Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression. Learn more →
SonarQube Alternatives
Similar projects and alternatives to SonarQube
-
Spotbugs
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
-
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
Checkstyle
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
-
-
snyk
Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
-
-
Sonar
Write Clean Java Code. Always.. Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
-
-
-
-
-
-
Grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
-
fastlane
🚀 The easiest way to automate building and releasing your iOS and Android apps
-
-
-
OSQuery
SQL powered operating system instrumentation, monitoring, and analytics.
-
-
-
ONLYOFFICE
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
SonarQube reviews and mentions
- Enterprise level open source react apps?
-
Usefully links for DotNet Backend Developers
SonarQube https://www.sonarqube.org/
-
How do you integrate a static security analysis tool into the CI/CD pipeline
There are commercial tools that can be integrated into a CI pipeline and/or a developer's IDE. I've used SonarQube before, but there are others.
-
How I go with react native in late 2022
having a code review and analysis tool in CI/CD pipeline can help developers to keep their code clean. some examples of these tools are sonarqube and embold.
-
Top 10 Open-Source DevOps Tools That You Should Know
Sonarqube Source Code Repository
- Ask HN: How can I DDOoS attack my personal website (for curiosity)?
-
Spring Boot – Black Box Testing
The generated classes should be put into .gitignore. Otherwise, if you have Checkstyle, PMD, or SonarQube in your project, then generated classes can violate some rules. Besides, if you don't put them into .gitignore, then each pull request might become huge due to the fact that even a slightest fix can lead to lots of changes in the generated classes.
-
Implement DevSecOps to Secure your CI/CD pipeline
SonarQube allows all developers to write cleaner and safer code. It supports lots of programming languages for scanning (Java, Kotlin, Go, JavaScript). It also supports running unit testing for code coverage. It can be easily integrated with Jenkins and Azure DevOps. Checkmarx, Veracode, and Klocwork also provide similar functionality but these are paid tools.
-
CBC Lite, a low-bandwidth CBC news site, built with React/Nextjs
As for some of our tech stack outside of Next.js for those curious, we use Sass to define CSS and its globals, Jenkins for our CI/CD pipeline, and Sentry for error tracking, all of which have been great to work with so far. Within our testing suite, we utilize Sonarqube, Lighthouse, aXe Core, WebPageTest, @next/bundle-analyzer, and run tests written with Cypress.
-
Finding better motivations for software work (Other than pride)
I found code reviews to also be tedious but in a different way. We have a large number of tools to review code well, and my company also makes sure to automate checks for code standards, smells and best practices (see sonarqube). The expectation on me as a code reviewer was to criticize to improve the structure and design of our code. Along the way, I was also meant to teach other engineers things.
-
A note from our sponsor - InfluxDB
www.influxdata.com | 1 Jun 2023
Stats
SonarSource/sonarqube is an open source project licensed under GNU Lesser General Public License v3.0 only which is an OSI approved license.
The primary programming language of SonarQube is Java.