Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sonar Review

1,185 views

Published on

Sonarqube Overview: benefits, processes

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Sonar Review

  1. 1. SONAR KATE SEMIZHON
  2. 2. SONARQUBE AN OPEN SOURCE WEB APPLICATION TO MANAGE CODE QUALITY
  3. 3. WHAT IS SONAR Sonar covers the 7 axes of code quality
  4. 4. CONTINUOUS INSPECTION - the practice of measuring your code on a very regular basis - raises code quality visibility for all stakeholders - Continuously Improve the code quality
  5. 5. 50+ PLUGINS LANGUAGES DEV TOOLS http://docs.codehaus.org/display/SONAR/Plugin+Library/ INTEGRATION AUTHENTIFICATION & AUTHORIZATION GOVERNANCE VIZUALIZATION & REPORTING ADDITIONAL METRICS
  6. 6. CLIENT LIST
  7. 7. CASE STUDY “There used to be numerous code-related issues that escalated over time and cost us a lot.” “SonarQube has triggered a three-fold business impact that we have seen extensively in every project team we have on-boarded – delivery excellence (time to capability reduced), engineering excellence (quality improvement) and business value (cost savings).” “A defect caught at an earlier stage in the PLC is way less expensive than one caught later on.” http://www.sonarsource.com/customers/customer-stories/ leader in networking technologies. • 73,460 employees • Q2 FY13 revenues of $12.1 billion • uses SonarQube to analyze >9 million lines of code in 90 applications
  8. 8. WHY? Prevention is the best medicine
  9. 9. BENEFITS Quality improvements of code produced by increasing developer knowledge and understanding of code quality issues. Reducing maintenance cost through early identification of quality issues. Reducing time that is spent on code reviews Improving the productivity of software development teams (suppress code duplication and redundancy) Automatic detection of bugs and provides an opportunity to fix them before rolling software out to production
  10. 10. SONAR DASHBOARD List of projects/apps Quality metrics
  11. 11. Developers 7 Deadly Sin Bugs and Potential Bugs Coding Standards Breach Duplications Lack of Unit Tests Bad Distribution of Complexity Spaghetti Design Not Enough or Too Many Comments
  12. 12. KEY METRICS  Potential bugs  Potential performance problems  Potential security issues  Duplicates  Сoverage  Time machine
  13. 13. POTENTIAL BUGS Return statements should not occur in finally blocks This class overrides "equals()" and should therefore also override "hashCode()” "equals(Object obj)" should be overridden along with the "compareTo(T obj)" method Thread.run() and Runnable.run() should not be called directly
  14. 14. INCORRECT EXCEPTION PROCESSING Throwable and Error classes should not be caught Generic exceptions Error, RuntimeException, Throwable and Exception should never be thrown Avoid Print Stack Trace Avoid Rethrowing Exception Avoid Catching/throwing NPE Avoid Instanceof Checks In Catch Clause
  15. 15. INCORRECT STRING PROCESSING name description StringInstantiation Avoid instantiating String objects; this is usually unnecessary. Inefficient String Buffering Avoid concatenating non literals in a StringBuffer constructor or append() Use Index Of Char Use String.indexOf(char) when checking for the index of a single character; it executes faster. String To String Avoid calling toString() on String objects; this is unnecessary. Useless String Value Of No need to call String.valueOf to append to a string; just use the valueOf() argument directly. String Literal Equality Checks that string literals are not used with == or !=. Unnecessary Case Change Using equalsIgnoreCase() is faster than using toUpperCase/toLowerCase().equals()
  16. 16. PROCESS Set up threshold Daily reports Sonar plugin for developers to verify code Emails alerts Sprint Reports to track quality
  17. 17. COST Object Cost SonarQube Free Plugins Free Sonar Installation and Configuration 1 day - DevOps Compare stats once a sprint 1h Verify new code by developers Ongoing Activities – part of the development

×