What other open-source analysers do you use?

Sonar provides powerful static analysis: 4800+ rules over 30 programming languages!

And, both SonarQube and SonarCloud play well with other open-source code analysis tools by allowing developers to Import Third-Party issues, both in formats produced by those tools or via the Generic Issue Import Format.

This means that issues raised by these tools will fit into Sonar’s Clean as you Code methodology: and benefit from features like issue backdating (the issue is considered to have been created at the last commit of a line, not the first time it’s reported to Sonar).

Additionally, this is even Sonar’s recommended way to design custom rules for some languages: such as building custom rules for JavaScript/TypeScript with ESLint and importing the issues.

Are you importing third-party issue reports into Sonar? From which tools? Is Sonar missing support for any that would really help your workflow? Let us know!

3 posts were split to a new topic: Trouble with FortifyVulnerabilityExporter in Sonarqube version 8.9