The best open source alternative to SonarQube is Codacy. It's not free, so if you're looking for a free alternative, you could try Codacy or Shellcheck. If that doesn't suit you, our users have ranked more than 25 alternatives to SonarQube and nine of them is open source so hopefully you can find a suitable replacement. Other interesting open source alternatives to SonarQube are Flawfinder, PhpMetrics, VisualCodeGrepper and Semgrep.
Automatically reviews code style, security, duplication, complexity, and coverage on every change while tracking code quality throughout your sprints.
Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect.
Flawfinder examines C/C++ source code and reports possible security weaknesses ("flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.
PhpMetrics provides metrics about PHP project and classes, with beautiful and readable HTML report.
VCG is an automated code security review tool that handles C/C++, Java, C#, VB and PL/SQL. It has a few features that should hopefully make it useful to anyone conducting code security reviews, particularly where time is at a premium:
Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or...
Exlint is a an open source project that enables developers to centralize their open source coding standards and policies, so that configuring repositories becomes as easy as typing one command.
Portugal
EU
Norway
Sweden
United States
Israel
Measure evaluation of the code quality over time.