SonarCloud
@SonarCloud
Followers
2,831
Following
123
Media
73
Statuses
502
SonarCloud, crafted by @SonarSource , is the leading online service for Code Quality & Security. Free analysis for open-source projects covering 24 languages.
Geneva, Switzerland
Joined August 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
LINGORM TSOU FINAL EP
• 1818053 Tweets
The EU
• 184950 Tweets
Epstein
• 144190 Tweets
Liverpool
• 96323 Tweets
#DilrubaSerbestBırakılsın
• 88966 Tweets
Rachael Lillis
• 84507 Tweets
My Everything
• 82554 Tweets
Truth Social
• 81998 Tweets
Zubimendi
• 59669 Tweets
Misty
• 51683 Tweets
Mr. President
• 47427 Tweets
Mónaco
• 45933 Tweets
ليفربول
• 39500 Tweets
موناكو
• 37532 Tweets
Thierry
• 37171 Tweets
Jets
• 36694 Tweets
Flick
• 30749 Tweets
Duran
• 29326 Tweets
Gamper
• 28052 Tweets
Real Sociedad
• 24146 Tweets
#TwitterBlackout
• 20548 Tweets
#ولي_العهد
• 18601 Tweets
Lamine
• 18576 Tweets
Hughes
• 17242 Tweets
Xavi
• 16518 Tweets
#earthquake
• 14998 Tweets
Trent
• 13746 Tweets
Reddick
• 13537 Tweets
Doocy
• 11352 Tweets
Lewandowski
• 10776 Tweets
異世界失格
• 10653 Tweets
Ter Stegen
• 10517 Tweets
Burnley
• 10311 Tweets
#Developers
, do you know how easy it is to start analyzing your
@github
repository with SonarCloud? Just log in with your GitHub account, select your projects, and wait for the analysis to end.
#CodeQuality
and
#CodeQuality
should always be that simple!
6
57
405
Elevate
#CodeQuality
and
#CodeSecurity
in your
@GitLab
repositories. With SonarCloud, you detect Bugs and Vulnerabilities, and get clear remediation guidance to fix them. Your code instantly gets cleaner and safer!
6
37
345
Mono-repository support for
#GitHub
and
#AzureDevOps
available now! This new feature allows you to define multiple
#QualityGates
per project and receive multiple results in your pull requests.
#codequality
#codesecurity
1
19
263
Automate the detection of Bugs and Vulnerabilities in your
#AzureDevOps
repositories across all branches and pull requests. Get a chance to fix issues in your code before even merging and deploying.
#codequality
#codesecurity
#codereview
5
48
216
Merge clean, safe code in your
@GitHub
repositories with fast, accurate feedback in your
#pullRequest
. SonarCloud helps you assess your code health and fix issues early in your development workflow.
#codequality
#codesecurity
4
45
168
Improve Code Quality and Security in your
@GitHub
repositories, one
#pullRequest
at a time. SonarCloud helps you identify, understand, and fix code issues in your PR. So you merge clean, safe code every time.
#codequality
#codesecurity
#codereview
5
29
128
Detect the issues in your
#pullRequest
with SonarCloud! And clean your
@GitHub
repositories from Bugs, Vulnerabilities, and Code Smells that don't belong to your code. Get started in seconds. It's free for open-source projects!
#codequality
#codesecurity
2
24
128
Shift Code Quality and Security left to your
#pullRequest
! SonarCloud detects the issues in your PR and development branches. You also get clear remediation guidance on fixing them. So your code instantly gets cleaner and safer.
#codequality
#codesecurity
5
22
112
Here’s to you
@GitHub
community: a GitHub Action that makes it even simpler to catch bugs and vulnerabilities in your Pull Requests!
Join the GitHub Actions beta, and use the SonarCloud Scan action:
1
29
92
SonarCloud will decorate your pull requests with automatic code review, as soon as you create them.
Available on
@VSTS
,
@github
and
@Bitbucket
!
10
57
84
Great day for all
@VSTS
users: you can now sign in to
@sonarcloud
using your
@Azure
Active Directory work account!
1
37
41
Find, fix and learn from issues in your code. SonarCloud for
@Bitbucket
Cloud provides the right feedback, at the right place, at the right time. Your Code Quality and Security improves and you sharpen your
#dev
skills learning new rules along the way!
1
8
39
Heads-up Bitbucket users! Adding SonarCloud analysis to your pipeline just got way simpler.🤘
#bitbucketpipes
#enhanceyourworkflow
Check-out the new SonarCloud Pipe in our blog post👇
We’re thrilled to be a launch partner of the
@Atlassian
#bitbucketpipes
!
