...by Jérémie Fays, 3 june 2015. Ever considered monitoring your code quality ? SonarQube is certainly a good candidate for that, and an open source one ! This presentation explains shortly the metrics you can track using SonarQube, and how it has been implemented at the University of Liege TTO.

1. SonarQube
Should I stay or should I go ?
Jérémie Fays – 3 June 2015

2. Stay if you want to hear…
• What is SonarQube ?
• What is available at Interface ?

3. SonarWhat ?
Developers
– Maintenability
– Good programming practises
– Bugs
Tech transfer
– Info on software maturity
– Better valuation
– Preparation for a due diligence (Technical Debt)
Static code analysis

4. Sonar not what !
What it doesn’t do :
• Performance analysis (memory, CPU)
• Conformity to requirements specifications
• Expertise on architecture and technological choices

5. SonarWhat ?
Open source (LGPL v3)
Developped by a Swiss company : SonarSource
Used by major companies
(Thales, Cisco, Siemens, Adobe, Tom-Tom…)
Supports more than 20 programming languages

6. Supported languages
Free
– Java / groovy
– Python
– Web
– Android
– C++
Commercial
– C/C++/objective C
– Visual Basic
– COBOL
– Swift
Not supported
– Fortran
– Matlab
– R
– Pascal

7. Ulg softwares

8. SonarQube

9. Basic metrics : LOC
• LOC = Lines of Code
• Useful for reporting
• Sometimes used in software valuation
(Cocomo II)

10. Complexity
= number of ways to run through code
In practise : if, while, for… à +1
Guide value : complexity /function should be
less than 8.

11. Code duplication
Code blocks duplicated ? Make it a function !
Guide value : no

12. Comments
Comments help maintenance and
transferability
Guide value : 20-40%, but very variable

13. Code coverage
Percentage of code covered by unit tests
Guide value : >80%

14. Issues
• Possible bugs
• Security issues
• Coding rules / style
• Show « magic numbers »
Guide value : no blocker or critical errors.

15. Example

16. Technical debt
= effort needed to solve all « code quality »
issues
Guide value : no.

17. SonarQube, in short
• A set of « quality » metrics
• Better use : day-to-day
…or even continuous integration !

18. Situation at Interface

19. A continuous improvement
• Software protection and licenses
http://www.interface.ulg.ac.be/docs/Researchers_Guide.pdf
Fossology installed and running
• Software quality
http://www.interface.ulg.ac.be/docs/Metriques-qualite-logiciel.pdf
SonarQube installed and running + C/C++ commercial plugin

20. Our SonarQube instance
Samba
Script

21. SonarQube : our services
• Snapshot analysis
– A first contact with SonarQube
• Preparation for a transfer
– Before a tech transfer (license or spin-off)
– Before opening the code
• Operational use
– Day-to-day use of our SonarQube instance

22. Future
Continuous integration with Jenkins ?

23. Conclusions
• SonarQube is useful for :
– Short term quality mission
– Day-to-day use (up to continuous integration)
• A SonarQube instance is available at ITF :
– Commercial C/C++ plugin installed
– One shot analysis
– Account creation for day-to-day use
è Contact me !

24. Thanks !
Jérémie Fays
j.fays@ulg.ac.be
+32 4 349 85 21
www.linkedin.com/in/jeremiefays