Kate Semizhon, profile picture
Uploaded byKate Semizhon
1,725 views

Sonar Review

SonarQube is an open source tool that helps manage code quality. It covers 7 axes of code quality and allows for continuous inspection of code bases through its plugins. It provides benefits like reducing bugs and technical debt by detecting issues early. Key metrics reported include potential bugs, duplicates, and test coverage. The tool integrates with development workflows and provides visual dashboards and reports to track quality over time.

Embed presentation

SONAR KATE SEMIZHON
SONARQUBE AN OPEN SOURCE WEB APPLICATION TO MANAGE CODE QUALITY
WHAT IS SONAR Sonar covers the 7 axes of code quality
CONTINUOUS INSPECTION - the practice of measuring your code on a very regular basis - raises code quality visibility for all stakeholders - Continuously Improve the code quality
50+ PLUGINS LANGUAGES DEV TOOLS http://docs.codehaus.org/display/SONAR/Plugin+Library/ INTEGRATION AUTHENTIFICATION & AUTHORIZATION GOVERNANCE VIZUALIZATION & REPORTING ADDITIONAL METRICS
CLIENT LIST
CASE STUDY “There used to be numerous code-related issues that escalated over time and cost us a lot.” “SonarQube has triggered a three-fold business impact that we have seen extensively in every project team we have on-boarded – delivery excellence (time to capability reduced), engineering excellence (quality improvement) and business value (cost savings).” “A defect caught at an earlier stage in the PLC is way less expensive than one caught later on.” http://www.sonarsource.com/customers/customer-stories/ leader in networking technologies. • 73,460 employees • Q2 FY13 revenues of $12.1 billion • uses SonarQube to analyze >9 million lines of code in 90 applications
WHY? Prevention is the best medicine
BENEFITS Quality improvements of code produced by increasing developer knowledge and understanding of code quality issues. Reducing maintenance cost through early identification of quality issues. Reducing time that is spent on code reviews Improving the productivity of software development teams (suppress code duplication and redundancy) Automatic detection of bugs and provides an opportunity to fix them before rolling software out to production
SONAR DASHBOARD List of projects/apps Quality metrics
Developers 7 Deadly Sin Bugs and Potential Bugs Coding Standards Breach Duplications Lack of Unit Tests Bad Distribution of Complexity Spaghetti Design Not Enough or Too Many Comments
KEY METRICS  Potential bugs  Potential performance problems  Potential security issues  Duplicates  Сoverage  Time machine
POTENTIAL BUGS Return statements should not occur in finally blocks This class overrides "equals()" and should therefore also override "hashCode()” "equals(Object obj)" should be overridden along with the "compareTo(T obj)" method Thread.run() and Runnable.run() should not be called directly
INCORRECT EXCEPTION PROCESSING Throwable and Error classes should not be caught Generic exceptions Error, RuntimeException, Throwable and Exception should never be thrown Avoid Print Stack Trace Avoid Rethrowing Exception Avoid Catching/throwing NPE Avoid Instanceof Checks In Catch Clause
INCORRECT STRING PROCESSING name description StringInstantiation Avoid instantiating String objects; this is usually unnecessary. Inefficient String Buffering Avoid concatenating non literals in a StringBuffer constructor or append() Use Index Of Char Use String.indexOf(char) when checking for the index of a single character; it executes faster. String To String Avoid calling toString() on String objects; this is unnecessary. Useless String Value Of No need to call String.valueOf to append to a string; just use the valueOf() argument directly. String Literal Equality Checks that string literals are not used with == or !=. Unnecessary Case Change Using equalsIgnoreCase() is faster than using toUpperCase/toLowerCase().equals()
PROCESS Set up threshold Daily reports Sonar plugin for developers to verify code Emails alerts Sprint Reports to track quality
COST Object Cost SonarQube Free Plugins Free Sonar Installation and Configuration 1 day - DevOps Compare stats once a sprint 1h Verify new code by developers Ongoing Activities – part of the development
Sonar Review

