DEVELOPERS AND 400K ORGANIZATIONS
The high price of poor code quality
Recent projections reveal the staggering cost of poor software quality: over $2.41 trillion annually in the US, with nearly two-thirds attributed to the cybercrime fueled by insecure code. Sonar’s integrated solution for code quality and code security analysis is designed to help software developers reduce this cost.

Data-driven insights from real-world code
Insights from over 970,000 developers reveal the most common issues in today's codebases (per every million lines of code.)
2,100
reliability issues
1,200
security issues
53,000
maintainability issues
The State of Code: Reliability
Did you know the most frequently found reliability issues are dead code and illegal memory access? Learn why these bugs are often so missed and how to eliminate them from your projects.
More reports coming soon
Security report
Understand the top security vulnerabilities to bolster your application's defenses.
Maintainability report
Learn about the common maintainability pitfalls and how to avoid them.
Languages report
Explore the challenges and best practices for each of the seven supported languages.
About our dataset
Unlike survey-based reports, our findings are drawn from real-world data, highlighting issues caught and fixed by developers. This scope yields a vast dataset encompassing:
Code from nearly 1 million developers
Across 40,000+ organizations globally
7 of the most common programming languages (Java, JavaScript, TypeScript, Python, C#, C++, and PHP)
5,300 unique quality and security rules
The three qualities of software source code
Sonar classifies the issues found in every project or codebase across three deeply interconnected software qualities: reliability, security, and maintainability.
Reliability
Bugs that would affect the software's capability to maintain its level of performance under promised conditions, potentially compromising its reliability and operational effectiveness.
Security
Vulnerabilities and security hotspots. Vulnerabilities are code weaknesses that could be exploited for attacks, while hotspots are security-sensitive code requiring manual review.
Maintainability
Code smells, which could indicate weaknesses in design that can increase technical debt, slow down development, or increase the risk of bugs or failures down the line.