SonarCloud is used for application security testing. The use cases you can bring into the pull request level, you can eliminate the problem into the developer's feature branch itself. The largest use case is if developers are writing a code and if the code has any vulnerabilities or problems, you can receive the feedback at the pull request level.

It serves as our primary tool for static code analysis, addressing various aspects such as code duplication, code smells, and security concerns. It stands out as an all-encompassing solution and it excels in security analysis and offers robust features for code optimization and duplication detection.

We are using SonarCloud for static analysis. We must utilize this tool for code analysis prior to deployment. For instance, it is necessary to check for bugs or inconsistencies in the code and rectify them. SonarCloud can assist in this regard by providing high-quality content.

We use the product for code-based security scanning.

We are customers of SonarCloud.

We use SonarCloud tools for all our 20 repositories and we are connecting the SonarCloud, from the Bitbucket pipeline.

We have several development streams, so we want to standardize our tooling and not necessarily restrict each tool to one specific purpose. We have CI/CD pipelines, with cloud solutions on one side and solutions like GitHub and Jenkins on the other.  

We use SonarCloud to scan code for vulnerabilities. The idea is to have that in a plan-do-check-act iterative way. Some development teams work in sprints with a scope of two weeks. For example, they define and finish their own user stories. 

Others work in Kanban, which means they work on one user story and only go on to the next when that one is finished. But the underlying thing is we are continuously using SonarCloud to clean out vulnerabilities in software that has been developed in-house.
+

The solution is a static code analysis tool. That's basically what we use it for in our organization.