We have built a “commodity” solution to manage code quality.
To achieve this, providing the best product is not enough. Products also have to play well with the entire ecosystem in the development process, or they will simply not be used (at least on the scale we aspire to). It is with this in mind that we have built SonarQube and SonarLint.
Developers get feedback on code quality in their favorite IDEs as they develop.
SonarLint gives developers real-time feedback on code quality directly in the IDE, highlighting problems as developers type to keep the focus on the code.
SonarQube analyzes your projects and provides meaningful Code Quality and Security metrics right in your ALM.
Easily analyze Pull/Merge Requests and only commit clean, secure code that passes the Quality Gate standard. No context switching required - get the right info, at the right time and in the right place!
with Build Tools
SonarQube is tightly integrated with standard build systems, to provide a zero-configuration approach.
By integrating with the most popular build systems, such as Maven, MSBuild, Gradle and ANT, we provide a quick way of scanning projects with little or no configuration. But that’s not the only benefit: such integrations also mean that this analysis “configuration” will always be up to date because it is what’s used to build the project, so the process stays smooth in the long run.
with Continuous Integration
SonarQube integrates with most popular Continuous Integration engines such as Jenkins and Azure DevOps.
The integration of SonarQube with build systems plus a simple command analysis line mechanism means that SonarQube easily integrates with CI engines. But we’ve gone even further to provide extra integrations with CI engines such as Jenkins and Azure DevOps by enabling a one-click experience to integrating SonarQube scans into the build.
With Artifact Management
Deliver better software when you combine SonarQube metadata with your artifact management tools.
Integrating analysis results into your package management solution lets you automatically and intelligently promote builds for downstream consumption. Learn how an integration between SonarQube and JFrog Artifactory can strengthen your CI/CD pipeline so you only assemble applications with clean artifacts.
with Continuous Deployment
SonarQube offers a simple tooling to integrate to pipelines.
SonarQube offers the ability to hook a code quality verification, called a Quality Gate, at any step of a Continuous Delivery process. This allows you to condition the promotion of a build on whether or not the code has passed your predefined set of code quality criteria, thus automating the promotion approval process.
with corporate Systems
As an enterprise product, SonarQube easily integrates with existing systems, for example authorization and authentication schemes.
SonarQube comes with built-in features to integrate with the most used security systems such as Active Directory, LDAP, Oauth and more. Authentication as well as Authorizations can be delegated to such systems. SonarQube also integrates to most other systems, thanks to its powerful API.
High Availability & Data Resiliency
Deploy SonarQube as a cluster of applications to avoid any interruption of the service
Since SonarQube is one of the main components of a build chain for developers, teams who are in charge of the SonarQube instance in big companies want to make sure that the service is always available. You can deploy SonarQube as a cluster of applications and search nodes to ensure that if a node fails, the other ones will take the lead to keep the service up and running. The SonarQube cluster will automatically recover from the unexpected situation and restore data resiliency.