SonarQube is a web-based tool that measures and analyzes source code quality. It can be used by any GN4-3 participant to check code quality through measures like reliability, security, maintainability, test coverage and duplications. Setting up SonarQube involves adding a project, preparing the scanner, letting SonarQube assess the project, and analyzing the results. WP9 T2 offers assistance and review services using SonarQube.
1. SonarQube
Taking control of the code quality
www.geant.org
Omar Qouqas, Stefan Kelm, Michael Baierlein
WP9 T2
Webinar, December 4th 2019
Public / Confidential / Restricted
2. 2 www.geant.org
Ever thought about?
• Software Engineer
“Is the code still easy to maintain after my latest
enhancements?”
• Software Tester
“Is there an intelligent way to prove that the new code
won’t harm the complete system?”
3. 3 www.geant.org
Does it ring a bell?
• Scrum Master
“How much time is wasted to get a new developer on
board”
• Project Manager
“Is my service secure enough to pass the PLM quality
gate?”
4. 4 www.geant.org
Goals
• Is there an easy way to check and track the quality of my
software?
• How can SonarQube help me?
• Is it easy to apply?
• Is there somebody who can support me?
5. 5 www.geant.org
SonarQube at a glance
• Web-based tool to measure and analyze the quality of
source code
• Usable for any GN4-3 participant
• Many integration options
• Quality Gate
• Measures
• Reliability, Security, Maintainability (with simple “A” to “E” rating)
• Test Coverage, Duplications
• Size, Complexity
• Quality Profiles
6. 6 www.geant.org
4 simple steps...
• Add your project to SonarQube
• Prepare SonarQube scanner
• Let SonarQube assess your project
• Analyze the results
9. 9 www.geant.org
SonarQube setup Summary report Detailed report Quality gate
SonarQube setup assistance x
Standard SonarQube review x x x
SonarQube-based expert review x x x x
Extended review x x Optional
WP9 T2 review services
10. 10 www.geant.org
What we have learned
• GÉANT provides a great tool for its development
community
• SonarQube checks and tracks the quality of my software
• 4 simple steps
• WP9T2 offers a variety of assessment services
11. 11 www.geant.org
Resources
• Links
• WP9 T2 information about SonarQube
• SonarQube - official user documentation
• Software Review Requests
• Contacts
• Marcin Wolski
• Michael Baierlein
• Slack: sonarqube-code-review
GEANT currently provides a range of services and tools to support software
development. These tools are now accessible to the whole GEANT community
through federated authentication and authorization
Together the tools form a technology stack which supports the full devel-
opment life-cycle
- from requirements management via issue/task management (Jira, GitLab)
to source code repository (BitBucket),
through continuous integration and deployment service (Bamboo) to continous quality inspection.
There is an ongoing work aimed to deploy and adopt a new tool, named whitesource, to facilitate the software IPR management in GEANT.