SonarQube is an open-core static code analysis platform developed by Sonar. It provides continuous inspection of code quality to perform automatic reviews to detect bugs, vulnerabilities, security hotspots, and code smells on over 35 programming languages as well as frameworks and infrastructure technologies. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, technical debt, code complexity, comments, bugs, software bill of materials (SBOMs), and security recommendations.
via Wikipedia infobox
SonarQube is an open-core static code analysis platform developed by Sonar. It provides continuous inspection of code quality to perform automatic reviews to detect bugs, vulnerabilities, security hotspots, and code smells on over 35 programming languages as well as frameworks and infrastructure technologies. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, technical debt, code complexity, comments, bugs, software bill of materials (SBOMs), and security recommendations.
==Overview== The SonarQube offerings (SonarQube Server, SonarQube Cloud, SonarQube for IDE) analyzes all code—first-party, generative AI, and third-party open source code, to help produce secure, reliable, and maintainable software. It integrates with DevOp platforms, including GitHub, Bitbucket, Azure, and GitLab. The commercial offerings of SonarQube supports programming languages such as Java (including Android), C#, C, C++, JavaScript, TypeScript, Python, Go, Swift, COBOL, Apex, PHP, Kotlin, Ruby, Scala, HTML, CSS, ABAP, Flex, Objective-C, PL/I, PL/SQL, RPG, T-SQL, VB.NET, VB6, and XML.
Discovered by embedding cosine similarity (sentence-transformers MiniLM, 384-dim).