KEMBAR78
Sonar Qube | PDF | Software Engineering | Software Development
Scribd
Upload
250 views3 pages

Sonar Qube

SonarQube is an open source tool for continuous inspection of code quality. It analyzes source code to measure quality and provide reports. In a DevOps pipeline, static code analysis with SonarQube is an important stage where the code must pass quality gates of 75% or higher to continue the build process. SonarQube analyzes code at different layers to detect errors, bugs, vulnerabilities and other issues based on established practices. It offers recommendations on how to improve code quality across many aspects beyond just errors.

Uploaded by

Manan Patel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
250 views3 pages

Sonar Qube

SonarQube is an open source tool for continuous inspection of code quality. It analyzes source code to measure quality and provide reports. In a DevOps pipeline, static code analysis with SonarQube is an important stage where the code must pass quality gates of 75% or higher to continue the build process. SonarQube analyzes code at different layers to detect errors, bugs, vulnerabilities and other issues based on established practices. It offers recommendations on how to improve code quality across many aspects beyond just errors.

Uploaded by

Manan Patel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

SonarQube – DevOps (Static Code Analysis)

Static Code Analysis in pipeline


• In a Pipeline ‘Static Code analysis’ is a very important stage.
• Code should pass this stage to have a successful build.
• In this stage we will have a Quality metric like 75%, this should be satisfied, and it
is called ‘Quality Gate’
• If the code is not meeting the quality gate we should terminate the pipeline.

SonarQube is a ‘Static Code analysis’ tool

What is static code analysis ?


Static code analysis is the process of detecting errors and bugs in the source code. This
is just like a code review.

Code review

• This is one of the oldest and most useful methods of detecting defects. Its
like reading the code and making recommendations on its improvement. We
can defect errors and code blocks that can be problematic in future. But the
only downside of this code review is its Expensive. As we need to make
programmers do it.
• So, the solution for this problem is Static Analysis Tools.

SonarQube

• This is an open source product for continuous inspection of code quality.


• This tool collects and analyzes source code, measuring quality and
providing reports for your project.
• It’s a combination of static and dynamic analysis tools. SonarQube analyses
code in different aspects. So, it will drill down to code layer by layer.

What all the software characteristics focused


1. Established good practices must be followed
2. Established bad practices must be avoided
3. Potential bugs
4. Performance issues
5. Security vulnerabilities
6. Any Duplicate code
7. Very complex code logic
8. Public API should have good documentation and comments
9. Unit test
10. Code coverage etc.
Advantages with SonarQube
1. Along with what’s wrong, SonarQube is also offering how to make it right.
2. Its deals not only with errors:
a. Test coverage
b. Duplication
c. API documentation
d. Code smells
e. Vulnerabilities
f. Unit Tests

25+ Programming Languages


With SonarQube comes a code analyzer for each major programming language. Each
analyzer provides numerous rules to spot general and language-specific quality issues.

ABAP Apex C/C++ C# CSS COBOL


Flex Go HTML Java JavaScript Kotlin
Objective-C PL/SQL PL/I PHP Python RPG
Ruby Scala Swift T-SQL TypeScript VB.NET VB6

You might also like