What is SonarCloud?
SonarCloud is a cloud-based code analysis service designed to detect coding issues in 26 different programming languages. By integrating directly with your CI pipeline or one of our supported DevOps platforms, your code is checked against an extensive set of rules that cover many attributes of code, such as maintainability, reliability, and security issues on each merge/pull request. As a core element of our Sonar solution, SonarCloud completes the analysis loop to help you deliver clean code that meets high-quality standards.
SonarCloud uses state-of-the-art techniques in static code analysis to find problems and potential problems in the code that you and your team write. Static analysis is called static because it does not rely on actually running the code. As a result, SonarCloud offers an additional layer of verification, different from automated testing and manual code review. Its powerful set of language-specific analyzers uses thousands of rules to track down hard-to-find bugs and quality issues - from simple coding mistakes, and tricky bugs, to advanced issues and security vulnerabilities such as injection flaws. Early detection of problems during static analysis ensures that fewer issues get through to the later stages of the process and ultimately helps to increase the overall quality of your production code.
As a core element of our Sonar solution, SonarCloud integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. It achieves this by integrating into your CI pipeline or DevOps platform thus, extending your DevOps experience by importing your projects and performing automated code checks within minutes. SonarCloud works with:
- Bitbucket Cloud
- Azure DevOps
SonarCloud does not work with on-premises code repositories. For on-premise support, see SonarQube.
Writing Clean Code
Writing Clean Code is essential to maintaining a healthy codebase. We define Clean Code as code that meets a certain defined standard. Key attributes include code that is high-quality, reliable, secure, maintainable, robust, and modular and is fit for development and production. This applies to all code: source code, test code, Infrastructure as Code, glue code, scripts, and others. Fostering clean code principles yields tangible benefits to developers; maintenance time and costs plummet, technical debt is greatly reduced, so instead of devoting large chunks of time to remediation and re-work, you’ll be free to innovate and focus on your business logic.
Sonar's Clean as You Code (CaYC) sets a clear expectation that allows developers to take full ownership of their code and make sure that their deliveries meet high-quality standards. The only expectation of developers is to ensure that the New Code (code that has been added or changed) that they touch does not introduce any new issues. The most common example of new code is a pull request. The changes introduced in a pull request are all new and they must be clean. The Clean as You Code approach uses your Quality Gate to alert/inform you when there’s something to fix or review in your New Code before it can be merged with the main repository, allowing you to maintain high standards and focus on code quality. This approach eliminates many of the pitfalls that arise from reviewing code at a late stage.
Buggy code can lead to unexpected behavior and cause serious reliability issues in your application. Security checks flag vulnerabilities in your code that can significantly compromise the confidentiality of your data and damage your business reputation.