Overview of SonarQube

SonarQube:-

Most of you might have heard about sonar or SonarQube as an automatic code to evaluate the device. It truly is right! However, sonarqube is not constrained to handiest performing computerized code evaluation and providing a listing of findings.

Because the documentation aptly says, it is an open-supply nice control platform which helps in non-stop analysis and measurement of technical exceptional of supply code. It offers a high degree photo of code fine measured towards configured coding standards/ pleasant practices.

There's ample documentation to be had on sonarqube website. This blog will help you to filter out the important things in records and offer a quick introduction to sonarqube and the way it works.

How does it work?

SonarQube takes project code as the input, analyzes it using pre-defined coding rules, and publishes web-based results giving an overview of the technical quality of code.

Results summarize the status on the project level which can be informative to management and is also possible to go on the issue level to see a specific line of code causing the rule violation. This feature makes it very useful for developers to take quick action.

Rules:-

The analysis is carried out using pre-defined rules based on industry coding standards /best practices. Rules for a particular language are available as a plug-in for most of the languages.

Quality Profile:-

Each language plugin comes with a predefined, built-in profile (called "Sonar way") having a set of pre-defined rules and it will be used as a default profile during analysis for projects.

New quality profiles can be created to configure rules as per project requirements, but it’s optional.

SonarQube allows inheritance in quality profiles thereby allowing to inherit rules provided by the plugin in the default profile.

Custom Rules:-

It is possible to create custom rules. Custom Rules are considered as any other rule, except that they can be fully edited or even deleted.

Rule Templates are provided by plugins to allow users to define their own rules in SonarQube.

Understanding the results:-

After the analysis, results are published and made available on the SonarQube web console.

On a project level, it gives a snapshot of overall issues with a severity-wise breakup, duplications, technical debt, etc.

Issues:-

During analysis, SonarQube raises an issue whenever a piece of code breaks a coding rule. Developers can also manually raise issues that cannot be detected by SonarQube (examples: the implementation of the method does not comply with the functional requirements, the JavaDoc of the method does not match its implementation, etc.). Each issue has one of the five securities e.g. blocker, critical, major, minor, info.

Technical Debt:-

Technical debt is the estimated effort in days to fix the issues. The computation of technical debt in SonarQube is based on the SQALE (Software Quality Assessment based on Lifecycle Expectations) methodology. To manage technical debt with SQALE, it is required to enable rules in the Common SonarQube repository that flag:

• Duplicated blocks
• Failed unit tests
• Insufficient branch coverage by unit tests
• Insufficient comment density
• Insufficient line coverage by unit tests
• Skipped unit tests

Benefits of SonarQube:-

• Sustainability- Reduces complexity, possible vulnerabilities, and code duplications, optimizing the life of applications.
• Increase productivity- Reduces the scale, cost of maintenance, and risk of the application; as such, it removes the need to spend more time changing the code
• Quality code- Code quality control is an inseparable part of the process of software development.
• Detect Errors- Detects errors in the code and alerts developers to fix them automatically before submitting them for output.
• Increase consistency- Determines where the code criteria are breached and enhances the quality
• Business scaling- No restriction on the number of projects to be evaluated
• Enhance developer skills- Regular feedback on quality problems helps developers to improve their coding skills