Skip to content

Static analyzers

SonarCloud

SonarQube is an open-source platform that is the de facto solution for understanding and managing technical debt.

CodeQL in GitHub

Developers use CodeQL to automate security checks. CodeQL treats code like data that can be queried. GitHub researchers and community researchers have contributed standard CodeQL queries, and you can write your own.

A CodeQL analysis consists of three phases:

  • Creating a CodeQL database (based upon the code).
  • Run CodeQL queries against the database.
  • Interpret the results.
  • CodeQL is available as a command-line interpreter and an extension for Visual Studio Code.

Lab address

https://aka.ms/az-400-manage-technical-debt-with-sonarqube-and-azure-devops