In this chapter, we have looked at how to analyze the static code of an application using SonarQube. This analysis can detect and prevent code syntax problems, vulnerabilities in the code, and also indicate the code coverage provided by unit tests.
Then, we detailed the use of SonarLint, which allows developers to check their code in real time as they write their code.
Finally, we looked at the configuration of SonarQube and its integration into a continuous integration process to ensure continuous analysis that will be triggered at each code commit of a team member.
In the next chapter, we will look at some security practices by performing security tests with the Zed Attack Proxy (ZAP) tool, executing performance tests with Postman, and launching load tests with Azure DevOps.