![]() ![]() Step 1: Download the SonarQube Server ( here) and extract the package on local hard drive C:\sonarqube We will then go over the scan, analyze the issues, and fix them in order to get a clean bill of health for the application code. The first will use Java, and the second one C#. In this exercise, we will take a couple of simple illustrations to show the different tools required to have a successful SonarQube scan on a sample program on the Windows platform. Looking for other integrations? Please refer this link for full list of available plugins. Furthermore, if you do have your own BI layer, one could utilize SonarQube rest API interface to feed the scan reports into your BI data layer. Its Portal is designed to aggregate results across multiple projects into an intelligent dashboard to provide centralized reporting, an executive view for risk analysis, governance and as well can integrate with JIRA to assign developer tasks on remediation. It supports SQL Server, MySQL, Oracle and PostgreSQL to suit to your individual project technology stack. It can be easily integrated with any of the CI engines such as Jenkins, VSTS, TFS, Travis-CI to schedule periodic jobs. In addition to highlighting code issues, SonarQube provides a wide range of plugins to suit to an agile Software Development team. to provide numerous rules to spot general and language-specific quality issues. It provides more than 20 analyzers that can, between them, support all the major languages such as C/C , JavaScript, C#, Java, COBOL, PL/SQL, PHP, ABAP, VB.NET, Python, RPG, Flex, Objective-C, Swift etc. SonarQube is an Open Source DevOps tool which can assist Dev teams to provide centralized automated checks on the incoming code. Although there are numerous open source and commercial tools out there in the market ( here), I would like focus on SonarQube which has been out there for some time, with widespread usage. These are commonly referred to as static code analysis tools because they check the code rather than whatever is built from the code. In this phase we focus on code quality inspection to ensure there are no serious quality issues being introduced. Our focus today would be on VERIFY phase of DEV section as depicted in figure 2. Tools such as Docker ( containerization), Jenkins (continuous Integration), Puppet (Infrastructure as Code) and Vagrant (virtualization platform) among many others, are often used. This image below from Wikimedia illustrates various stages in a DevOps environment where there are various tools which come together in assisting delivery across each of these functional phases. Devops teams tend to create tool-chains to allow best-in-class tools that do one task well to work together in pipelines.įigure 1: DevOps – an intersection of Dev, QA and Operations Īgile and DevOps are similar in many aspects, but while Agile Software Development represents a change in thinking and practice that should lead to organizational change, DevOps places more emphasis on implementing change to achieve its goals by establishing an environment where, for example, it becomes easier to release more reliable applications faster and more frequently. It’s a culture shift within the organization, where different teams work collaboratively together to do tasks that require cross-functional expertise to perform rapidly and effectively. So how can we provide an automated process which can keep a check on your code base to alert the team of any serious quality issues that are being introduced?ĭevOps introduces a number of practices that bridge the gap between software development, test and operations while automating the processes of software delivery. An Agile project that is committed to Continuous Delivery on a fortnightly cycle can therefore ill afford to allow technical debt to build up. Unless you are aware of the extent of technical debt that is being introduced in order to meet the production timelines, it is all too easy to end up being surprised by very expensive extended cycles of refactoring in consequence. ![]() It is always important to get an objective idea of the quality of the code that is being checked into source control within a development team, especially as a reminder to yourself when you check in something that isn’t completely right. Continuous Code Quality Inspection with SonarQube - Simple Talk Skip to content ![]()
0 Comments
Leave a Reply. |