More Related Content

PDF
Continuous Inspection of Code Quality: SonarQube
byEmre Dündar
 
PDF
SonarQube - Should I Stay or Should I Go ?
byGeeks Anonymes
 
PPTX
Sonar Overview
bySamuel Langlois
 
PPTX
Sonar
byprabakaranbrick
 
PDF
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
byNexus FrontierTech
 
PPTX
Tracking your Technical Debt with Sonarqube
byPuppet
 
PDF
ITAKE Unconference - Holding down your technical debt with Sonarqube
byPatroklos Papapetrou (Pat)
 
PDF
Continuous inspection with Sonar
bygaudol
 
Continuous Inspection of Code Quality: SonarQube
byEmre Dündar
 
SonarQube - Should I Stay or Should I Go ?
byGeeks Anonymes
 
Sonar Overview
bySamuel Langlois
 
Sonar
byprabakaranbrick
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
byNexus FrontierTech
 
Tracking your Technical Debt with Sonarqube
byPuppet
 
ITAKE Unconference - Holding down your technical debt with Sonarqube
byPatroklos Papapetrou (Pat)
 
Continuous inspection with Sonar
bygaudol
 

What's hot

PPTX
SonarQube - The leading platform for Continuous Code Quality
byLarry Nung
 
PDF
Tracking and improving software quality with SonarQube
byPatroklos Papapetrou (Pat)
 
PPTX
SonarQube: Continuous Code Inspection
byMichael Jesse
 
PPTX
Track code quality with SonarQube
byDmytro Patserkovskyi
 
PPTX
Track code quality with SonarQube - short version
byDmytro Patserkovskyi
 
PDF
SonarQube
byGnanaseelan Jeb
 
PPTX
Static Analysis with Sonarlint
byUT, San Antonio
 
PDF
Sonar
byPeerapat Asoktummarungsri
 
PDF
Sonarqube
byPeerapat Asoktummarungsri
 
PPTX
Beyond the basics of SonarQube: improve your Java(Script) code even further
byJohan Janssen
 
PDF
Sonar Metrics
byKeheliya Gallaba
 
PDF
Java Source Code Analysis using SonarQube
byAngelin R
 
PDF
Static code analysis
byPrancer Io
 
PPTX
Sonar qube to impove code quality
byMani Sarkar
 
PDF
Sonarqube + Docker
byEstefanía Fernández Muñoz
 
PDF
Managing code quality with SonarQube - Radu Vunvulea
byITSpark Community
 
PPTX
A year of SonarQube and TFS/VSTS
byMatteo Emili
 
PDF
Code Quality Lightning Talk
byJonathan Gregory
 
PPTX
Java Code Quality Tools
byAnju ML
 
PDF
Pay off your technical debt with SonarQube
byRik van den Berg
 
SonarQube - The leading platform for Continuous Code Quality
byLarry Nung
 
Tracking and improving software quality with SonarQube
byPatroklos Papapetrou (Pat)
 
SonarQube: Continuous Code Inspection
byMichael Jesse
 
Track code quality with SonarQube
byDmytro Patserkovskyi
 
Track code quality with SonarQube - short version
byDmytro Patserkovskyi
 
SonarQube
byGnanaseelan Jeb
 
Static Analysis with Sonarlint
byUT, San Antonio
 
Sonar
byPeerapat Asoktummarungsri
 
Sonarqube
byPeerapat Asoktummarungsri
 
Beyond the basics of SonarQube: improve your Java(Script) code even further
byJohan Janssen
 
