How to use SonarQube scan codes for bugs & vulnerabilities

SonarQube is a code quality control tool developed by SonarSource. SonarQube can static analysis your codes, find bugs, code smells, and security vulnerabilities. It supports more than 27 programming languages.

SonarQube has four different editions: Community Edition, Developer Edition, Enterprise Edition, and Data Center Edition. The Community Edition is free and supports 15 languages. They include Java, JavaScript, C#, TypeScript, Kotlin, Ruby, Go, Scala, Flex, Python, PHP, HTML, CSS, XML & VB.NET.