Post on 14-Jan-2017
Track code quality with SonarQube
HELLO!I am Dmytro Patserkovskyi
Project Manager and Founder of Dev SonarQube Community at V.I.Tech
Low code quality costs a lot
Toyota storyAug. 28, 2009, San Diego CA, USA
◉ Toyota reached 100 mph
◉ Phone call during event
◉ All 4 occupants killed in crash
◉ This is a trigger for Toyota investigation
Toyota story
NASA’s investigation found
7134 violations in code.
Oklahoma’s investigation found
81 514 violations in code.
Toyota story: Results◉ Recall of 10 000 000+ cars entire the world.
◉ Lost of billions dollars.
◉ 89 death till 2010 because of bugs.
Source Code Should BeSimple
& Readable
Extendable
Testable& Covered with Tests
Flexible
Code Metrics
Rules ViolationsCode Stylechecks if code compliant with conventions
Vulnerabilitiessearch for bottlenecks with lacks of validations, security issues etc
Bugslooking for bugs and potential bugs
Performance checks if everything doing in the best way
100% - rules compliance
Code Coverage
Line Coverage
Branch CoverageOverall Coverage
85% - min overall coverage
Cyclomatic Complexity
10 - max compliant complexity50 - function unsupported
DublicationsI SHALL
NOT DUPLICATE ANY CODE ANY CODE ANY CODE
!0% - perfect solution1% - keep buffer
Documentation
Code tells you what is doing, documentation should tell why and how.
JavaDocs Block Comments
100% - public documented API15% - comments in code
Technical Debt
Extra development work, that rises with not clear code.
Financial DEBT Time DEBT
An open source platform for
Continuous Inspection
20+ programming languages
50+ official plugins
Quality Rules and Profiles
Code Smells Bugs Vulnerabilities
Quality Profile
Rules Plugins and Repositories
44
53
357
43
73
Quality GatesSet of boolean conditions per project,
based on measure thresholds.
Passed
Warning
Failed
Quality GatesMetric Operator
Open Issues Is greater than 70 100
Blocker Issues Is greater than 0
Critical Issues Is greater than 0
New Issues Is greater than 0 10
Overall Coverage Is less than 85 80
Unit Test Failures Is greater than 0
Quality of New Code
Tracking quality of code, added in current snapshot
Comparison measures for different versions
Good for long term projects
Project DashboardIssues Coverage Complexity
Anything you wantAnother awesome widget
Duplications Documentation Useful Info
Code Processes
PullRequest
Master branch
Nightly
Each update
Support Team for SonarQube
Administrator
Sonar support and monitoring
Sonar upgrade (new version every 2 months)
Plugins upgrade (new version every month)
Dev Sonar Community
Working on Rules List
Updating Quality Profiles
Setting up Dashboards
Looking for new Plugins
Project Teams
Update project analysis frequently
Monitoring Quality of own project
Defining project Quality Gate
Voice and discuss all concerns with Sonar Community
Support Processes
ModificationsMonthly
MeetingsBiweekly
FeedbacksOn-demand
DiscussionsOn-demand
UpgradeMonthly
24/7 monitoring and transparency
Summary◉ Start from small: perform analysis
◉ Track code quality everyday
◉ Develop your own standard, or use existing
◉ Organize support process to make SonarQube alive
◉ Transparency 24/7, even for customers
Questions
THANKS!Resources◉ http://sonarqube.org◉ http://docs.sonarqube.org/display/PLUG/Plugin+Library◉ https://analysis.apache.org/
Links◉ https://facebook.com/dmytro.wng◉ http://slideshare.net/DmytroPatserkovskyi