There once was a time in software development where developers could design, build and then think about their software's security. However in today's highly connected, API-driven application environment, this approach is simply too risky as it exposes the software to vulnerabilities ...
SonarSource announced the new SonarCloud extension for Visual Studio Team Services (VSTS), which provides the full integration of SonarCloud, including automatic analysis and decoration of pull requests, keeping problems out of your source code before they get merged.
With this new extension, SonarSource provides developers with functionality to have everything in-hand to write clean code and be able to review the code quality at every stage of the development process. The automatic analysis and decoration of pull requests provides SonarCloud's insights on the newly created code, offering to the reviewer the ability to take an informed decision about whether or not to merge into the target branch.
"This extension brings the missing piece to a complete integration of our solution with Visual Studio Team Services, enabling any team to get an insight on the code quality at every step of the development process, from writing code in Visual Studio, through creating a pull request, to promoting code to production," said Olivier Gaudin, CEO of SonarSource. "Now Visual Studio Team Services users can truly implement a code quality practice that will bring significant improvements after only a few development sprints."
"The SonarCloud extension to Visual Studio Team Services helps a DevOps team shift quality left," said Sam Guckenheimer, Product Owner, Visual Studio Team Services, and Curator, DevOps at Microsoft. "It removes the barrier to getting started quickly by displaying code health in the IDE, hardening the pipeline with pull request policies that scan code before commit, ensuring quality on continuous integration, and rolling up code health across an organization."