SonarQube

SonarQube is an open-source platform developed by Sonar to integrate into software development workflows, ensuring continuous code quality and code security. It provides continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, vulnerabilities, security hotspots, and code smells on over 35 programming languages as well as frameworks and infrastructure technologies, with over 6,500 rules, including industry-leading taint analysis for security. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, technical debt, code complexity, comments, bugs, software bill of materials (SBOMs), and security recommendations.