Learn

Home

DEVELOPER'S GUIDE

What is Secure Coding?

Secure coding is the practice of developing software with a focus on security at every stage, ensuring that applications are resilient against attacks and free from vulnerabilities. It involves writing code that protects data and maintains the integrity, confidentiality, and availability of information, the core principles known as the CIA triad.

Learn more >

DEVELOPER'S GUIDE

Application Security

Application security in software development refers to the process of integrating robust security measures throughout the software development lifecycle to protect applications from threats that could compromise their integrity, confidentiality, and availability.

Learn more >

DEVELOPER'S GUIDE

AI-Assisted software development guide

Artificial Intelligence is evolving into a formidable partner for developers seeking enhanced productivity and efficiency. Delve into the core aspects of AI-driven software development, exploring the tools, technologies, and practices that can amplify your coding prowess.

Learn More >

DEVELOPER'S GUIDE

What is AI code generation?

AI code generation involves using software tools, powered by Artificial Intelligence (AI) and Machine Learning (ML), to write computer code. Learn about the cutting-edge technology that is being utilized by developers and companies alike.

Learn More >

DEVELOPER'S GUIDE

What are AI Coding Assistants?

AI coding assistants in software development are advanced tools that enhance the coding process using artificial intelligence and machine learning. These assistants help with code suggestions, debugging, and auto-completion, improving efficiency throughout the development process.

Learn more >

Developer's guide

Code coverage

Code coverage is a metric used in software testing to measure the degree to which the source code of a program is executed during testing. It aids in identifying the extent to which the source code is being exercised, allowing you to acquire a better awareness of your testing efforts and where extra testing may be required.

Learn More >

Developer Guide

What is a Monorepo and Why Are They Useful?

In the software development world, monorepos have become a popular choice for managing codebases. But what exactly is a monorepo, and why are so many companies making the switch? In this guide, we'll explore their ins and outs.

Learn More >

Developer Guide

Static Code Analysis Using SonarQube Server : A Step-by-Step Guide

Static Code Analysis is a vital tool for ensuring code safety and protecting against common pitfalls. In this guide, you’ll learn about static code analysis and will walk through steps on how to run it using SonarQube Server.

Learn More >

Developer Guide

Improve Your DevOps Pipeline With Pull Request Analysis

Ensuring proper code quality and consistency is a vital but tedious job when done manually. With SonarQube Server’s pull request and branch analysis, it can be a breeze. In this article, you will be guided through how pr and branch analysis improves the CI/CD pipeline and how to automate it with GitHub Actions.

Learn More >

Developer Guide

Java Static Analysis With SonarQube Cloud : A Step-by-Step Guide

SonarQube Cloud helps you uncover bugs and security weaknesses early in the development cycle, saving you time, money, and reputation. In this comprehensive guide to using SonarQube Cloud for Java code static analysis, you will walk through the setup, analysis, results, and issue resolution before they cause problems.

Learn More >

Developer Guide

How to Install SonarQube Server Enterprise Edition on AWS EKS

SonarQube Server Enterprise Edition offers robust capability to manage code quality for large organizations with complex deployments. In this tutorial, you will walk through the steps to deploy SonarQube Server in an Amazon Elastic Kubernetes Services (EKS) cluster with a Helm chart for a scalable, automated, and efficient solution.

Learn More >

Developer Guide

Detect Secrets in the IDE with SonarQube for IDE

Leaked secrets are a dangerous vulnerability risk that most developers have mistakenly exposed at least once. But by using SonarQube for IDE with SonarQube Cloud or SonarQube Server, you can catch secrets in the IDE before they are exposed. In this article, you’ll walk through how secrets detection works with SonarQube for IDE, SonarQube Cloud, and SonarQube Server.

Learn More >

DEVELOPER'S GUIDE

DevOps

DevOps is a collaborative approach to software development and operations that emphasizes the integration and automation of processes, tools, and teams to enable the continuous delivery of high-quality software products.

Learn More >

DEVELOPER'S GUIDE

SDLC

SDLC (Software Development Life Cycle) is a structured and systematic approach to developing software, encompassing all phases from initial planning and requirements gathering to deployment and maintenance, ensuring a well-managed and efficient development process.

Learn More >

DEVELOPER'S GUIDE

Infrastructure as Code (IaC)

Infrastructure as Code (IaC) is a revolutionary approach that allows you to automate, standardize, and streamline infrastructure management, unlocking unprecedented efficiency, reliability, and scalability in your development workflows.

Learn More >

DEVELOPER'S GUIDE

CI/CD

CI/CD is a set of practices that automate the process of building, testing, and deploying software. It helps to improve the quality and speed of software delivery.

Learn More >

DEVELOPER'S GUIDE

Technical Debt

Technical debt refers to the future costs of rework or maintenance that arise from prioritizing speed and quick fixes over code quality in software development, with the debt accumulating over time and requiring resources to be paid off, making it crucial to address and minimize from the start of a project.