CI/CD pipelines made simple, SonarCloud analysis set up in no time 💪
👉
0
7
20
0
4
27
Continuous feedback on your code puts your mind in a good place! With SonarCloud for
@Bitbucket
Cloud, you're in control of Code Quality and Security in your repos. You save time and focus efforts on what matters most: developing new features.
3
5
25
Get continuous feedback on your code with SonarCloud for
@Bitbucket
Cloud. Find bugs and vulnerabilities in your
#pullrequest
and development branches. As of today, you'll merge clean, safe code in your Bitbucket Cloud repositories. Every time.
0
4
20
Scanning your projects and pull requests is also the opportunity to show your user community how much you care about quality software ❤
Check-out some featured projects 👉
0
13
18
We feel honored to help the
@Makair_fr
project improve the quality and security of their
#cplusplus
software! A beautiful story of 250 makers building a ventilator in only a few weeks, helping
#COVID19
patients breathe!
#makair
#makersforlife
0
8
19
Welcome to
@sonarcloud
official twitter account. Stay tuned about everything SonarCloud!
#Saas
#codequality
#opensource
0
18
15
Woot woot! Just reached 1 Billion Lines of Code 🚀
#crazygrowth
Here goes ❤️❤️to all the devs and teams that killed countless bugs and vulnerabilities along the way. 💪
Join the fun @ !
0
6
15
Do you know that for most languages, we can now autonomously scan your code, by simply reading it from your repository? We call that AutoScan, and we think you’ll love it! 🎉
More details here 👇
1
9
15
Starting today, go and get the brand new badges for your open-source projects!
1
18
15
We're pleased to announce Sonar is integrated with
@Atlassian
Compass! The Sonar Quality Gate Scorecard makes it easy for Compass users to understand if their component is built with
#CleanCode
🚀✅
More information 👇
0
4
11
Introducing language
#22
:
@salesforce
Apex!
Already 50 static analysis rules for all Apex devs to embrace continuous code quality.
#sfdx
#SalesforceDX
0
9
13
You're doing JavaScript? SonarCloud has now built-in support for
@geteslint
issues! 😎 And it's as simple as using the "sonar.eslint.reportPaths" property. Enjoy!
0
10
12
The SonarCloud
@VSTS
extension now offers widgets to display the quality gate of your projects on your favorite VSTS dashboards!
1
13
14
Did you know that after
@golang
,
@kotlin
and
@rubylangorg
already added this year, another popular language is now supported on SonarCloud? And this is
@scala_lang
! 🎉
1
13
10
More than half a billion lines of code are now on analysed on SonarCloud (518 millions to be accurate), and still counting! 🚀
0
5
11
SonarCloud VSTS/TFS Extension 1.0: for a greater user experience when analyzing VSTS projects on SonarCloud.
1
13
13
Once upon a time,
#Java
devs looked to the DSM to enhance their app design. Beyond code quality & security, structured code and clean architecture should are necessary pillars for
#CleanCode
We're excited to share we just got 3 new architectural rules!
0
4
8
Protect your code against injection vulnerabilities with SonarCloud!
0
9
9
"Write clean code with SonarCloud and Bitbucket Cloud", blog post by
@kelvinyap
and
@bellingard
@sonarcloud
❤️
@Bitbucket
!
0
6
11
Go a step further with Test Quality on
#Java
! Write maintainable and bug free assertions on
#Assertj
with this new set of new rules!
#codequality
#developers
1
1
9
recursion really is one of the strangest, most difficult concepts to grasp while learning to code
recursion really is one of the strangest, most difficult concepts to grasp while learning to code
1
0
4
0
0
7
Do you know that you can find bugs and vulnerabilities in your Spring-based code thanks to 24 new rules?
@sonarcloud
❤️
@springframework
!
0
5
9
Forget about the deprecated GitHub plugin and its preview mode, SonarCloud supports Pull Requests as first class citizens! Check this out on
1
7
10
Our
#Python
bug hunt in popular, well-maintained projects (
@TensorFlow
, numpy, salt, sentry and
@Biopython
) turned up interesting stuff like undefined var reference, unreachable code, and more.
0
4
6
Hey
#AzureDevOps
#developers
! We just added support for mono-repositories! Now, you can have one Quality Gate per project. And your comments in your PR will be tagged with the name of the related project. Let us know how that works for you!
#codequality
0
4
7
Talking of C++, here's for all
#cpp
devs: 20+ new rules to catch bugs and code smells in C++, and also C &
#objectivec
. 💪
Ever wondered what it takes to detect tricky bugs in C++ code? 🐛
Loïc, engineer in our Language Team, and member of
@isocpp
, just blogged about the intricacies of
#cplusplus
static code analysis!
👉
0
12
11
0
1
8
Hey
#GitHub
#developers
! We just added support for mono-repositories! Now, you can have one Quality Gate per project. And your comments in your PR will be tagged with the name of the related project. Let us know how that works for you!
