Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

SonarQube for Code quality




Shiva Hari Kumar B
[1a]Developer, Banca Sella
Code quality : “It’s an indicator about how quickly developers can add business value to a software system”[2a]
Technical Debt

"If the debt grows large enough, eventually the company will spend more on servicing its debt than it invests in increasing the value of its other assets" -Steve McConnell
(Author of Complete Code)



Case Study

  • [3a]Cover Oregon
  • [3b]Apple Maps

    • Technical Sins : [4a]
  • Bugs and Potential Bugs
  • Coding Standards Breach
  • Duplications
  • Lack of Unit Tests
  • Bad Distribution of Complexity
  • Spaghetti Design
  • Not Enough or Too Many Comments
    • userID might be null 

      ...
  Long userID = null;
  try {
    userID = session.get("USER_ID");
    ...
  }catch(java.lang.Exception e){
    ...
  }finally {
    log.severe(userID.toString(), "FAILURE");
    ...
  }
  ...
    SalaryComponent.java 

      int static final INCREMENT = 10;
  int static final bonus = 3000;

    SalaryCalculator.java 

      if(promoted)
  salary = getSalary(level);
  else{
  hike = 1 + (SalaryComponent.INCREMENT/100);
  salary = salary * hike;}
  salary = salary + SalaryComponent.bonus;
    Technical Sins : [4a]
  • Bugs and Potential Bugs
  • Coding Standards Breach
  • Duplications
  • Lack of Unit Tests
  • Bad Distribution of Complexity
  • Spaghetti Design
  • Not Enough or Too Many Comments

    • Thus, 7 Axes of Code Quality

    Code Quality Analyzers
    [8a]   [8b]
    SonarQube
  • Open source platform for continuous inspection of code quality
  • Tracks developer's seven deadly sins
    • [9a]
  • Gives trends of lagging and leading indicators
  • Language agnostic
  • Extensible through plugins
    •    [9b]Developed by SonarSource
    Sonar Evolution [10a]
  • mvn sonar:sonar
  • Sonar Ruleset
  • Squid engine
  • SQALE
  • Bugs & Vulnerabilities, Code smell
    • [10b]
  • Clustering

    • [10c]
    Quality Management platform
  • Opensource community
    • [11a]
  • Plugin Library
  • Partnership with Microsoft
  • Classic Commercial model
    •
    Demo: Sonar Metrics
    Squid Engine
  • Custom Rules
  • Custom Widgets
  • New language plugin
  • Contribute
    • Demo : SonarQube Management

                   
  • Quality Gate
  • Quality Profile
  • Permissions
  • Ex/(In)clusions
    		•
    Precommit Analysis
  • SonarLint
  • SonarQube plugin
  • Github pull plugin

    • [15a]   [15b]

    want to know more?

    Documentation
    Stackoverflow
    Google Group
    shivaharikumar @   Github    LinKedIn   Twitter
    Version history: v1 : Chennai DevOps Meetup