Download to read offline
Uploaded byDoug Mair
Code checkup
The document discusses tools and methods for assessing code quality, primarily focusing on static analysis tools like SonarQube for C# and JavaScript projects, alongside other resources for unit and integration testing. It highlights the importance of clean coding principles and suggests using various IDE tools and linters to maintain code health. The conclusion emphasizes that while projects can become complex over time, static analysis can help identify and rectify issues proactively.
![[DOC] Java - Code Analysis using SonarQube](https://cdn.slidesharecdn.com/ss_thumbnails/codeanalysisusingsonarqubev0slideshare-140622093347-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
Code checkup
- 4. CODE CHECKUP: Tools tocheck the health of your code.
- 5. GOAL FOR TODAY SourceCode • C# • JavaScript • Projects
- 6. BIO Doug Mair • Doug.Mair@gmail.com •@doug_mair Principal Consultant for Improving Enterprises Windows Developer User Group – Columbus, Ohio
- 7.
- 8. SOLID PRINCIPLES S Sigle Responsibility Principle Classonly does one thing. O Open-Closed Principle Open for extension, closed for mods. L Liskov Substitution Principle Subtypes can substitute for base types. I Interface Segregation Principle Interfaces allow dependency segregation D Dependency Inversion Principle Ability to inject dependencies
- 9. TESTING • Unit Testing •MS-Test • Nunit • Integration Testing • Simian Army • JMeter • Penetration Testing
- 10. IDE BASED TOOLS •Visual Studio has built in tools • Listen to the compiler. • Resharper – JetBrains • CodeRush – DevExpress • JustCode – Telerik • Ncrunch – Code Coverage / Live tests
- 11.
- 12.
- 13. STATIC ANALYSIS TOOLS •SonarQube •https://www.sonarqube.org/ • 20 Languages • C#, JavaScript, Java, C / C++ …
- 14. SONARQUBE INSTALL • From SonarQube’ssite: https://github.com/SonarSource/sonar-.net- documentation/blob/master/doc/additional-configurations.md • C# Projects specific: https://blogs.msdn.microsoft.com/visualstudioalm/2015/09/28/quickstart- analyzing-net-projects-with-sonarqube-msbuild-or-visual-studio-online- and-third-party-analyzers-stylecop-resharper/
- 15. SONARQUBE EXECUTION Rem Run thesecommands with VS2015 command prompt Rem to Start or stop the service, go to this dir: cd C:UsersdougmDesktopProjectToolssonarqube-6.3.1binwindows-x86-64 path=%path%;C:SqMSBuild.SonarQube.Runner-1.0.1 cd C:UsersdougmDesktopProjectFolder MSBuild.SonarQube.Runner begin /n:ProjectName /v:1.0 /k:blm MSBuild Project.sln /p:Configuration=Debug /p:Platform="Any CPU" MSBuild.SonarQube.Runner end
- 16.
- 17.
- 18.
- 19.
- 20. SONARQUBE RESULTS • Reliability • Security •Maintainability • Duplications • Size • Complexity • Issues • Down to individual code lines.
- 21. SONARQUBE REPORTING • You canadd modules to do reporting or export to PDF. • This is how they make their money. • I haven’t done this. • I just used the free version.
- 22.
- 23. SONARLINT • SonarLint.org • Extensionfor your Favorite IDE • Results similar to Resharper. • Sometimes they fight on UI.
- 24.
- 25.
- 26.
- 27. OTHER STATIC ANALYSISTOOLS FxCop
- 28. MOBILE PLATFORMS • iOS– Tailor • https://tailor.sh/ • Android – Facebook Infer • http://fbinfer.com/
- 29. CONCLUSION Projects evolve overtime. Complexity comes for unplanned changes and lack of planning. Static analysis can reveal issues and help you correct them before the get out of control. It may seems like a waste of time, but is well worth it.
- 30. THANKS FOR LISTENING ContactInfo: Doug.Mair@gmail.com @doug_mair Feel free to ask me Questions?
Editor's Notes
- #6 Nobody looks forward to going to annual Dr’s exam. Scary and Unknown. Important because it can turn up unknown issues. Important because issues are found sooner rather than later. Need an objective Dr. to examine you. Referral to specialists. Different types of Dr’s. I evaluated a large project.
- #8 Developers have a lot to consider while making fixes or adding features.
- #9 Helps allow Mocking for unit tests
- #10 You don’t have to have 100% code coverage. Make sure to cover the complex and most used code. Netflix – Chaos Monkey X 1000. Pen testing is a whole other topic.
- #11 Tools you should be using everyday. Even with these great tools you can miss issues …
- #13 Great for periodic code checks. Evaluating out of control code base.
- #15 This will set up a Web Server Will also setup a Database
- #16 I’m not sure how it works. Intercept events during the build. Create DB of issues.
- #17 Tale of Two Projects: Young Project – 10 of thousands of lines. Ancient Project – millions of lines over many projects.
- #18 Im running it local. It can also run on Web Server Visual Studio Team integration. Goto website to see results.
- #21 Go over each result
- #23 Goto website. Is this a “DevOps” task or development team responsibilty?
- #25 Uses Roslyn C# compiler to find issues.
- #26 SonarLint items start with “S” Can click on link to get details. Compliant code examples. Can apply the fix once / file / project / solution. Can disable warnings.