Sonar used to be just about running other open source tools, such as FindBugs, PMD, and Checkstyle. (BTW, Code Spotter runs FindBugs alongside Coverity analysis to complement the results). Sonar later added its own rule engine (Squid). More recently, I've come across SSLR - SonarSource Language Recognizer - which looks like a library for building custom coding rules.
Still, Coverity analyzer (which is what's behind Code Spotter) does deep interprocedural analysis and finds very different kinds of issues. I think the best way to see the difference is to try it out on a sample project.
Still, Coverity analyzer (which is what's behind Code Spotter) does deep interprocedural analysis and finds very different kinds of issues. I think the best way to see the difference is to try it out on a sample project.