Learn More >

DEVELOPER'S GUIDE

Debugging

Debugging is the process of tracking down and eliminating issues in software applications such as bugs and vulnerabilities that may arise due to bad coding, architecture, or implementation.

Learn More >

DEVELOPER'S GUIDE

Refactoring

Refactoring is the process of improving existing code by restructuring its internal design without changing its external behavior, aiming to enhance understandability, modifiability, and maintainability while reducing the risk of introducing bugs and technical debt.

Learn More >

DEVELOPER'S GUIDE

SAST

SAST (Static Application Security Testing) is a software testing technique used to identify security vulnerabilities in the source code of an application without executing it, helping developers find and fix potential issues early in the development process.

Learn More >

DEVELOPER'S GUIDE

Linter

A linter is a developer tool that analyzes source code for errors, vulnerabilities, and stylistic issues to improve code quality.

Learn More >

DEVELOPER'S GUIDE

Shift left

"Shift left" is a practice that involves moving critical development practices earlier in the software development lifecycle (SDLC).

Learn more >

DEVELOPER'S GUIDE

OWASP

OWASP is a nonprofit entity aimed at bolstering the security of software through a collaborative platform where security experts and developers contribute.

Learn More >

DEVELOPER'S GUIDE

Code Quality

Code quality describes the general evaluation of a piece of software code's effectiveness, reliability, and maintainability.

Learn More >

Developer's Guide

Code Smells

Code smells are warning signs in your code that hint at deeper issues. These aren't errors and the code will still work, but they can make future development harder and increase the risk of bugs.

Learn More >

DEVELOPER'S GUIDE

Code Review

Code review is a systematic software quality assurance technique for developers in which the code is reviewed to find and fix errors, improve code quality, and enforce coding standards.

Learn More >

Developer's Guide

Static Code Analysis: developer's guide

A static code analysis tool performs an examination of code without running it, aiming to detect potential bugs, security vulnerabilities, and stylistic inconsistencies; helping developers save valuable time that would otherwise be spent on testing and merging code at later stages.

Learn More >

DEVELOPER'S GUIDE

Why you should use a linting tool

What does a linter do, and what are the benefits of using one? From ensuring error-free code that is secure, consistent, and maintainable, to the impact on developers themselves a linting solution is an invaluable tool for every developer.

Learn More >

Developer's Guide

source code: developer's guide

Source code is made up of the instructions developers write to tell a computer what to do, and it’s fundamental to software development.

Learn More >

Developer's Guide

open source software: developer's guide

Open source software fuels the backbone of modern technology, from personal projects to enterprise solutions, by providing accessible source code for examination, modification, and redistribution.

Learn More >

Developer's Guide

source code management: developer's guide

Source code management (SCM) streamlines software development by organizing changes to code, ensuring accountability and efficiency throughout the process.

Learn More >

Developer's Guide

cyclomatic complexity: developer's guide

Cyclomatic complexity serves as a vital gauge in computer science, quantifying a program's complexity by counting its independent paths.

Learn More >

Developer's Guide

IDE: developer's guide

An Integrated Development Environment (IDE) is a comprehensive software application designed to assist developers in writing, compiling, and debugging their code efficiently.

Learn More >

GUIDE

How the OWASP LLM Top 10 Applies to Code Generation

The rapid growth of generative AI and large language models introduces new security risks that are challenging to address due to the novelty of the field compared to established domains like web application security.

Learn More >

DEFINITION

what is clean code?

Clean Code is code that’s easily understandable, portable, and capable to change through structure and consistency but remains maintainable, reliable, and secure for performance demands.

Clean Code is well-documented coding standards that are clear and concise for increasing developer collaboration and communication. 

Discover clean code
Image shows various code properties
BETTER BUSINESS VALUE

why clean code?

A clean codebase simplifies the principles and processes to introduce changes to your code allowing business goals and objectives to be prioritized. Ensuring code readability improves team collaboration, communication, and code review processes across your enterprise.

Explore clean code
OUR UNIQUE APPROACH

Clean as You Code™

Clean Code as you write maintainable, readable quality code. Sonar’s tool kit allows you to continually review and make incremental clear quality improvements as you edit or write code. Deliver high-quality, efficient code standards that benefit the entire team or organization. 

Achieve clean code

Clean Code results in software that is:

Secure

Clean Code is secure through early detection and feedback of security vulnerabilities and hotspots during code review.

Learn more about secure code

Reliable

Clean Code creates and sustains reliability. When your software is reliable, anywhere and anytime, it creates trust among your teams and customers.

Learn more about reliable code

Maintainable

Clean Code makes maintenance easy. A codebase that is maintainable enables an optimized development workflow for more scalable software.

Learn more about maintainable code
  • Legal documentation
  • Trust center
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.