SonarSource Blog
  • Code Quality
  • Code Security
  • Integration
  • Company
  • Products

    In-IDE

    Code Quality and Code Security in your IDE with SonarLint

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarLint

    In-Cloud

    Code Quality and Code Security in the cloud with SonarCloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarCloud

    On-premise

    Code Quality and Code Security on-premise with SonarQube

    Fast, accurate Code Quality and Code Security analysis for most languages

    Discover SonarQube

Articles about C++

  1. Compilation database: An alternative way to configure your C or C++ analysis



    Analyzing your C or C++ code requires, in addition to the source code, the configuration that is used to build the code. Historically we have provided a tool to automate the extraction of this information, called the build wrapper. Recently we introduced another way to configure your analysis, the compilation database. Learn more about the pros and cons of each option.

    By loic joly | August 24, 2021
  2. ‘Quick Fix’ your C++ issues with SonarLint



    ‘Quick fixes’ with SonarLint bring value to the C++ community by providing more than what they have today. Let’s take a peek at how some of these rules equip you to deliver clean and safe C++ code, efficiently.

    By geoffray adde-and-kirti-joshi | December 14, 2021
  3. Supercharge your C++ analysis with SonarLint for CLion



    This article talks about the powerful capabilities of the C++ analyzer with SonarLint and highlights some unique and interesting quality and security rules you might find useful. Through that lens, we demonstrate how you can leverage these rules to elevate your CLion built-in static analysis capabilities for your C++ projects.

    By phil nash-and-geoffray-adde | September 28, 2021
  4. When feedback is timely, it's easy to be cool and collected.

    Getting timely, accurate feedback on your C++ from the SonarQube ecosystem



    Late feedback is a pain in the butt. Regardless of how it comes, hearing "that thing you did two weeks ago was wrong" is unwelcome at best. Good feedback is immediate, actionable and at least dispassionate, if not compassionate. That's why we help you integrate C++ static analysis throughout your workflow, so you and your team get the feedback you need when and where it's most useful.

    By g. ann-campbell | September 08, 2020
  5. A sheep lurks in wolf's clothing.

    False positives are our enemies, but may still be your friends



    When writing a rule for static analysis, it’s possible that in some cases, the rule does not give the results that were expected. Unfortunately, naming a false positive is often far easier than fixing it. In this post, I’ll discuss how the different types of rules give rise to different types of false positives, which ones are easier to fix than others, and how you can help. I’ll end with insight into how issues that are false positives can still be true indicators that the code needs to change.

    By loic joly | September 15, 2020
  6. Lay a strong foundation by writing secure C and C++ utilities



    By g. ann-campbell | October 14, 2020
  7. Winning the race against TOCTOU vulnerabilities in C & C++



    Security is an eternal race between the techniques and technologies of attackers and those of the defenders. Today, I'm proud to announce a step forward for defenders with a new rule to detect a literal race condition: TOCTOU (or TOCTTOU) vulnerabilities, known in long-form as Time Of Check (to) Time Of Use. 

    By g. ann-campbell | October 07, 2020
  8. MISRA C++ 2008 support is on its way



    By alexandre gigleux | May 27, 2019
  9. Detect C++ buffer overflows in POSIX functions



    By g. ann-campbell | May 20, 2020
  10. Security Hotspots bring a new approach to C++ SAST



    A lot of people associate Static Application Security Testing (SAST) with false positives, but it doesn't have to be that way. The fact is that there are really three classes of SAST issues: true positives, false positives, and what we call Security Hotspots - security-sensitive pieces of code that need human review. We feel that introducing the distinction between Vulnerabilities and Security Hotspots is the SAST innovation developers have sorely needed to face analysis results with clear expectations about what they'll get and how to deal with it.

    By g. ann-campbell | July 30, 2020
  11. The NeverEnding Story of writing a rule for argument passing in C++



    Here is a story of a rule, from concept to production. While the selected rule is for C++, this story contains interesting insight on the craft of rule development, no matter the target language.

    By loic joly | May 15, 2019
  12. Continuously Improving Analysis of C/C++/Objective-C Code



    Today we have improved the functionality of SonarCloud centered around the analysis of C/C++/Objective-C code. It’s an important change and we’d like to take a moment to provide you with the reason behind our decision.

    By nicolas bontoux | November 12, 2018
Sign up today never miss an update from SonarSource
Sign up today & never miss an update from SonarSource

We have received your subscription request. Please click on the confirmation link that was sent to your email. If you don’t see an email, check your spam/junk folder. Thank you!

We respect your privacy.

In-IDE

Code Quality and Code Security in your IDE with SonarLint

IDE extension that lets you fix coding issues before they exist!

Discover SonarLint

In-Cloud

Code Quality and Code Security in the cloud with SonarCloud

Setup is effortless and analysis is automatic for most languages

Discover SonarCloud

On-premise

Code Quality and Code Security on-premise with SonarQube

Fast, accurate Code Quality and Code Security analysis for most languages

Discover SonarQube

SonarSource blog delivered directly to your inbox!

We respect your privacy.

We have received your subscription request. Please click on the confirmation link that was sent to your email. If you don’t see an email, check your spam/junk folder. Thank you!

  • SonarSource
© 2008-2022, SonarSource S.A., Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, and SONARCLOUD are trademarks of SonarSource SA.
All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.
Privacy PolicyTerms and Conditions