2. SONARQUBE – WHAT IS IT?
• SonarQube is an open source Web Application
• Takes in input a set of source code files and a set of analyses results (produced by external tools).
• Stores both sources and results in a database.
• Makes available the gathered information via a dynamic website where the results are shown in the
context of the code itself.
@2020 copyright KalKey training
3. WHAT IS STATIC CODE ANALYSIS ?
• Static code analysis is a collection of algorithms and techniques used to analyze source code in order
to automatically find potential errors or poor coding practices.
• Static code analysis, also commonly called "white-box" testing,
• The tasks solved by static code analysis software can be divided into 3 categories:
1. Detecting errors in programs
2. Recommendations on code formatting
3. Metrics computation
@2020 copyright KalKey training
6. HOW DOES IT WORK?
• SonarQube takes project code as the input, analyzes it using pre-defined coding rules and publishes web
based results giving overview of technical quality of code.
• SonarQube can analyze source code in 20+ different languages. Input can be the project source code or
compiled code depending on the language.
@2020 copyright KalKey training
7. TYPE OF ANALYSIS
• Static analysis of source code Language supported All (Java files, COBOL programs, etc.)
• Static analysis of compiled code Language supported Certain languages (.class files in Java, .dll files
in C#, etc.)
• Dynamic analysis of code Language supported Certain languages (execution of unit tests in Java,
C#, etc.)
Note: Analysis is carried out using pre-defined rules based on industry coding standards /best practices.
Rules for a particular language are available as plug-in for most of the languages.
@2020 copyright KalKey training
8. QUALITY PROFILE
• Each language plugin comes with a predefined, built-in profile (called “Sonar way”) having set of pre-
defined rules and it will be used as default profile during analysis for projects.
• New quality profiles can be created to configure rules as per project requirements, but it’s optional.
• SonarQube allows inheritance in quality profiles thereby allowing to inherit rules provided by plugin in
the default profile.
@2020 copyright KalKey training