SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells on 29 programming languages. SonarQube offers reports on duplicated code, coding standards, unit test, code coverage, code complexity, comments, bugs, and security recommendations.

SonarQube can record metrics history and provides evolution graphs, SonarQube provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc).

Burp Suite is a tool that is widely used and may be one of the main weapons in doing penetration testing on websites and mobile apps. Usually these tools are used to intercept data sent (request) or received (response) by the application or browser from the server through a proxy path that has been set in the browser or on Android or iOS. So that a hacker can manipulate the data sent or received by the browser or mobile apps. In addition, this tool is also equipped with semi-automation in finding gaps in a website application.

There are many features in this burpsuite tool, but here inly a few of them will be explained. There are Proxy, Scanner, Intruder, Repeaters, Decoder.

OpenVAS (Open Vulnerability Assessment System) is an open-source vulnerability scanning platform developed by Greenbone to detect security weaknesses in IT infrastructure. It provides a comprehensive suite of tools to identify vulnerabilities in networks and systems, utilizing an up-to-date vulnerability database

Key features of OpenVAS:

• Network and host-based vulnerability scanning.
• Supports over 50,000 security tests (NVTs).
• Integration with Greenbone Security Manager (GSM) for advanced security management.
• Detailed scan reports with remediation recommendations.

CodeRabbit is an AI-powered code review tool that helps developers improve code quality, detect potential issues, and maintain best coding practices efficiently. By integrating directly into development workflows, CodeRabbit automates the review process and provides insightful feedback.

Key features of Code Rabbit:

• Automated analysis of code quality and security.
• GitHub integration for seamless CI/CD workflows.
• Detection of potential bugs, anti-patterns, and security vulnerabilities.
• AI-generated comments within pull requests based on code analysis.