The SonarQube Platform is made of 4 components:
- Server, Database, Plugins and Scanner
One or more SonarQube Scanners running on your Build / Continuous Integration Servers to analyze projects
3. 3
Rule Set Definition
Checkstyle Metrik Java
FindBugs Java
FindBugs Security Audit Java
FindBugs Security Minimal Java
FxCop with MS minumum recommended ruleset C#
FxCop with MS minumum recommended ruleset of SharePoint C#
Sonar way C# Sonar way Java
Sonar way PL/SQL
Sonar way Python
Sonar way Web / XML Sonar way with Findbugs Java
4. 4
Quality Gates & Plugins
Configuration
Def Plugins:
32: C# [csharp] 4.0 Enable analysis and reporting on C# projects.
33: Java [java] 3.1 SonarQube rule engine.
34: PL/SQL [plsql] 2.7 Enable analysis and reporting on PL/SQL projects.
35: Python [python] 1.5 Enable analysis /reporting on python projects.
36: Git [scmgit] 1.0 Git SCM Provider.
37: SVN [scmsvn] 1.0 SVN SCM Provider.
38: Web [web] 2.3 Analyze HTML (also within PHP/Ruby/etc. templates)
39: and JSP/JSF code.
40: XML [xml] 1.2 Enable analysis and reporting on XML files.
7. 7
Fazit
Testbarkeit und Analysierbarkeit sind eng miteinander
verwandt (wie Qualität & Anforderungen).
Zur Entwicklungszeit ist die Analysierbarkeit der
Sourcen für die Behebung von Fehlern und die Change-
Impact Analyse (Änderung / Erweiterung des Systems)
von Bedeutung.
Zudem bilden automatische Tests in vielen Fällen eine
genaue und verfügbare Spezifikation auf Abruf
(Definition of Done).
8. 8
Analysis Result
• On all languages, "blame issue" data will automatically
be imported from supported SCM providers. Git and SVN are
supported automatically. Other providers require additional
plugins.
• On all languages, a static analysis of source code is
performed (Java files, Pascal, COBOL programs, etc.)
• A static analysis of compiled code can be performed for
certain languages (.class files in Java, .dll files in C#, etc.)
• A dynamic analysis of code can be performed on certain
languages and script engines like maXbox.