{"id":1143,"date":"2020-07-28T08:11:13","date_gmt":"2020-07-28T08:11:13","guid":{"rendered":"https:\/\/blog.amt.in\/?p=1143"},"modified":"2020-07-28T08:11:13","modified_gmt":"2020-07-28T08:11:13","slug":"introduction-to-sonarqube","status":"publish","type":"post","link":"https:\/\/blog.amt.in\/index.php\/2020\/07\/28\/introduction-to-sonarqube\/","title":{"rendered":"Introduction to SonarQube"},"content":{"rendered":"<p>SonarQube\u00c2\u00a0(formerly\u00c2\u00a0Sonar)\u00c2\u00a0is an\u00c2\u00a0open-source\u00c2\u00a0platform developed by\u00c2\u00a0SonarSource\u00c2\u00a0for continuous inspection of\u00c2\u00a0code quality\u00c2\u00a0to perform automatic reviews with static\u00c2\u00a0analysis of code\u00c2\u00a0to detect\u00c2\u00a0bugs,\u00c2\u00a0code smells, and security vulnerabilities on 20+\u00c2\u00a0programming languages. SonarQube offers reports on\u00c2\u00a0duplicated code,\u00c2\u00a0coding standards,\u00c2\u00a0unit tests,\u00c2\u00a0code coverage,\u00c2\u00a0code complexity,\u00c2\u00a0comments,\u00c2\u00a0bugs, and security vulnerabilities.<\/p>\n<p>SonarQube can record metrics history and provides evolution graphs. SonarQube provides fully automated analysis and integration with\u00c2\u00a0Maven,\u00c2\u00a0Ant,\u00c2\u00a0Gradle,\u00c2\u00a0MSBuild\u00c2\u00a0and\u00c2\u00a0continuous integration\u00c2\u00a0tools (Atlassian Bamboo,\u00c2\u00a0Jenkins,\u00c2\u00a0Hudson, etc.).<\/p>\n<p>In the context of\u00c2\u00a0software engineering,\u00c2\u00a0software quality\u00c2\u00a0refers to two related but distinct notions:<\/p>\n<ul>\n<li>Software functional quality reflects how well it complies with or conforms to a given design, based on\u00c2\u00a0functional requirements\u00c2\u00a0or specifications. That attribute can also be described as the fitness for purpose of a piece of software or how it compares to competitors in the marketplace as a worthwhile\u00c2\u00a0product.\u00c2\u00a0It is the degree to which the\u00c2\u00a0correct\u00c2\u00a0software was produced.<\/li>\n<li>Software structural quality refers to how it meets\u00c2\u00a0non-functional requirements\u00c2\u00a0that support the delivery of the functional requirements, such as robustness or maintainability. It has a lot more to do with the degree to which the software works as\u00c2\u00a0needed.<\/li>\n<\/ul>\n<p>Many aspects of structural quality can be evaluated only\u00c2\u00a0statically\u00c2\u00a0through the analysis of the software inner structure, its source code, at the unit level, the technology level and the system level, which is in effect how its architecture adheres to sound principles of\u00c2\u00a0software architecture\u00c2\u00a0outlined in a paper on the topic by OMG.\u00c2\u00a0But some structural qualities, such as\u00c2\u00a0usability, can be\u00c2\u00a0assessed\u00c2\u00a0only\u00c2\u00a0dynamically\u00c2\u00a0(users or others acting in their behalf interact with the software or, at least, some prototype or partial implementation; even the interaction with a mock version made in cardboard represents a dynamic test because such version can be considered a prototype). Other aspects, such as reliability, might involve not only the software but also the underlying hardware, therefore, it can be assessed both statically and dynamically (stress test).<\/p>\n<p>Functional quality is typically assessed dynamically but it is also possible to use static tests (such as\u00c2\u00a0software reviews).<\/p>\n<p>Historically, the structure, classification and terminology of attributes and metrics applicable to\u00c2\u00a0software quality management\u00c2\u00a0have been derived or extracted from the\u00c2\u00a0ISO 9126-3\u00c2\u00a0and the subsequent ISO 25000:2005\u00c2\u00a0quality model, also known as SQuaRE.\u00c2\u00a0Based on these models, the\u00c2\u00a0Consortium for IT Software Quality\u00c2\u00a0(CISQ) has defined five major desirable structural characteristics needed for a piece of software to provide\u00c2\u00a0business value: Reliability, Efficiency, Security, Maintainability and (adequate) Size.