Sonar Metrics
byKeheliya Gallaba
 
Java Source Code Analysis using SonarQube
byAngelin R
 
Static code analysis
byPrancer Io
 
Sonar qube to impove code quality
byMani Sarkar
 
Sonarqube + Docker
byEstefanía Fernández Muñoz
 
Managing code quality with SonarQube - Radu Vunvulea
byITSpark Community
 
A year of SonarQube and TFS/VSTS
byMatteo Emili
 
Code Quality Lightning Talk
byJonathan Gregory
 
Java Code Quality Tools
byAnju ML
 
Pay off your technical debt with SonarQube
byRik van den Berg
 

Viewers also liked

PPTX
Unit tests benefits
byKate Semizhon
 
PDF
Continuous integration using Jenkins and Sonar
byPascal Larocque
 
PDF
Code Review Tool Evaluation
byKate Semizhon
 
PPTX
SONAR
bykamal6902
 
PPTX
SONAR
byshri. ram murti smarak college of engg. & technology
 
PPTX
Sonar technology ppt
byRicha Tripathi
 
PPTX
Sonar system
byArvin Moeini
 
PPT
Boundary layer equation
byJustin Myint
 
PPTX
Radar and sonar subbu
bysubrahmanyam Subbu
 
PDF
Sonar Principles Asw Analysis
byJim Jenkins
 
PPTX
PPT ON SOUND
byLOUIS WAYNE
 
PPTX
The Morning Glory, Rolling Cloud
byAndi Muttaqin
 
PPTX
Lapisan Batas Atmosfer
byAndi Muttaqin
 
PPT
Ch2 structure
byforgotteniman
 
PPT
Muskuloskeletal
byIka Asyikah
 
PPT
atmospheric boundary layer studies
byavel2193
 
PPTX
How to improve code quality for iOS apps?
byKate Semizhon
 
PPTX
Sonar
bykwilliamson75
 
PPTX
Sistem koordinasi (indra mata dan telinga)
byFerdiana Agustin
 
PDF
Sonar
byIsnaini Dedi
 
Unit tests benefits
byKate Semizhon
 
Continuous integration using Jenkins and Sonar
byPascal Larocque
 
Code Review Tool Evaluation
byKate Semizhon
 
SONAR
bykamal6902
 
SONAR
byshri. ram murti smarak college of engg. & technology
 
Sonar technology ppt
byRicha Tripathi
 
Sonar system
byArvin Moeini
 
Boundary layer equation
byJustin Myint
 
Radar and sonar subbu
bysubrahmanyam Subbu
 
Sonar Principles Asw Analysis
byJim Jenkins
 
PPT ON SOUND
byLOUIS WAYNE
 
The Morning Glory, Rolling Cloud
byAndi Muttaqin
 
Lapisan Batas Atmosfer
byAndi Muttaqin
 
Ch2 structure
byforgotteniman
 
Muskuloskeletal
byIka Asyikah
 
atmospheric boundary layer studies
byavel2193
 
How to improve code quality for iOS apps?
byKate Semizhon
 
Sonar
bykwilliamson75
 
Sistem koordinasi (indra mata dan telinga)
byFerdiana Agustin
 
Sonar
byIsnaini Dedi
 

Similar to Sonar Review

PPTX
Managing code quality with SonarQube
byRadu Vunvulea
 
PPTX
SonarQube Presentation.pptx
bySatwik Bhupathi Raju
 
PPTX
SonarQube.pptx
byYASHWANTHGANESH1
 
PPTX
Java Code Quality Improvements - DevWeek
byZoltan Iszlai
 
PPTX
Sonarqube
byKalkey
 
DOCX
What is SonarQube in DevOps.docx
byDevOps University
 
PPTX
mastering-code-quality-an-in-depth-guide-to-sonarqube.pptx
byPawanKumarJaiswal6
 
PDF
Quality Metrics: The Dirty Word in the Room
byJosiah Renaudin
 
PPTX
Test driven development with sonarQube
byNanthakumar Suvethan
 
PPT
Part5 - enforcing coding standard and best practices with jas forge v1.0
byJasmine Conseil
 
PDF
Rtc2014 automate the_process_deliver_quality_ady_beleanu
byAdy Beleanu
 
PDF
Ady beleanu automate-theprocessdelivery
byRomania Testing
 
PPT
CiklumJavaSat15112011:Alexey Trusov-Code quality management
byCiklum Ukraine
 
PDF
Control source code quality using the SonarQube platform
byPVS-Studio
 
PPT
Sonar En
byAleksey Trusov
 
PPTX
postgres.pptx
byssuserf111e7
 
PPTX
mydevops.pptx
byssuserf111e7
 
PDF
Patroklos Papapetrou: Holding Down Your Technical Debt With SonarQube at I T....
byMozaic Works
 
