Successfully reported this slideshow.
Your SlideShare is downloading. ×

Maven.pptx

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
DevOps 1 (1).pptx
DevOps 1 (1).pptx
Loading in …3
×

Check these out next

1 of 13 Ad

More Related Content

Recently uploaded (20)

Advertisement

Maven.pptx

  1. 1. Maven • Maven is free and extensible and it’s distributed as a small core module. All features are implemented as plug-ins and are loaded on demand. These plug-ins are also stored in repositories. You (or other developers) can easily write plug-ins in Java or other scripting languages. Maven scripts can run Ant scripts and vice versa.
  2. 2. Maven provides a simple way to set up projects that follow common best practices, including a default directory structure that makes it easier to understand how a project is structured. A consistent and unified directory structure simplifies software development and provides a standard based on industry best practices. This focus on convention over configuration increases cross-project knowledge and makes it easier to get up to speed on another team’s project. Many Maven features, configurations, and settings are provided implicitly. You can change Maven’s default behavior at many points and can configure almost everything, but generally it’s better to stay with the commonly accepted conventions.
  3. 3. Lifecycles, phases, and goals • Maven requires that you describe what your project is doing. To this end, Maven offers lifecycles and individual phases that you can configure to tell Maven what to do in these phases. Validate Compile Test Package Integration test Verify Deploy
  4. 4. Maven and testing • Maven is ideally suited for running all your tests as part of your normal build setup. You don’t need a customized environment for different types of tests. Unit tests run by default, and integration tests are specified as a phase in the Maven build (between the packaging and the install phases). In this way, you can rely upon the previously built package, which can output a WAR file. To run your integration tests, you need to add and configure the dedicated plug-ins.
  5. 5. Maven component repositories • Maven repositories are essential for organizing build artifacts of varying types and their dependencies on each other. Two types of repositories are remote and local.
  6. 6. SonarQube • SonarQube, developed by SonarSource, is an open-source tool for automated code review and analysis. Consistent code quality is something every manager or technical director aims to maintain, and although new tools pop up frequently, each promising more features than the last, very few code quality and security tools come close to competing with SonarQube. Supporting static code analysis for 20+ languages, this Sonar code quality tool is trusted and used by many professional teams worldwide. • We will be looking over how to start using the SonarQube tool for code quality in your own projects to generate detailed reports on bugs, security vulnerabilities, duplicate code, code smells, and much more. Let’s get started.
  7. 7. Features: •Can perform automatic reviews with static code analysis for many problems that affect code quality. •Helps maintain quality and reliability of code projects over its life-span using advanced quality test metrics and graphs. •Integrates seamlessly with other tools like Jenkins, Atlassian, MSBuild, etc, which helps productive workflow. •Supports most popular programming languages like Java, Python, JavaScript, etc (along with framework support).
  8. 8. How SonarQube helps to assess the quality of the code SQALE approach is used in the SonarQube top-notch design, with specific changes. The SQALE technique, widely recognized, concentrates primarily on programming difficulty, maintenance and will not consider the program's hazards. In essence, if a significant safety issue is found in a program, one needs to solve every stability, modifications, usability, and running strictly according to the SQALE approach and after turn again in the latest severe problem. In reality, if possible flaws in the program for such a lengthy period and gets zero consumer error complaints, it is far more critical to concentrate on remediating the latest deficiencies.
  9. 9. How to Use SonarQube Tool For Code Quality • Step 1: Download and Unzip SonarQube • Prerequisites: Java (Oracle JRE11 or OpenJDK 11 minimum) • SonarQube comes in four different editions, including paid ones, however, for the purpose of this article, we will be using their free open-source community edition.
  10. 10. Step 2: Run the SonarQube local server At this point, you should be greeted with a little `.bat` file (if you are on windows) or a `.sh` file (if you are on Linux or Mac). The next step will be to execute this file to proceed into the console. On Windows, navigate into the parent directory containing the `StartSonar.bat` file. This can be done by navigating to the unzipped folder ('sonarqube') and into the bin and windows-x86-xx folder
  11. 11. Step 3: Start a new SonarQube project Now that you have successfully run your SonarQube server, you can proceed to start your first code project. Click on the ‘+’ icon on the top right of the navigation bar and select ‘Create New Project.’ In the next page, enter a unique project key and a short and suitable display Name and click on Set Up.
  12. 12. Step 4: Setup Project properties and SonarScanner This step should be pretty straightforward if you have spent any time working on code projects. Register the …sonar-scanner-cli-<version>-<OS>sonar-scanner-<version>-<OS>bin directory in your environment variable list. This can be done by adding an entry in the `Add Environment Variables` window for Windows.
  13. 13. Step 5: View your analysis report on Sonar Dashboard After the scan has completed through your code-base, go back to your SonarQube dashboard on http://localhost:9000 and log in using your credentials. Select your created project and you will find a code analysis report waiting for you. The free Community Edition should include Reliability (measured in # of bugs), Security (in terms of vulnerabilities), Maintainability (depending on your code debt and smells), Coverage, and Duplications. Depending on the number and intensity of each check, the Quality Gate will either 'Pass' or 'Fail' the project. A green color grade will show areas where your code performed well while yellow and red color grades will highlight problem areas.

×