Most of you might have heard about sonar or SonarQube as an automatic code to evaluate the device. It truly is right! However, sonarqube is not constrained to handiest performing computerized code evaluation and providing a listing of findings.
Because the documentation aptly says, it is an open-supply nice control platform which helps in non-stop analysis and measurement of technical exceptional of supply code. It offers a high degree photo of code fine measured towards configured coding standards/ pleasant practices.
There's ample documentation to be had on sonarqube website. This blog will help you to filter out the important things in records and offer a quick introduction to sonarqube and the way it works.
SonarQube takes project code as the input, analyzes it using pre-defined coding rules, and publishes web-based results giving an overview of the technical quality of code.
Results summarize the status on the project level which can be informative to management and is also possible to go on the issue level to see a specific line of code causing the rule violation. This feature makes it very useful for developers to take quick action.
The analysis is carried out using pre-defined rules based on industry coding standards /best practices. Rules for a particular language are available as a plug-in for most of the languages.
Each language plugin comes with a predefined, built-in profile (called "Sonar way") having a set of pre-defined rules and it will be used as a default profile during analysis for projects.
New quality profiles can be created to configure rules as per project requirements, but it’s optional.
SonarQube allows inheritance in quality profiles thereby allowing to inherit rules provided by the plugin in the default profile.
It is possible to create custom rules. Custom Rules are considered as any other rule, except that they can be fully edited or even deleted.
Rule Templates are provided by plugins to allow users to define their own rules in SonarQube.
Understanding the results:-
After the analysis, results are published and made available on the SonarQube web console.
On a project level, it gives a snapshot of overall issues with a severity-wise breakup, duplications, technical debt, etc.
During analysis, SonarQube raises an issue whenever a piece of code breaks a coding rule. Developers can also manually raise issues that cannot be detected by SonarQube (examples: the implementation of the method does not comply with the functional requirements, the JavaDoc of the method does not match its implementation, etc.). Each issue has one of the five securities e.g. blocker, critical, major, minor, info.
Technical debt is the estimated effort in days to fix the issues. The computation of technical debt in SonarQube is based on the SQALE (Software Quality Assessment based on Lifecycle Expectations) methodology. To manage technical debt with SQALE, it is required to enable rules in the Common SonarQube repository that flag:
Subscribe to get latest updates