PPTX
Blackboard DevCon 2012 - Ensuring Code Quality
byNoriaki Tatsumi
 
PDF
Leaning on the two Ts
byMani Sarkar
 
Managing code quality with SonarQube
byRadu Vunvulea
 
SonarQube Presentation.pptx
bySatwik Bhupathi Raju
 
SonarQube.pptx
byYASHWANTHGANESH1
 
Java Code Quality Improvements - DevWeek
byZoltan Iszlai
 
Sonarqube
byKalkey
 
What is SonarQube in DevOps.docx
byDevOps University
 
mastering-code-quality-an-in-depth-guide-to-sonarqube.pptx
byPawanKumarJaiswal6
 
Quality Metrics: The Dirty Word in the Room
byJosiah Renaudin
 
Test driven development with sonarQube
byNanthakumar Suvethan
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
byJasmine Conseil
 
Rtc2014 automate the_process_deliver_quality_ady_beleanu
byAdy Beleanu
 
Ady beleanu automate-theprocessdelivery
byRomania Testing
 
CiklumJavaSat15112011:Alexey Trusov-Code quality management
byCiklum Ukraine
 
Control source code quality using the SonarQube platform
byPVS-Studio
 
Sonar En
byAleksey Trusov
 
postgres.pptx
byssuserf111e7
 
mydevops.pptx
byssuserf111e7
 
Patroklos Papapetrou: Holding Down Your Technical Debt With SonarQube at I T....
byMozaic Works
 
Blackboard DevCon 2012 - Ensuring Code Quality
byNoriaki Tatsumi
 
Leaning on the two Ts
byMani Sarkar
 

More from Kate Semizhon

PPTX
Oracle ATG Commerce Overview for developers
byKate Semizhon
 
PPTX
ATG Best Practices
byKate Semizhon
 
PPTX
ATG pipelines
byKate Semizhon
 
PPTX
Common mistakes for ATG applications that affect performance
byKate Semizhon
 
PPTX
ATG Advanced Profile Management
byKate Semizhon
 
PPTX
How a project is born. Intro to Discovery Phase
byKate Semizhon
 
PPTX
ATG Advanced RQL
byKate Semizhon
 
PPTX
Seven Facts about Belarus
byKate Semizhon
 
PPTX
Database Change Management
byKate Semizhon
 
PPTX
Oracle eCommerce (ATG) Database Best Practices
byKate Semizhon
 
PPTX
Ecommerce in 2018
byKate Semizhon
 
PDF
Cracking 1-on-1s
byKate Semizhon
 
PDF
Serverless Pitfalls
byKate Semizhon
 
PPTX
SEO Instruments in ATG
byKate Semizhon
 
PPTX
Git 101
byKate Semizhon
 
Oracle ATG Commerce Overview for developers
byKate Semizhon
 
ATG Best Practices
byKate Semizhon
 
ATG pipelines
byKate Semizhon
 
Common mistakes for ATG applications that affect performance
byKate Semizhon
 
ATG Advanced Profile Management
byKate Semizhon
 
How a project is born. Intro to Discovery Phase
byKate Semizhon
 
ATG Advanced RQL
byKate Semizhon
 
Seven Facts about Belarus
byKate Semizhon
 
Database Change Management
byKate Semizhon
 
Oracle eCommerce (ATG) Database Best Practices
byKate Semizhon
 
Ecommerce in 2018
byKate Semizhon
 
Cracking 1-on-1s
byKate Semizhon
 
Serverless Pitfalls
byKate Semizhon
 
SEO Instruments in ATG
byKate Semizhon
 
Git 101
byKate Semizhon
 

Recently uploaded

PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
The year in review - MarvelClient in 2025
bypanagenda
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
In this document
Powered by AI

Introduction to SONAR, led by Kate Semizhon. Overview of SonarQube as an open-source web application for managing code quality.

Definition of Sonar, focusing on 7 axes of code quality. Emphasis on continuous inspection to enhance code quality visibility and improvement.

Discussion on SonarQube features like 50+ plugins, language support, integration, authentication, governance, visualization, and reporting.

Client lists and a case study highlighting the business impact of SonarQube, including defect prevention and examples of substantial code analysis.

