Lecture 03 – WHAT IS SONARQUBE AND FEATURES
SONARQUBE AND FEATURES
What Is SonarQube?
SONARQUBE is a Code Quality Assurance tool that collects and analyzes source code, and provides reports for the code quality of your project. It combines static and dynamic analysis tools and enables quality to be measured continually over time.
Some of the code quality checks are:
FEATURES OF SONARQUBE
Different languages
It can work with 25 different languages.
TRICKY ISSUES
Detects Bugs
SonarQube can detect tricky bugs or can raise issues on pieces of code that it thinks is faulty.
Code Smells
Code Smells are the characteristics of a code that indicates that there might be a problem caused by the code in the future.
Security Vulnerability
SonarQube can detect Security Issues that a code may face. E.g. If a Developer forgets to close an open SQL dataBase OR if important details like username and password have been directly written in the code.
Activate Rules Needed
You can create and maintain different sets of rules that are specific to particular projects, these are known as Quality Profiles.
Execution Path
SonarQube’s “Execution Path” feature is a powerful code analysis tool that provides a detailed and step-by-step view of how code is executed. It identifies the paths that code can take during runtime, helping developers understand complex program flows, locate potential issues, and enhance code quality by uncovering hidden defects or vulnerabilities.
ENHANCED WORKFLOW TO ENSURE BETTER CI/CD
Automated Code Analysis
AUTOMATED CODE ANALYSIS – Keeps working in the background from the development phase itself, monitoring and identifying errors.
Access Through Webhooks & API
GET ACCESS THROUGH WEBHOOKS & API – To initiate tests we do not need to come to SonarQube directly, we can do that through an API call.
Integrate GitHub
INTEGRATE GITHUB – It can be directly integrated with your choice of version control software. E. g GitHub
Analyze Branches & Pull Request
ANALYZE BRANCHES & DECORATE PULL REQUESTS – It gives us a branch level analysis, i.e. it doesn’t just analyze the master branch, it also analyzes the other branches, identifying any errors.
BUILT-IN-METHODOLOGY
Discover Memory Leaks
DISCOVER MEMORY LEAKS – It can show the memory leak in your application, If the application has a tendency to fail or go out of memory. This generally will happen slowly over a period of time.
Good Visualizer
GOOD VISUALIZER – It offers a helpful way to visualize and provides straightforward summaries of the overall code health.
Enforce Quality Gate
ENFORCES A QUALITY GATE – It can enforce a quality gate, you can tell SonarQube based on your requirements and practices what code is wrong and correct.
Digs into Issues
DIGS INTO ISSUES – If it shows that there is a problem, SonarQube allows you to go and directly check it out from the summary report or from one code file to another.
Plugins For IDES
PLUGINS FOR IDEs – It has plugin called ‘SonarLint‘ which helps SonarQube to integrate itself with an IDE. Which means there is no need to install the whole SonarQube package.
