SonarQube is the leading platform for static code analysis and Continuous Code Quality.
In this talk we will look into all three lines of defense of the SonarEcosystem and how they can help to find bugs before they enter your codebase (or at least go into production).
After this talk, you’ll have a good overview of the SonarEcosystem as well as actionable starting points for increasing your code quality.
Furthermore, we will share learnings from using SonarQube for more than 4 years and pointers to additional resources.
About the Speaker:
As Chief Technical Officer, Roman Pickl is in charge of technical development at Fluidtime. He has comprehensive experience in project management, the technical coordination of national and international mobility projects and the optimisation of business and development processes.
Questions in between / Discussion at the end Question: Raise your hand if you are using it?
Wikipedia: William Thomson, 1st Baron Kelvin, OM, GCVO, PC, FRS, FRSE (/ˈkɛlvɪn/; 26 June 1824 – 17 December 1907) was a Scots-Irish mathematical physicist and engineer who was born in Belfast in 1824. At the University of Glasgow he did important work in the mathematical analysis of electricity and formulation of the first and second laws of thermodynamics, and did much to unify the emerging discipline of physics in its modern form.
Software Product Quality is a multi dimensional concept External factors that directly influence the customer and internal factors that only have an indirect impact And as as software developer you may only have impact on some of these dimensions (e.g. you could write perfect code, but still no one may need your product; i.e. it doesn‘t meet your customers‘ needs)
Wikipedia: SQALE (Software Quality Assessment based on Lifecycle Expectations) is a method to support the evaluation of a software application source code. It is a generic method, independent of the language and source code analysis tools, licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported license. Software editors can freely use and implement the SQALE method.
The SQALE method has been developed to answer a general need for assessing the quality of source code. It is meant to answer fundamental questions such as: What is the quality of the source code delivered by the developers? Is the code changeable, maintainable, portable, reusable? What is the design debt stored up by the project?
SonarSource: SQALE is primarily about maintainability, but the SQALE quality model also encompasses bugs and vulnerabilities. So those important issues get lost in the crowd. The result is that a project can have blocker-level bugs, but still get an A SQALE rating. For us, that was kinda like seeing a green light at the intersection while cross-traffic is still flowing. Yes, it’s recoverable if you’re paying attention, but still dangerous.
Wikipedia: The Harvard Mark II was an electromechanical computer built under the direction of Howard Aiken and was finished in 1947. It was financed by the United States Navy.
Code Complete: industry average 15-50 bugs per 1000 lines of code
Wikipedia: Thomas J. McCabe introduced Cyclomatic Complexity in 1976 as a way to guide programmers in writing methods that “are both testable and maintainable”. At SonarSource, we believe Cyclomatic Complexity works very well for measuring testability, but not for maintainability. That’s why we’re introducing Cognitive Complexity, which you’ll begin seeing in upcoming versions of our language analyzers. We’ve designed it to give you a good relative measure of how difficult the control flow of a method is to understand.
https://blog.sonarsource.com/putting-it-all-together-end-to-end-quality-with-sonarecosystem/ Fast Feedback
Continuous Code Quality with the sonar ecosystem
Continuous Code Quality with the SonarEcosystem
Roman Pickl (email@example.com)