report series

The State of Code

Sonar analyzed 7.9 billion lines of code to bring you real-world insights. In this four-part series, discover the most common and critical issues lurking in your codebases and what you can do to fix them before they impact production.

Get the reliability reportRegister for webinar

TRUSTED BY OVER 7M DEVELOPERS AND 400K ORGANIZATIONS

Mercedes Benz
Nvidia
U.S. Army
Santander
Costco

The high price of poor code quality

Recent projections reveal the staggering cost of poor software quality: over $2.41 trillion annually in the US, with nearly two-thirds attributed to the cybercrime fueled by insecure code. Sonar’s integrated solution for code quality and code security analysis is designed to help software developers reduce this cost.

Data-driven insights from real-world code

Insights from over 970,000 developers reveal the most common issues in today's codebases (per every million lines of code.)

2,100

reliability issues

1,200

security issues

53,000

maintainability issues

Report now available

The State of Code: Reliability

Did you know the most frequently found reliability issues are dead code and illegal memory access? Learn why these bugs are often so missed and how to eliminate them from your projects.

Download report

More reports coming soon

Security report

Understand the top security vulnerabilities to bolster your application's defenses.

Maintainability report

Learn about the common maintainability pitfalls and how to avoid them.

Languages report

Explore the challenges and best practices for each of the seven supported languages.

Join us for a deep dive into The State of Code: Reliability report.
Register for webinar

About our dataset

Unlike survey-based reports, our findings are drawn from real-world data, highlighting issues caught and fixed by developers. This scope yields a vast dataset encompassing:

  • Code from nearly 1 million developers

    Code from nearly 1 million developers

  • Across 40,000+ organizations globally

    Across 40,000+ organizations globally

  • 7 of the most common programming languages (Java, JavaScript, TypeScript, Python, C#, C++, and PHP)

    7 of the most common programming languages (Java, JavaScript, TypeScript, Python, C#, C++, and PHP)

  • 5,300 unique quality and security rules

    5,300 unique quality and security rules

The three qualities of software source code

Sonar classifies the issues found in every project or codebase across three deeply interconnected software qualities: reliability, security, and maintainability.

Reliability

Bugs that would affect the software's capability to maintain its level of performance under promised conditions, potentially compromising its reliability and operational effectiveness.

Advanced Security demo

Security

Vulnerabilities and security hotspots. Vulnerabilities are code weaknesses that could be exploited for attacks, while hotspots are security-sensitive code requiring manual review.

SonarQube demo

Maintainability

Code smells, which could indicate weaknesses in design that can increase technical debt, slow down development, or increase the risk of bugs or failures down the line.

AI Code Assurance demo

Ready to release secure, reliable, and maintainable software?

Try a demo
Go to SonarSource homepage
sonar logo
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin
language switcher
English

© 2008-2025 SonarSource SA. All rights reserved.