Download as PDF, PPTX
Uploaded byGeeks Anonymes
SonarQube - Should I Stay or Should I Go ?
The document discusses SonarQube, an open-source tool developed by Sonarsource for static code analysis across various programming languages. It highlights the benefits of using SonarQube for software maintainability, quality metrics, and as part of continuous integration efforts. Additionally, it provides insights into its application at Interface, including installed plugins and future integration with Jenkins.
More Related Content
Similar to SonarQube - Should I Stay or Should I Go ?
![谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]](https://cdn.slidesharecdn.com/ss_thumbnails/top233-260130173900-2eb784f9-thumbnail.jpg?width=640&height=640&fit=bounds)
![20260201 [FOSDEM] gomodjail - library sandboxing for Go modules.pdf](https://cdn.slidesharecdn.com/ss_thumbnails/20260201fosdemgomodjail-librarysandboxingforgomodules-260201225659-76609ec4-thumbnail.jpg?width=640&height=640&fit=bounds)
SonarQube - Should I Stay or Should I Go ?
- 1. SonarQube Should I stayor should I go ? Jérémie Fays – 3 June 2015
- 2. Stay if youwant to hear… • What is SonarQube ? • What is available at Interface ?
- 3. SonarWhat ? Developers – Maintenability – Good programming practises – Bugs Tech transfer – Info on software maturity – Better valuation – Preparation for a due diligence (Technical Debt) Static code analysis
- 4. Sonar not what! What it doesn’t do : • Performance analysis (memory, CPU) • Conformity to requirements specifications • Expertise on architecture and technological choices
- 5. SonarWhat ? Open source(LGPL v3) Developped by a Swiss company : SonarSource Used by major companies (Thales, Cisco, Siemens, Adobe, Tom-Tom…) Supports more than 20 programming languages
- 6. Supported languages Free – Java/ groovy – Python – Web – Android – C++ Commercial – C/C++/objective C – Visual Basic – COBOL – Swift Not supported – Fortran – Matlab – R – Pascal
- 7.
- 8.
- 9. Basic metrics :LOC • LOC = Lines of Code • Useful for reporting • Sometimes used in software valuation (Cocomo II)
- 10. Complexity = number ofways to run through code In practise : if, while, for… à +1 Guide value : complexity /function should be less than 8.
- 11. Code duplication Code blocksduplicated ? Make it a function ! Guide value : no
- 12. Comments Comments help maintenanceand transferability Guide value : 20-40%, but very variable
- 13. Code coverage Percentage ofcode covered by unit tests Guide value : >80%
- 14. Issues • Possible bugs • Security issues • Coding rules / style • Show « magic numbers » Guide value : no blocker or critical errors.
- 15.
- 16. Technical debt = effortneeded to solve all « code quality » issues Guide value : no.
- 17. SonarQube, in short • A set of « quality » metrics • Better use : day-to-day …or even continuous integration !
- 18.
- 19. A continuous improvement • Software protection and licenses http://www.interface.ulg.ac.be/docs/Researchers_Guide.pdf Fossology installed and running • Software quality http://www.interface.ulg.ac.be/docs/Metriques-qualite-logiciel.pdf SonarQube installed and running + C/C++ commercial plugin
- 20.
- 21. SonarQube : ourservices • Snapshot analysis – A first contact with SonarQube • Preparation for a transfer – Before a tech transfer (license or spin-off) – Before opening the code • Operational use – Day-to-day use of our SonarQube instance
- 22. Future Continuous integration withJenkins ?
- 23. Conclusions • SonarQube isuseful for : – Short term quality mission – Day-to-day use (up to continuous integration) • A SonarQube instance is available at ITF : – Commercial C/C++ plugin installed – One shot analysis – Account creation for day-to-day use è Contact me !
- 24. Thanks ! Jérémie Fays j.fays@ulg.ac.be +324 349 85 21 www.linkedin.com/in/jeremiefays