report series
The State of Code
Sonar analyzed 7.9 billion lines of code to bring you real-world insights. In this four-part series, discover the most common and critical issues lurking in your codebases and what you can do to fix them before they impact production.
The high price of poor code quality
Recent projections reveal the staggering cost of poor software quality: over $2.41 trillion annually in the US, with nearly two-thirds attributed to the cybercrime fueled by insecure code. Sonar’s integrated solution for code quality and code security analysis is designed to help software developers reduce this cost.
Data-driven insights from real-world code
Insights from over 970,000 developers reveal the most common issues in today's codebases (per every million lines of code.)
2,100
reliability issues
1,200
security issues
53,000
maintainability issues
The State of Code report series
The State of Code: Reliability
Learn why these bugs are often so missed and how to eliminate them from your projects.
Download report >
The State of Code: Security
Learn why these vulnerabilities are so often missed and how to eliminate them from your projects.
Download report >
The State of Code: Maintainability
Learn why these critical issues are so often missed and how to eliminate them from your projects.
Download report >
The State of Code: Languages
Learn about the most common issues and security risks in top languages like Java, JavaScript, Python, and more.
Download report >
About our dataset
Unlike survey-based reports, our findings are drawn from real-world data, highlighting issues caught and fixed by developers. This scope yields a vast dataset encompassing:
Code from nearly 1 million developers
Across 40,000+ organizations globally
7 of the most common programming languages (Java, JavaScript, TypeScript, Python, C#, C++, and PHP)
5,300 unique quality and security rules
The three qualities of software source code
Sonar classifies the issues found in every project or codebase across three deeply interconnected software qualities: reliability, security, and maintainability.
Reliability
Bugs that would affect the software's capability to maintain its level of performance under promised conditions, potentially compromising its reliability and operational effectiveness.
Security
Vulnerabilities and security hotspots. Vulnerabilities are code weaknesses that could be exploited for attacks, while hotspots are security-sensitive code requiring manual review.
Maintainability
Code smells, which could indicate weaknesses in design that can increase technical debt, slow down development, or increase the risk of bugs or failures down the line.
