What is SonarQube?
SonarQube is an open-source
platform developed by Sonar Source for continuous inspection of code quality.
Sonar does static code analysis, which provides a detailed report of bugs, code
smells, vulnerabilities, code duplications.
It supports 25+ major programming
languages through built-in rulesets and can also be extended with various
plugins.
Benefits of SonarQube:
Sustainability – Reduces complexity, possible
vulnerabilities, and code duplications, optimizing the life of applications.
Increase productivity – Reduces the scale, cost of
maintenance, and risk of the application; as such, it removes the need to spend
more time changing the code.
Quality code – Code quality control is an
inseparable part of the process of software development.
Detect Errors – Detects errors in the code and
alerts developers to fix them automatically before submitting them for output.
Increase consistency – Determines where the code criteria
are breached and enhances the quality.
Business scaling – No restriction on the number of
projects to be evaluated.
Enhance developer skills – Regular feedback on quality
problems helps developers to improve their coding skills.
Why SonarQube?
Developers working with hard
deadlines to deliver the required functionality to the customer. It is so
important for developers that many times they compromise with the code quality,
potential bugs, code duplications, and bad distribution of complexity.
Additionally, they tend to
leave unused variables, methods, etc. In this scenario, the code would work in
the desired way.
It covers a wide area of
code quality checkpoints ranging from styling errors, potential bugs, and code
defects to design inefficiencies, code duplication, lack of test coverage, and
excess complexity.
Poor
code quality leads to low team velocity, application decommissioning,
production crashes, bad company reputation. SonarSource provides the solution
to improve Maintainability, Reliability, and Security. SonarSource has been
developed with the main objective in mind: make code quality management
accessible to everyone with minimal effort.
Main Features
1) Write Clean Code
Overall Health
Discovered issues can either be Unreachable source code, a Bug, Vulnerability, Code Smell, Coverage or Duplication. Each category has a corresponding number of issues. Dashboard page shows where you stand in terms of quality in a glimpse of an eye.
Enfore Quality gate
To fully enforce a code quality practice across all teams, you need to set up a Quality Gate. A Quality Gate is a set of conditions the project must meet before it can qualify for production release. The overview of the project will show the results of the SonarQube analysis.
Analyze Pull requests
SonarQube categorizes Issues in the different type. It displays the corresponding number of issues or a percentage value as per different categories.
There are five different severity levels of Issues like blocker, critical, major, minor and info.
The issues tab has different filter criteria like category, severity level, tag(s), and the calculated effort (regarding time) it will take to rectify an issue.
Dig into Issues
From the issues tab, you have full power to analyze in detail what the main issues are, where they are located when they were added to your code base and who originally introduced them. It provides facility to assign an issue to another user, to add the comment on it, and change its severity level. On Click of a particular issue, shows more description about the issue.
2) Detect Bugs
Detect Bugs
Represents wrong code which has not broken yet but it will probably at the worst possible moment. Examples include null-pointer, memory leaks, and logic errors.
Code Smells
A maintainability-related issue in the code which indicate a violation of fundamental design principles. Code smell technically not incorrect but it is not functional as well. Examples include duplicated code, too complex code, Dead Code, Long Parameter List.
Security Vulnerability
A security-related issue which represents a backdoor for attackers. Examples include SQL injection, hard-coded passwords and badly managed errors.
3) Multi-Language
20+ Programming Languages
SonarQube 4.2 and higher version comes with code analyzer for each major programming language.
Multi-Language Projects
We often use multiple programming languages in the software application development – like [C#, C++ and JavaScript] or [Java, JavaScript and HTML]. SonarQube automatically detects the languages and run corresponding code analyzer for each language.
4) Centralize Quality
All projects in one place
SonarQube enables the centralized system of storing the code metrics which allows an organization to estimate and predict risks of the project. It will not only simplify the deployment but also allows making a qualitative step forward for the project management, monitor the project status.
Shared rulesets
SonarQube provides the facility to create your own quality profiles, in which you can define Sonar Rules which can be shared among different projects.
SonarQube Installation >>
No comments:
Post a Comment