I’m happy to share that Sonar has launched a report series on “The State of Code” that provides a unique window into the real-world state of software development. We analyzed Sonar’s massive dataset from the last six months of 2024 to find real-world insights on reliability, security, and maintainability across the top 7 languages used by developers today: Java, JavaScript, TypeScript, Python, PHP, C# and C++.
Our team has been working on this series of reports for a while, and we’re excited to begin sharing them with you! First up is our report on reliability, which found about 2,100 bugs for every million lines of code. We have future reports planned for security issues (including vulnerabilities, security hotspots, and secrets we find in source code) as well as maintainability issues (aka code smells).
All reports will become available in the coming weeks, so keep an eye out! Read our blog to learn more about the report series. You are also welcome to join our upcoming webinar, where I will discuss these results live with Tom Howlett, our head of product management.
This is an excellent initiative from Sonar! The report on “The State of Code” provides valuable insights into reliability, security, and maintainability in software development. Being able to dive into real data and understand the challenges related to such common languages as Java, JavaScript, TypeScript, Python, PHP, C#, and C++ is really enriching.
The findings on reliability resonate well within my scope. I can’t wait to read the upcoming volumes, especially those focusing on security and maintainability, which are crucial for improving code quality.
Thank you for sharing this information, and I’m looking forward to attending the webinar to discuss it further!
Thank you for your kind words, Bachri! We will publish the security report next week, and subsequent reports will follow weekly. Tom and I look forward to seeing you on our webinar at the end of July!
Hi all - for those of you who are following the progress on this series of reports, the Security report just went live today. As mentioned above, this report includes the most common security vulnerabilities and hotspots (about 1,200 of these per million LoC we scanned), as well as the most common secrets we detected. You can read more about it in today’s blog.