


SonarCloud helps developers write secure code with Static Application Security Testing (SAST).
Conventional SAST tools were not built for developers, SonarCloud is!
No need to wait for hours… Get code analysis results in minutes! And know that when a vulnerability is raised on your code, there’s something to fix. We’ve made it our mission to kill false-positives.
The best Code Security approach is not creating code vulnerabilities in the first place. With a clear analysis report for your code review, you merge only safe code to your repositories.
Developers are an essential key to success when it comes to Code Security. We tailored SonarCloud to help you learn and implement secure coding best practices.
It’s all about writing great code, and you can do it all at the same place. We give you one tool to sharpen your skills and remediate all Maintainability, Reliability, and Security flaws.
Code security skills are no longer optional. We’re here to help!
Security Hotspots highlight security-sensitive pieces of code that need review. As you discover Security Hotspots, learn how to evaluate the risk while becoming more acquainted with secure coding best practices.
Detect vulnerabilities before they make their way through the Software Development Life Cycle (SDLC)! Integrate DevSecOps practices into your daily routines and stay one step ahead of malicious attacks!
Protect your users and your reputation with SonarCloud. From now on, you know that when it comes to code security, we’ve got you covered!
SQL Injection*
Cross-Site Scripting (XSS)*
Open Redirect*
HTTP Response Splitting*
Path Traversal Injection*
LDAP Injection*
Log Injection*
OS Command Injection*
RegExp Injection*
Server-Side Request Forgery (SSRF)*
XPath Injection*
Deserialization Injection*
Code Injection*
Object Injection*
Buffer Overflow
Weak Cryptography
Hard-Code Credentials
Privacy
Authentication
Broken Access Control
XML External Entitiy (XXE)
Security Misconfiguration
* Not available for C and C++