Sonar Review
-
Upload
kate-semizhon -
Category
Software
-
view
83 -
download
1
Transcript of Sonar Review
SONAR
KATE SEMIZHON
SONARQUBEAN OPEN SOURCE WEB APPLICATION
TO MANAGE CODE QUALITY
WHAT IS SONAR
Sonar covers the 7 axes of code quality
CONTINUOUS INSPECTION
- the practice of measuring your code on a very regular basis
- raises code quality visibility for all stakeholders
- Continuously Improve the code quality
50+ PLUGINS
LANGUAGES
DEV TOOLS
http://docs.codehaus.org/display/SONAR/Plugin+Library/
INTEGRATION
AUTHENTIFICATION &AUTHORIZATION
GOVERNANCE
VIZUALIZATION & REPORTING
ADDITIONAL METRICS
CLIENT LIST
CASE STUDY
“There used to be numerous code-related issues that escalated over time and cost us a lot.”
“SonarQube has triggered a three-fold business impact that we have seen extensively in every project team we have on-boarded – delivery excellence (time to capability reduced), engineering excellence (quality
improvement) and business value (cost savings).”
“A defect caught at an earlier stage in the PLC is way less expensive than one caught later on.”
http://www.sonarsource.com/customers/customer-stories/
leader in networking technologies. • 73,460 employees • Q2 FY13 revenues of $12.1 billion• uses SonarQube to analyze >9 million
lines of code in 90 applications
WHY?
Prevention is the best medicine
BENEFITS
Quality improvements of code produced by increasing developer knowledge and understanding of code quality issues.
Reducing maintenance cost through early identification of quality issues.
Reducing time that is spent on code reviews
Improving the productivity of software development teams (suppress code duplication and redundancy)
Automatic detection of bugs and provides an opportunity to fix them before rolling software out to production
SONAR DASHBOARD
List of projects/apps
Quality metrics
Developers 7 Deadly
Sin
Bugs and Potential
Bugs
Coding Standards
Breach
Duplications
Lack of Unit Tests
Bad Distribution
of Complexity
Spaghetti Design
Not Enough or Too Many Comments
KEY METRICS
Potential bugs
Potential performance problems
Potential security issues
Duplicates
Сoverage
Time machine
POTENTIAL BUGSReturn statements should not occur in finally blocks
This class overrides "equals()" and should therefore also override "hashCode()”
"equals(Object obj)" should be overridden along with the "compareTo(T obj)" method
Thread.run() and Runnable.run() should not be called directly
INCORRECT EXCEPTION PROCESSINGThrowable and Error classes should not be caught
Generic exceptions Error, RuntimeException, Throwable and Exception should never be thrown
Avoid Print Stack Trace
Avoid Rethrowing Exception
Avoid Catching/throwing NPE
Avoid Instanceof Checks In Catch Clause
INCORRECT STRING PROCESSINGname description
StringInstantiation Avoid instantiating String objects; this is usually unnecessary.
Inefficient String Buffering Avoid concatenating non literals in a StringBuffer constructor or append()
Use Index Of Char Use String.indexOf(char) when checking for the index of a single character; it executes faster.
String To String Avoid calling toString() on String objects; this is unnecessary.
Useless String Value Of No need to call String.valueOf to append to a string; just use the valueOf() argument directly.
String Literal Equality Checks that string literals are not used with == or !=.
Unnecessary Case Change Using equalsIgnoreCase() is faster than using toUpperCase/toLowerCase().equals()
PROCESS
Set up threshold
Daily reports
Sonar plugin for developers to verify
code
Emails alerts
Sprint Reports to track quality
COST
Object Cost
SonarQube Free
Plugins Free
Sonar Installation and Configuration 1 day - DevOps
Compare stats once a sprint 1h
Verify new code by developers Ongoing Activities – part of the development