Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Transcript of SonarQube
What is SonarQube?
How to configure and use SonarQube?
What is SonarQube?
What is PMD?
At a Glance
How to Configure & Use SonarQube?
SonarQube (Formally known as Sonar) is an open platform to manage code quality. As such, it covers the 7 axes of code quality:
Developers' Seven Deadly Sins
Bad Distribution of Complexity
Lack of Unit Tests
No Coding Standards
Not Enough or Too Many Comments
PMD is used for detecting bad practices in code, which is intended decrease the number of bugs in your code.
What is FindBugs?
FindBug scans your code for bugs, breaking down the list of bugs in your code into a ranked list on a 20-point scale. The lower the number the scarier the bug.
What are other Code Quality Tools ?
What is Checkstyle?
Checkstyle is incredibly useful in a team environment. It helps you maintain your code easier because it’s more readable as a result of adhering to code standards that it introduces, such as complaining about poor formatting in your source code.
What Is What?
Most polished tool in the code quality space.
Literally includes PMD, FindBugs and Checkstyle
Some excellent support for tools in the Java ecosystem.
Also includes Clover, Cobertura, Emma, JaCoCo, etc.
Very convenient to use, especially if we already using Maven.
In a large, enterprise environment, Sonar and some combination of the previous tools is essential.
Seven Deadly Sins
Zoom to the Source
To manage code quality at the file, module, project or portfolio level, SonarQube’s numerous dashboards offer quick insight.
Several methods are available to replay the past, showing how your metrics evolved: tables, timelines, dynamic charts, etc. This will ensure progress get tracked over time.
The platform covers the Seven Axes of Quality, also known as Developers’ Seven Deadly Sins: Duplications, Coding standards, Lack of coverage, Potential bugs, Complexity, Documentation and Design.
Source code can be checked before pushing changes to the SCM: either directly in Eclipse or through a batch with the Issues Report plugin. Both let you make sure that you are not introducing new quality issues.
Whatever you are looking at, a project, group of projects, and so on, you can break down any metric in a few clicks, and drill down to the source of the information: the source code!
It can be extended with the 60+ plugins that are available through the SonarQube plugins library. You can also develop your own plugins.
A complete mechanism for authentication and authorization is available out of the box, or through an external system such as LDAP or to use SSO.
Quality analyses can be integrated into continuous integration server to fully automate the process for Continuous Inspection.
Integration comes out of the box with standard ALM components such as Maven, Ant, SVN, Git, Mercurial, etc.
Go to Window > Preferences > Sonar > Servers.
Linking for the first time
Right-click on the project in the Project Explorer, and then Configure > Associate with Sonar
Sonar Issues View (displays local or remote information depending on the selected mode)
Sonar Web Browser View (displays remote information only)
Working With SonarQube
Fixing an Issue
A double-click on an issue icon opens the source code editor and highlights the issue:
Reviewing an Issue (Remote)
Checking Code Prior to Commit