Arguing the need for code quality with a prevention mindset. Benefits include improved code quality, reduced maintenance costs, and increased developer productivity.

Overview of the SONAR dashboard showcasing project lists and quality metrics, addressing common code issues faced by developers.

Highlighting key metrics such as potential bugs, performance issues, security vulnerabilities, duplicates, and overall code coverage.

Examples of common potential bugs and incorrect exception and string processing, with best practices for writing better code.

Process outline for implementing SONAR with setup thresholds, reports, plugins, and daily quality tracking.

Cost analysis of implementing SonarQube, including free software, installation efforts, and ongoing verification activities for developers.

Sonar Review

  • 1.
  • 2.
    SONARQUBE AN OPEN SOURCEWEB APPLICATION TO MANAGE CODE QUALITY
  • 3.
    WHAT IS SONAR Sonarcovers the 7 axes of code quality
  • 4.
    CONTINUOUS INSPECTION - the practiceof measuring your code on a very regular basis - raises code quality visibility for all stakeholders - Continuously Improve the code quality
  • 5.
  • 6.
  • 7.
    CASE STUDY “There usedto be numerous code-related issues that escalated over time and cost us a lot.” “SonarQube has triggered a three-fold business impact that we have seen extensively in every project team we have on-boarded – delivery excellence (time to capability reduced), engineering excellence (quality improvement) and business value (cost savings).” “A defect caught at an earlier stage in the PLC is way less expensive than one caught later on.” http://www.sonarsource.com/customers/customer-stories/ leader in networking technologies. • 73,460 employees • Q2 FY13 revenues of $12.1 billion • uses SonarQube to analyze >9 million lines of code in 90 applications
  • 8.
  • 9.
    BENEFITS Quality improvements ofcode produced by increasing developer knowledge and understanding of code quality issues. Reducing maintenance cost through early identification of quality issues. Reducing time that is spent on code reviews Improving the productivity of software development teams (suppress code duplication and redundancy) Automatic detection of bugs and provides an opportunity to fix them before rolling software out to production
  • 10.
    SONAR DASHBOARD List ofprojects/apps Quality metrics
  • 11.
    Developers 7 Deadly Sin Bugs and Potential Bugs Coding Standards Breach Duplications Lackof Unit Tests Bad Distribution of Complexity Spaghetti Design Not Enough or Too Many Comments
  • 12.
    KEY METRICS  Potentialbugs  Potential performance problems  Potential security issues  Duplicates  Сoverage  Time machine
  • 13.
    POTENTIAL BUGS Return statementsshould not occur in finally blocks This class overrides "equals()" and should therefore also override "hashCode()” "equals(Object obj)" should be overridden along with the "compareTo(T obj)" method Thread.run() and Runnable.run() should not be called directly
  • 14.
    INCORRECT EXCEPTION PROCESSING Throwable andError classes should not be caught Generic exceptions Error, RuntimeException, Throwable and Exception should never be thrown Avoid Print Stack Trace Avoid Rethrowing Exception Avoid Catching/throwing NPE Avoid Instanceof Checks In Catch Clause
  • 15.
    INCORRECT STRING PROCESSING name description StringInstantiationAvoid instantiating String objects; this is usually unnecessary. Inefficient String Buffering Avoid concatenating non literals in a StringBuffer constructor or append() Use Index Of Char Use String.indexOf(char) when checking for the index of a single character; it executes faster. String To String Avoid calling toString() on String objects; this is unnecessary. Useless String Value Of No need to call String.valueOf to append to a string; just use the valueOf() argument directly. String Literal Equality Checks that string literals are not used with == or !=. Unnecessary Case Change Using equalsIgnoreCase() is faster than using toUpperCase/toLowerCase().equals()
  • 16.
    PROCESS Set up threshold Daily reports Sonar plugin for developers toverify code Emails alerts Sprint Reports to track quality
  • 17.
    COST Object Cost SonarQube Free PluginsFree Sonar Installation and Configuration 1 day - DevOps Compare stats once a sprint 1h Verify new code by developers Ongoing Activities – part of the development