Wednesday, June 1, 2016

Continues Inspection with SonarQube / Sonar plugins Part 1

Introduction to SonarQube

Part 1 >  Part 2 > Part 3  > Part 4

This will be the first part of a series of posts on Continues Inspection / Code Quality Assessment with SonarQube and will cover the use case with installation / configuration details.

What is SonarQube? 


SonarQube is a central place to manage code quality. It visualizes reporting on and across projects and enables us to replay the past evolution of projects. If you are aware of code quality checking plugins such as checkstyle, findbugs, PMD, etc. SonarQube is found as a collection of these plugins and more.

SonarQube,
  • Analyzes source code and byte code.
  • Computes hundreds of metrics.
  • Provides moment-in-time quality snapshots (Associates metrics with analysis snapshots).
  • Gives trends of lagging and leading indicators
  • Tracks developers’ 7 deadly sins (Explained in below)
  • Shows the results in dashboards and widgets , which are accessible any browser.


What is Code Quality?


in Gibberish -
Code Quality is a collection of factors such as Usability, Maintainability, Error management and Efficiency of a code.


in Simple Language -
It is an Indicator about, How quickly developers can add business value to a software system.

Why Measure Code Quality?


Because,
  • A system is never “Finished”. (We don’t know where we need to modify it in the future)
  • You can not improve if you don’t measure
  • The Broken Windows Theory !
  • If system was a person, Source Code is the Heart of the System.


What to Measure as Code Quality?


The makers of SonarQube, SonarSource has introduced us 7 facts to Measure as Code Quality. They call them "The 7 Deadly Sins"
  1. Bugs and Potential Bugs
  2. Coding Standards Breach
  3. Duplication
  4. Lack of Unit Tests
  5. Bad Distribution of Complexity
  6. Spaghetti Design
  7. Not Enough or Too Many Comments


How to Measure Code Quality?


Of course that's where we use SonarQube. Its a tool for measuring the quality of code...

SonarQube is just a part of code quality management process. Code quality management process may also include,
  • Code Reviews (includes Code Freezes as well)
  • Pair programming, etc.
Code Freeze - If the current level of code quality is below than the acceptance level, new code generation will be stopped at a point. Then all team members will start working on improving the code quality until they reach the acceptable quality level. Only then the development shall begin again...
It is important to keep in mind that you should use the aforesaid quality management methods alongside SonarQube. If not your expectations on using this amazing tool might not be rightfully  achieved.  
"Start where you stand, and work with whatever tools you may have at your command, and better tools will be found as you go along" - George Herbert

SonarQube for every Programming Language?


  • SonarQube was initially developed for JAVA
  • Today it supports over 20+ languages (C, C++, Android, Java, JavaScript, etc.)
  • List of Supported Languages.

If you want to learn how to install and configure SonarQube > Part 2 - SonarQube Installation and Configuration
If you want to analyze your source code straight away > Part 3 - Continues Inspection With Sonar (The Sonar Way)
If you want to configure Sonar Plugin for eclipse > Part 4 - Sonar Plugin Installation and Configuration for Eclipse IDE

No comments:

Post a Comment

Things to be learned before learning Load Balancing

Network Layers (Keep in mind when working with diffrent protocols) Difference between HTTPS and SSL SSL (Secure Socket Layer...