Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SonarQube - Should I Stay or Should I Go ?

3,153 views

Published on

...by Jérémie Fays, 3 june 2015.

Ever considered monitoring your code quality ? SonarQube is certainly a good candidate for that, and an open source one ! This presentation explains shortly the metrics you can track using SonarQube, and how it has been implemented at the University of Liege TTO.

Published in: Software

SonarQube - Should I Stay or Should I Go ?

  1. 1. SonarQube Should I stay or should I go ? Jérémie Fays – 3 June 2015
  2. 2. Stay if you want to hear… •  What is SonarQube ? •  What is available at Interface ?
  3. 3. SonarWhat ? Developers –  Maintenability –  Good programming practises –  Bugs Tech transfer –  Info on software maturity –  Better valuation –  Preparation for a due diligence (Technical Debt) Static code analysis
  4. 4. Sonar not what ! What it doesn’t do : •  Performance analysis (memory, CPU) •  Conformity to requirements specifications •  Expertise on architecture and technological choices
  5. 5. SonarWhat ? Open source (LGPL v3) Developped by a Swiss company : SonarSource Used by major companies (Thales, Cisco, Siemens, Adobe, Tom-Tom…) Supports more than 20 programming languages
  6. 6. Supported languages Free –  Java / groovy –  Python –  Web –  Android –  C++ Commercial –  C/C++/objective C –  Visual Basic –  COBOL –  Swift Not supported –  Fortran –  Matlab –  R –  Pascal
  7. 7. Ulg softwares
  8. 8. SonarQube
  9. 9. Basic metrics : LOC •  LOC = Lines of Code •  Useful for reporting •  Sometimes used in software valuation (Cocomo II)
  10. 10. Complexity = number of ways to run through code In practise : if, while, for… à +1 Guide value : complexity /function should be less than 8.
  11. 11. Code duplication Code blocks duplicated ? Make it a function ! Guide value : no
  12. 12. Comments Comments help maintenance and transferability Guide value : 20-40%, but very variable
  13. 13. Code coverage Percentage of code covered by unit tests Guide value : >80%
  14. 14. Issues •  Possible bugs •  Security issues •  Coding rules / style •  Show « magic numbers » Guide value : no blocker or critical errors.
  15. 15. Example
  16. 16. Technical debt = effort needed to solve all « code quality » issues Guide value : no.
  17. 17. SonarQube, in short •  A set of « quality » metrics •  Better use : day-to-day …or even continuous integration !
  18. 18. Situation at Interface
  19. 19. A continuous improvement •  Software protection and licenses http://www.interface.ulg.ac.be/docs/Researchers_Guide.pdf Fossology installed and running •  Software quality http://www.interface.ulg.ac.be/docs/Metriques-qualite-logiciel.pdf SonarQube installed and running + C/C++ commercial plugin
  20. 20. Our SonarQube instance Samba Script
  21. 21. SonarQube : our services •  Snapshot analysis –  A first contact with SonarQube •  Preparation for a transfer –  Before a tech transfer (license or spin-off) –  Before opening the code •  Operational use –  Day-to-day use of our SonarQube instance
  22. 22. Future Continuous integration with Jenkins ?
  23. 23. Conclusions •  SonarQube is useful for : –  Short term quality mission –  Day-to-day use (up to continuous integration) •  A SonarQube instance is available at ITF : –  Commercial C/C++ plugin installed –  One shot analysis –  Account creation for day-to-day use è Contact me !
  24. 24. Thanks ! Jérémie Fays j.fays@ulg.ac.be +32 4 349 85 21 www.linkedin.com/in/jeremiefays

×