#codequality
0
6
7
Thanks
@elainedbatista
for using SonarCloud for the comparison of the quality and security of
@telegram
and
@signalapp
#sourcecode
in your LinkedIn post!
#telegram
#signalapp
#codequality
#codesecurity
1
4
8
Making clean code a mantra for all
@AzureDevops
users! SonarCloud decorates your Pull Requests, keeping bugs out so that you can merge with confidence!
Learn more 👉🏽
0
6
8
How do you Clean as you Code? We're making this easy for you in SonarCloud with an update on the way to setup what you consider as being 'new code'!
#CAYC
#codequality
#codesecurity
#codequalitymadeeasy
0
3
6
We've got a surprise coming really soon... 👀
0
0
6
Continuing the security push! 🚀
@SonarSource
, maker of SonarCloud, has acquired
@ripstech
.
#appsec
#developerFirst
Read more about what this means for your code security 👉
We are excited to announce that SonarSource has acquired
@ripstech
!
Joining forces in building top-notch code security analyzers, helping all dev teams deliver more secure software. 💪
#appsec
#developer
-first
Read more on our blog 👉
0
27
44
0
2
6
Import of issues from external linters with built-in support for TypeScript projects, support for the Go language, first version of the GitHub Application, ... check all what's recently been added to SonarCloud!
0
8
5
Hey
@telegram
, how about using SonarCloud for improving code quality and code security? Seems like we could help fix some bugs and vulnerabilities in your code. It's free for open source projects, with access to all the features! 😉
0
3
8
Keeping your project’s code clean and safe is a team effort! SonarCloud provides a place where you get full visibility on the status & activity of your project. You’re going to love it!
#developers
#DevOps
0
1
5
Developers, you now have a tool to own Code Security
And guess what? You've been using it all along!
Sonar[Qube|Cloud] gives you unparalleled precision in SAST detection without sacrificing performance.
All you have to do is make sure you're up to date
0
5
6
We went on a bug hunt in popular, well-maintained
#Python
projects and found interesting problems basic linters just can't see.
0
1
5
Your organization? Your own open-source project? Your issues? You can now customize which page is your homepage on SonarCloud!
0
5
4
We’re happy to introduce everyone to
@Sonar_Research
! If you’ve been a fan of our
#security
blogs & code challenges, then follow this page! Our R&D Team can’t wait to share their next critical code vulnerabilities in high-profile projects 👨💻🔎
20
0
5
Detect
#XXE
vulnerabilities and Express security configuration flaws with these 8 new rules. Your
#JavaScript
code just got safer!
#codesecurity
0
7
3
SonarCloud will no longer execute
#Pylint
rules! It's time to say thank you and goodbye! We have now reached a point on
#Python
analysis to where our native coding rules will get you faster, more accurate results, with fewer false-positives.
#codequality
1
2
5
Detect XSS vulnerabilities on DTL and Jinja2 template files! We are now analyzing Controller and HTML files in your
#Python
web apps made with
#Django
or
#Flask
.
#CodeSecurity
0
2
5
A more modern, consistent, and accessible
#UI
for
@SonarCloud
is born. New shapes, new colors, new fonts, consolidated layouts and components… Check it out!
7
3
5
😎
I just added sonar cloud in my pipelines, now i don't need to worry about code quality.
0
0
2
0
1
4
@SonarSource
There is an Open Redirect vulnerability! An attacker can send a link like ?next=javascript:alert(1) or ?next=//phishing.url to redirect you to a malicious site.
Here is our solution on SonarCloud:
0
1
3
Fresh from the
@SonarSource
oven: new rules for
@golang
devs to catch quality issues in their Pull Requests 🔍
Make the most out of it Go teams!💪
#codequalityforall
We're continuously pushing forward our static code analysis engine, and this week's milestone is for Go code quality.
Here's to you
@golang
devs! 👇
0
8
13
0
2
3
We've added support for
#Python
3.8, plus rules for method signature and visibility.
Analysis of OSS is always free at and onboarding is a breeze!
0
3
3
Following the support of
#Thymeleaf
in
#Java
, SonarCloud now detects XSS in JSPs! More
#security
upates to come soon, stay tuned!
0
3
3
Top-notch
#Python
analysis is also about the coverage of more "basic" rules. Take a look at the 15 core rules we just added!
#codequality
0
2
3
You want to follow the status of the service or be notified in advanced of planned maintenances? Follow our new
@sonarcld_status
Twitter account and visit !
0
4
3
When it comes to implementing
#cryptography
APIs in your code, you're not alone! With these new rules for
#Csharp
and
#VBNET
, SonarCloud got you covered!
#cybersecurity
#securecoding
0
3
4
Using SonarCloud? Want to help improve the product experience? We'd love to interview you! You'll get a $30 Amazon gift card in exchange. Fill out the form to get a chance to participate.
