Sonar announced
zero-configuration, automatic analysis for programming languages C and
C++ within
SonarCloud.
This new capability enables C and C++ projects hosted on GitHub to be
analyzed by SonarCloud in one click, and it works with all compilers.
Free for open-source projects, SonarCloud provides fast and efficient
identification and remediation of code-level issues that lead to
accumulation of technical debt. Sonar is the world's leading Clean Code
solution, helping organizations increase innovation and productivity
while decreasing business risk.
Sonar's automatic analysis capability enables SonarCloud to scan C
and C++ projects without having to make any manual time-consuming
configurations, which is required by all other commercial tools
available today. This manual configuration process can take up to
several days to complete, requires expertise in development, and a
comprehensive understanding of the application and the way it is built.
This ultimately takes time away from the architects, operators, and
developers, and is the primary reason to not use a Clean Code solution.
"I am very proud of the team that has delivered this innovation,"
said Olivier Gaudin, founder and co-CEO of Sonar. "The cost it takes to
configure static analysis is a big reason why project teams hesitate to
use a Clean Code solution. Not only have we delivered a
zero-configuration option, but data also shows that for more than 80% of
projects analyzed, the analysis is just as performant as the manual
configuration. This is a significant breakthrough for the C and C++
ecosystem."
"Until now, it seemed impossible to offer C or C++ static analysis
with a seamless configuration experience. Users had to suffer the pain
of manual configuration or not use it at all," said Geoffray Adde, C++
Ecosystem Product Manager at Sonar. "We have made the impossible
possible with a one-step process, which also expands our coverage to all
compilers. What's more - anyone can take advantage of the new feature,
as it's free for open-source projects."
"IDC developer research shows that C++ remains one of the top three
languages used today. The language is found in many security-sensitive
places, including operating systems, safety-critical software, and the
infrastructure of many tools, so the efficient and effective analysis of
C++ is important," said Katie Norton, Senior Research Analyst, DevOps
& DevSecOps, IDC. "An easy to deploy, automatic analysis process
will benefit organizations by enabling developers to take the time saved
and put it towards more fulfilling, bigger-impact work."