Sonarqube Overview: benefits, processes

1. SONAR
KATE SEMIZHON

2. SONARQUBE
AN OPEN SOURCE WEB APPLICATION
TO MANAGE CODE QUALITY

3. WHAT IS SONAR
Sonar covers the 7 axes of code quality

4. CONTINUOUS
INSPECTION
- the practice of measuring your code on a very regular
basis
- raises code quality visibility for all stakeholders
- Continuously Improve the code quality

5. 50+ PLUGINS
LANGUAGES
DEV TOOLS
http://docs.codehaus.org/display/SONAR/Plugin+Library/
INTEGRATION
AUTHENTIFICATION &
AUTHORIZATION
GOVERNANCE
VIZUALIZATION &
REPORTING
ADDITIONAL
METRICS

6. CLIENT LIST

7. CASE STUDY
“There used to be numerous code-related issues that escalated over
time and cost us a lot.”
“SonarQube has triggered a three-fold business impact
that we have seen extensively in every project team we
have on-boarded – delivery excellence (time to capability
reduced), engineering excellence (quality improvement)
and business value (cost savings).”
“A defect caught at an earlier stage in the PLC is way less expensive
than one caught later on.”
http://www.sonarsource.com/customers/customer-stories/
leader in networking technologies.
• 73,460 employees
• Q2 FY13 revenues of $12.1 billion
• uses SonarQube to analyze >9 million
lines of code in 90 applications

8. WHY?
Prevention is the best medicine

9. BENEFITS
Quality improvements of code produced by increasing
developer knowledge and understanding of code quality issues.
Reducing maintenance cost through early identification of
quality issues.
Reducing time that is spent on code reviews
Improving the productivity of software development teams
(suppress code duplication and redundancy)
Automatic detection of bugs and provides an opportunity to fix
them before rolling software out to production

10. SONAR DASHBOARD
List of projects/apps
Quality metrics

11. Developers
7 Deadly
Sin
Bugs and
Potential
Bugs
Coding
Standards
Breach
Duplications
Lack of Unit
Tests
Bad
Distribution
of
Complexity
Spaghetti
Design
Not Enough
or Too Many
Comments

12. KEY METRICS
 Potential bugs
 Potential performance problems
 Potential security issues
 Duplicates
 Сoverage
 Time machine

13. POTENTIAL BUGS
Return statements should not occur in finally blocks
This class overrides "equals()" and should therefore also override
"hashCode()”
"equals(Object obj)" should be overridden along with the
"compareTo(T obj)" method
Thread.run() and Runnable.run() should not be called directly

14. INCORRECT EXCEPTION
PROCESSING
Throwable and Error classes should not be caught
Generic exceptions Error, RuntimeException, Throwable
and Exception should never be thrown
Avoid Print Stack Trace
Avoid Rethrowing Exception
Avoid Catching/throwing NPE
Avoid Instanceof Checks In Catch Clause

15. INCORRECT STRING
PROCESSING
name description
StringInstantiation Avoid instantiating String objects; this is usually unnecessary.
Inefficient String Buffering Avoid concatenating non literals in a StringBuffer constructor or
append()
Use Index Of Char Use String.indexOf(char) when checking for the index of a single
character; it executes faster.
String To String Avoid calling toString() on String objects; this is unnecessary.
Useless String Value Of No need to call String.valueOf to append to a string; just use the
valueOf() argument directly.
String Literal Equality Checks that string literals are not used with == or !=.
Unnecessary Case Change Using equalsIgnoreCase() is faster than using
toUpperCase/toLowerCase().equals()

16. PROCESS
Set up
threshold
Daily
reports
Sonar
plugin for
developers
to verify
code
Emails
alerts
Sprint
Reports to
track
quality

17. COST
Object Cost
SonarQube Free
Plugins Free
Sonar Installation and
Configuration
1 day - DevOps
Compare stats once a sprint 1h
Verify new code by developers Ongoing Activities – part of the
development