Continuous Code Quality
SonarSource provides world-class solutions for continuous code quality. Its open source and commercial products help customers of all size to manage the code quality of their applications, reduce their risks
and ultimately deliver better software.
Ensure Quality Builds
A SonarQube analysis of source code can be a stage of your CI pipeline, typically in the configuration of your CI server. The integration of SonarQube and Artifactory attaches metadata from SonarQube’s analyses to the corresponding build outcomes deployed in Artifactory. This metadata can be used further down the pipeline to help decide whether those builds should be promoted and/or used in production.
Source Code Risk Assessment for Release
Include SonarQube source code analysis into your automated release decisions to speed your continuous integration pipeline. Match the discovered vulnerabilities to acceptable risk levels for each release stage. Speedy reporting of problems to those that must resolve them helps errors get fixed faster.
Common Dashboard for all Vulnerabilities
For each build, Artifactory logs and reports results from SonarQube, as well as any other screening tools, providing a central place to examine all issues from the easy-to-use dashboard. Team members sharing the same information can fix problems together.
Source Level Safety
Source code screening helps ensure that unsafe builds don’t get deployed to production, while Artifactory’s repository ensures that a last known safe version is always available.