Code scanner requirements

Can SonarCloud meet all of these requirements?

  1. Source Code Analyzer must be capable of analyzing the code languages in use by the program
  2. Analysis reports should be rapidly available to development team
  3. Analysis tool should be capable of flagging findings as false positive and should indicate severity of the finding.
  4. Code scanning signatures update at some regular frequency
  5. Tool shall be capable of automated code scanning, as a part of the check in/development process.

That depends on the language of your project, but we support most major languages (25) https://sonarcloud.io/about

Our analysers are pretty fast. You can also use https://www.sonarlint.org/ to get analysis directly in your IDE while you’re coding.

It is possible

Not sure what you mean by that

You can integrate the code analysis in your CI pipeline, and every commit in any branch/PR will be analyzed.

HTH,
Benoit

1 Like

SonarCloud rules are updated regularly.