#usersurvey
1
0
1
Today we have improved the functionality of SonarCloud centered around the analysis of C/C++/Objective-C code. Read "Continuously Improving Analysis of C/C++/Objective-C Code" by
@nicoallgood
0
3
4
#Swift
#Developers
, scan your code with SonarCloud and take full advantage of the
#codeanalysis
with support of the latest Swift 5.3 features.
#codequality
0
0
3
@nefarioustim
@gitlab
We contacted them a couple of times already to work together, but unfortunately it looks like they're not interested. And we prefer to concentrate on partners who are willing to build something great with us!
0
0
4
#Java14
code scan is now available in
#SonarCloud
! And it doesn't require any change on your side!
0
2
4
@IkeMtz
@AzureDevOps
We are currently indeed experiencing delay in report processing, as communicated on .
We do our best to get back to normal as soon as possible. Sorry for the inconvenience.
1
0
4
Old-school
#SAST
tools raise lots of issues and expect someone else to sort it out.
@SonarSource
knows
#developers
don't have time for that. When we raise a
#vulnerability
you know there's something to fix
0
3
4
Shift left for higher quality pull requests with the new Code Insights feature in
@Bitbucket
Cloud
#codesecurity
0
1
4
New
#Java
#Vulnerabilites
detected through the support of more APIs! SonarCloud is getting supercharged with the integration of the RIPS-TECH configuration
0
1
2
@ocodista
JavaScript analysis uses ESLint, but goes far beyond and includes things like taint analysis. And if you use other languages in your project, we'll that's covered too.
Welcome aboard! 🌅
0
0
4
@SonarSource
This code has an Argument Injection vulnerability in line 34 via the txtPackage input field.
Executing own system commands is not possible but additional parameters can be appended to the executed "nuget" command.
1
0
4
Break out of
#react
-ive mode with late discovery of code flaws. Start analyzing your code with SonarCloud and fix bugs and code smells while the code is still fresh in mind!
#Javascript
#TypeScript
4
1
4
@SonarSource
Well done, denial of service via a user controlled regular expression (ReDoS) was what we were looking for here. Find out more about this
#vulnerability
:
0
0
3
Protect your
#Zend
and
#Laminas
webapps from malicious intent! With our
#SAST
solution, you can easily detect security vulnerabilities on those two
#PHP
frameworks.
#CyberSecurity
1
1
3
With
@SonarCloud
, you can identify
#Encryption
at Rest and at Transit problems in your code when using
#Python
with the
@awscloud
Development Kit.
2
2
2
Who said
#CodeQuality
&
#CodeSecurity
had to be painful? SonarCloud makes it easy for you! Our new project experience - available in beta - helps you assess your code health in seconds and support your team effort. Try it now!
0
0
3
🎉 Want to discuss SonarCloud features and be part of a growing user community? Join us @ !
We’ve opened a new community forum for
@sonarcloud
@SonarLint
@SonarQube
users, and they love it already! Join the party on 🎉🎉
0
12
7
0
2
2
How do you ensure your
#Java
pull requests are clean? In less than 3 minutes with SonarCloud you can get fast, precise feedback in your PRs. Give it a try.
0
1
3
@SonarSource
Well done! There was a tiny slip in the regex (line 18) that leads to a validation bypass and a Local File Inclusion (LFI) vulnerability (line 21). The dash in ".-_" allows chars in the range from "." to "_" including "../".
Find out more about LFI here:
1
0
3
Review your security vulnerabilities directly in
#GitHub
. SonarCloud now integrates with code scanning allowing:
> Easy code security review & prioritization
> Fast security vulnerability investigation
> Instant issue status synchronization
Try it now!
0
0
3
@SonarSource
This challenge was about (in)secure communication. The http:// protocol is used that enables Man-in-the-Middle attacks. And even when the protocol is changed to
https://,
the certificate validation is bypassed. Find out more here:
1
0
3
@SonarSource
E.g., the -Source parameter enables to install malicious packages from a remote repo, e.g. "package -Source ". Our payload is also used to create a directory name in line 31 which forbids ":". By using a long package name (>MAX_PATH) we can bypass this.
0
0
3
SonarCloud Product News is here! Subscribe to receive information on product releases, events, and other updates, delivered directly to your email inbox. It’s never been easier to stay in the loop for all things SonarCloud.
Subscribe below 👇
1
1
3
@SonarSource
In this
#csharp
code the backslash character can be used in a path traversal attack (..\) to disclose arbitrary files from the (Windows) host.
Find out more about Path Injection here:
1
0
3
Java devs coding in VS Code: it's time to go next-level and pair up
@SonarLint
with your project in SonarCloud 💪
0
3
2