<\/p>\n<p>Software quality measurement quantifies to what extent a software program or system rates along each of these five dimensions. An aggregated measure of software quality can be computed through a qualitative or a quantitative scoring scheme or a mix of both and then a weighting system reflecting the priorities. This view of software quality being positioned on a linear continuum is supplemented by the analysis of &#8220;critical programming errors&#8221; that under specific circumstances can lead to catastrophic outages or performance degradations that make a given system unsuitable for use regardless of rating based on aggregated measurements. Such programming errors found at the system level represent up to 90% of production issues, whilst at the unit-level, even if far more numerous, programming errors account for less than 10% of production issues. As a consequence, code quality without the context of the whole system, as\u00c2\u00a0W. Edwards Deming\u00c2\u00a0described it, has limited value.<\/p>\n<p>To view, explore, analyze, and communicate software quality measurements, concepts and techniques of\u00c2\u00a0information visualization\u00c2\u00a0provide visual, interactive means useful, in particular, if several software quality measures have to be related to each other or to components of a software or system. For example,\u00c2\u00a0software maps\u00c2\u00a0represent a specialized approach that &#8220;can express and combine information about software development, software quality, and system dynamics&#8221;.<\/p>\n<p>Static program analysis\u00c2\u00a0is the\u00c2\u00a0analysis of computer software\u00c2\u00a0that is performed without actually executing programs, in contrast with\u00c2\u00a0dynamic analysis, which is analysis performed on programs while they are executing.\u00c2\u00a0In most cases the analysis is performed on some version of the\u00c2\u00a0source code, and in the other cases, some form of the\u00c2\u00a0object code.<\/p>\n<p>The term is usually applied to the analysis performed by an\u00c2\u00a0automated tool, with human analysis being called program understanding,\u00c2\u00a0program comprehension, or\u00c2\u00a0code review.\u00c2\u00a0Software inspections\u00c2\u00a0and\u00c2\u00a0software walk throughs\u00c2\u00a0are also used in the latter case.<\/p>\n<p>SonarQube includes support for the programming languages\u00c2\u00a0Java\u00c2\u00a0(including Android),\u00c2\u00a0C#,\u00c2\u00a0PHP,\u00c2\u00a0JavaScript,\u00c2\u00a0TypeScript,\u00c2\u00a0C\/C++,\u00c2\u00a0Ruby,\u00c2\u00a0Kotlin,\u00c2\u00a0Go,\u00c2\u00a0COBOL,\u00c2\u00a0PL\/SQL,\u00c2\u00a0PL\/I,\u00c2\u00a0ABAP,\u00c2\u00a0VB.NET,\u00c2\u00a0VB6,\u00c2\u00a0Python,\u00c2\u00a0RPG,\u00c2\u00a0Flex,\u00c2\u00a0Objective-C,\u00c2\u00a0Swift,\u00c2\u00a0CSS,\u00c2\u00a0HTML, and\u00c2\u00a0XML.<sup id=\"cite_ref-8\" class=\"reference\">[8]<\/sup>\u00c2\u00a0Some of these are only available via a commercial license.<\/p>\n<p>SonarQube is available for free under the\u00c2\u00a0GNU Lesser General Public License. An enterprise version for paid licensing also exists, as well as a data center edition that supports\u00c2\u00a0high availability.<sup id=\"cite_ref-9\" class=\"reference\">[9]<\/sup><sup id=\"cite_ref-10\" class=\"reference\">[10]<\/sup><\/p>\n<p>SonarQube integrates with\u00c2\u00a0Eclipse,\u00c2\u00a0Visual Studio, and\u00c2\u00a0IntelliJ IDEA\u00c2\u00a0development environments through the\u00c2\u00a0SonarLint<span id=\"SonarLint\"><\/span>\u00c2\u00a0plug-ins, and also integrates with external tools like\u00c2\u00a0LDAP,\u00c2\u00a0Active Directory,\u00c2\u00a0GitHub, and others. SonarQube is expandable with the use of\u00c2\u00a0plug-ins.<\/p>\n<p>The above is a brief about SonarQube. Watch this space for more updates on the latest trends in Technology.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SonarQube\u00c2\u00a0(formerly\u00c2\u00a0Sonar)\u00c2\u00a0is an\u00c2\u00a0open-source\u00c2\u00a0platform developed by\u00c2\u00a0SonarSource\u00c2\u00a0for continuous<\/p>\n","protected":false},"author":1,"featured_media":1145,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[673,672,7],"tags":[674,675,18],"class_list":["post-1143","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-open-source-platform","category-sonarqube","category-techtrends","tag-open-source-platform","tag-sonarqube","tag-technology"],"_links":{"self":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/comments?post=1143"}],"version-history":[{"count":1,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1143\/revisions"}],"predecessor-version":[{"id":1144,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1143\/revisions\/1144"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/media\/1145"}],"wp:attachment":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/media?parent=1143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/categories?post=1143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/tags?post=1143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}