Blog post: Taking the angst out of SAST analysis

Hi all,

We’ve published a new blog post:

In 2008 SonarSource upended the static analysis market for code quality and reliability. Today it’s doing it again for code security.

When SonarSource was founded in 2008, code quality was the realm of specialists, who typically reported their results just before production deployment, weeks or months after the code was written. Inevitably, by then the authors had moved on to other things - mentally if not physically - and getting anything fixed was a contest of wills. Fast-forward to today, and you find that most teams have integrated static analysis from the first keystroke, starting with SonarLint in the IDE and moving forward with SonarQube and SonarCloud in the CI/CD workflow.

Read the rest in the blog