Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SonarQube Should I stay or should I go ? Jérémie Fays – 3 June 2015
Stay if you want to hear… •  What is SonarQube ? •  What is available at Interface ?
SonarWhat ? Developers –  Maintenability –  Good programming practises –  Bugs Tech transfer –  Info on software maturity ...
Sonar not what ! What it doesn’t do : •  Performance analysis (memory, CPU) •  Conformity to requirements specifications • ...
SonarWhat ? Open source (LGPL v3) Developped by a Swiss company : SonarSource Used by major companies (Thales, Cisco, Siem...
Supported languages Free –  Java / groovy –  Python –  Web –  Android –  C++ Commercial –  C/C++/objective C –  Visual Bas...
Ulg softwares
SonarQube
Basic metrics : LOC •  LOC = Lines of Code •  Useful for reporting •  Sometimes used in software valuation (Cocomo II)
Complexity = number of ways to run through code In practise : if, while, for… à +1 Guide value : complexity /function sho...
Code duplication Code blocks duplicated ? Make it a function ! Guide value : no
Comments Comments help maintenance and transferability Guide value : 20-40%, but very variable
Code coverage Percentage of code covered by unit tests Guide value : >80%
Issues •  Possible bugs •  Security issues •  Coding rules / style •  Show « magic numbers » Guide value : no blocker or c...
Example
Technical debt = effort needed to solve all « code quality » issues Guide value : no.
SonarQube, in short •  A set of « quality » metrics •  Better use : day-to-day …or even continuous integration !
Situation at Interface
A continuous improvement •  Software protection and licenses http://www.interface.ulg.ac.be/docs/Researchers_Guide.pdf Fos...
Our SonarQube instance Samba Script
SonarQube : our services •  Snapshot analysis –  A first contact with SonarQube •  Preparation for a transfer –  Before a t...
Future Continuous integration with Jenkins ?
Conclusions •  SonarQube is useful for : –  Short term quality mission –  Day-to-day use (up to continuous integration) • ...
Thanks ! Jérémie Fays j.fays@ulg.ac.be +32 4 349 85 21 www.linkedin.com/in/jeremiefays
Upcoming SlideShare
Loading in …5
×

SonarQube - Should I Stay or Should I Go ?

3,153 views

Published on

...by Jérémie Fays, 3 june 2015.

Ever considered monitoring your code quality ? SonarQube is certainly a good candidate for that, and an open source one ! This presentation explains shortly the metrics you can track using SonarQube, and how it has been implemented at the University of Liege TTO.

Published in: Software
no profile picture user

  • Login to see the comments

SonarQube - Should I Stay or Should I Go ?

  1. 1. SonarQube Should I stay or should I go ? Jérémie Fays – 3 June 2015
  2. 2. Stay if you want to hear… •  What is SonarQube ? •  What is available at Interface ?
  3. 3. SonarWhat ? Developers –  Maintenability –  Good programming practises –  Bugs Tech transfer –  Info on software maturity –  Better valuation –  Preparation for a due diligence (Technical Debt) Static code analysis
  4. 4. Sonar not what ! What it doesn’t do : •  Performance analysis (memory, CPU) •  Conformity to requirements specifications •  Expertise on architecture and technological choices
  5. 5. SonarWhat ? Open source (LGPL v3) Developped by a Swiss company : SonarSource Used by major companies (Thales, Cisco, Siemens, Adobe, Tom-Tom…) Supports more than 20 programming languages
  6. 6. Supported languages Free –  Java / groovy –  Python –  Web –  Android –  C++ Commercial –  C/C++/objective C –  Visual Basic –  COBOL –  Swift Not supported –  Fortran –  Matlab –  R –  Pascal
  7. 7. Ulg softwares
  8. 8. SonarQube
  9. 9. Basic metrics : LOC •  LOC = Lines of Code •  Useful for reporting •  Sometimes used in software valuation (Cocomo II)
  10. 10. Complexity = number of ways to run through code In practise : if, while, for… à +1 Guide value : complexity /function should be less than 8.
  11. 11. Code duplication Code blocks duplicated ? Make it a function ! Guide value : no
  12. 12. Comments Comments help maintenance and transferability Guide value : 20-40%, but very variable
  13. 13. Code coverage Percentage of code covered by unit tests Guide value : >80%
  14. 14. Issues •  Possible bugs •  Security issues •  Coding rules / style •  Show « magic numbers » Guide value : no blocker or critical errors.
  15. 15. Example
  16. 16. Technical debt = effort needed to solve all « code quality » issues Guide value : no.
  17. 17. SonarQube, in short •  A set of « quality » metrics •  Better use : day-to-day …or even continuous integration !
  18. 18. Situation at Interface
  19. 19. A continuous improvement •  Software protection and licenses http://www.interface.ulg.ac.be/docs/Researchers_Guide.pdf Fossology installed and running •  Software quality http://www.interface.ulg.ac.be/docs/Metriques-qualite-logiciel.pdf SonarQube installed and running + C/C++ commercial plugin
  20. 20. Our SonarQube instance Samba Script
  21. 21. SonarQube : our services •  Snapshot analysis –  A first contact with SonarQube •  Preparation for a transfer –  Before a tech transfer (license or spin-off) –  Before opening the code •  Operational use –  Day-to-day use of our SonarQube instance
  22. 22. Future Continuous integration with Jenkins ?
  23. 23. Conclusions •  SonarQube is useful for : –  Short term quality mission –  Day-to-day use (up to continuous integration) •  A SonarQube instance is available at ITF : –  Commercial C/C++ plugin installed –  One shot analysis –  Account creation for day-to-day use è Contact me !
  24. 24. Thanks ! Jérémie Fays j.fays@ulg.ac.be +32 4 349 85 21 www.linkedin.com/in/jeremiefays

×