Lately, I have been looking for automated tools to improve the quality and security of my apps. I have looked at two online apps for this, SonarCloud and LeftShift. They are both intuitive and easy to setup; they can also be connected to GitHub and GitLab to examine repositories automatically every time a new commit is pushed. ShiftLeft requires access to all repositories, while SonarCloud gives the option of only allowing access to some repositories. ShiftLeft identifies security issues in the code and scored them according to severity.

SonarCloud provide a more extensive report, including three sections: reliability (are there any bugs?), maintainability (is the code clear and well-structured?) and security (are there any vulnerabilities?).

At first sight, SonarCode is more comprehensive, as it looks at the general code structure and how maintainable it is as well as security issues. However, when I analysed the same app with both tools, they suggested different security issues that should be fix. In conclusion, I will probably use them both as they provide complementary information.