I've never heard of sonarqube ... this looks very enterprisey ... isn't this just prompt engineering over the source with a harness? Why am I clicking through all this signup flow?

I'd buy the put this in your ".git/hooks" workflow ... but I don't know what's going on with this thing.

The strongest opensource contributors tend to be kinda weird - like they don't have a google account and use some kind of libre phone os that you've never heard of.

What a "real" solution would look like is some kind of "guardrails" format where they can use an lsp or treesitter to give dos and donts and then have a secondary auditing llm punt the code back.

There may be tools (coderabbit?) that do this ... but that's realistically what the solution will be - local llms, self-orchestrated.

▲

ChicagoDave 2 hours ago | parent [-]

SonarQube does static analysis and let's you set your own levels. Yes, enterprises use it for code and test quality as well as security checks.

I was just saying that good engineers can guide GenAI into creating good code bases. Seeing I got voted down, not everyone agrees.

	▲	kristopolous an hour ago \| parent [-]
		eh, it sounds like you're hawking your own product. It doesn't look like you are and this looks to be a mass adopted fortune-100 product without large brand name awareness, but that's the risk with hn. There's a lot of people trying to hustle their stuff on here. Strongly frowned upon unless it's genuinely free and even then... Maybe something like "at work we use something called sonarqube and I've been using it on my own stuff. it's works really nice" might have been better