SonarQube

SonarQube

Features

At a Glance

Time Machine

To manage code quality at the file, module, project or portfolio level, SonarQube’s numerous dashboards offer quick insight.

Several methods are available to replay the past, showing how your metrics evolved: tables, timelines, dynamic charts, etc. This will ensure progress get tracked over time.

Seven Deadly Sins

Languages Support

Why SonarQube?

More than 20 different languages, including Java, C#, C/C++, Cobol, PL/SQL, ABAP, Javascript, PHP, Web, XML, etc. are supported. The platform also offers the ability to add your own rules on those languages.

The platform covers the Seven Axes of Quality, also known as Developers’ Seven Deadly Sins: Duplications, Coding standards, Lack of coverage, Potential bugs, Complexity, Documentation and Design.

What are other Code Quality Tools ?

Pre-Commit Check

Zoom to the Source

Whatever you are looking at, a project, group of projects, and so on, you can break down any metric in a few clicks, and drill down to the source of the information: the source code!

Source code can be checked before pushing changes to the SCM: either directly in Eclipse or through a batch with the Issues Report plugin. Both let you make sure that you are not introducing new quality issues.

PMD

FindBug

CheckStyle

Extend

Security

A complete mechanism for authentication and authorization is available out of the box, or through an external system such as LDAP or to use SSO.

It can be extended with the 60+ plugins that are available through the SonarQube plugins library. You can also develop your own plugins.

What Is What?

Then Why?

Integrate

Automate

What is PMD?

Integration comes out of the box with standard ALM components such as Maven, Ant, SVN, Git, Mercurial, etc.

Quality analyses can be integrated into continuous integration server to fully automate the process for Continuous Inspection.

PMD is used for detecting bad practices in code, which is intended decrease the number of bugs in your code.

What is FindBugs?

• Most polished tool in the code quality space.
• Literally includes PMD, FindBugs and Checkstyle
• Some excellent support for tools in the Java ecosystem.
• Also includes Clover, Cobertura, Emma, JaCoCo, etc.
• Very convenient to use, especially if we already using Maven.
• In a large, enterprise environment, Sonar and some combination of the previous tools is essential.

FindBug scans your code for bugs, breaking down the list of bugs in your code into a ranked list on a 20-point scale. The lower the number the scarier the bug.

What is Checkstyle?

Checkstyle is incredibly useful in a team environment. It helps you maintain your code easier because it’s more readable as a result of adhering to code standards that it introduces, such as complaining about poor formatting in your source code.

Agenda

How to Configure & Use SonarQube?

What is SonarQube?

Why SonarQube?

Features

How to configure and use SonarQube?

Install

Browsing SonarQube

Sonar Issues View (displays local or remote information depending on the selected mode)

Sonar Web Browser View (displays remote information only)

What is SonarQube?

Configure

Working With SonarQube

Fixing an Issue

Go to Window > Preferences > Sonar > Servers.

A double-click on an issue icon opens the source code editor and highlights the issue:

Reviewing an Issue (Remote)

Linking for the first time

Right-click on the project in the Project Explorer, and then Configure > Associate with Sonar

SonarQube (Formally known as Sonar) is an open platform to manage code quality. As such, it covers the 7 axes of code quality:

Checking Code Prior to Commit

Developers' Seven Deadly Sins

• Bad Distribution of Complexity
• Duplications
• Lack of Unit Tests
• No Coding Standards
• Not Enough or Too Many Comments
• Potential Bugs
• Spaghetti Design