SonarQube
SonarQube Overview
It is a software testing tool [static testing tool] which is used to test & improve
the quality of the code & help in fixing the error.If the code is written in a much
complex way Sonar will suggest to write it in a simpler way.If finds security error
ie... It helps to make the code more secure when we r deploying it in any environment.
It is configured with Jenkins, so that everytime we don't have to manually involve in
sonar testing of our code .Jenkins will take care to test our code automatically.
SonarQube can track bugs in our code or can raise issue in a piece of code that it feels faulty.It gives us a branch level analysis ie... It not only scan the master branch but also checks the other branches introducing error.
It perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. SonarQube is a Code Quality Assurance tool that collects and analyzes source code, and provides reports for the code quality of your project. It combines static and dynamic analysis tools and enables quality to be measured continually over time.this tool helps in delivering clean code and reviewing static analysis of code to detect
we can use any one of the supported databases: Oracle, Postgres, SQL Server, and of course MySQL.
Benefits :
SonarQube is open source.
SonarQube supports various languages such as C# and Java.
SonarQube reports duplicate code, code coverage, unit testing, code complexity historical, and so on.
We can integrate SonarQube with build tools, such as Gradle and ant.
SonarQube can track bugs in our code or can raise issue in a piece of code that it feels faulty.It gives us a branch level analysis ie... It not only scan the master branch but also checks the other branches introducing error.
It perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. SonarQube is a Code Quality Assurance tool that collects and analyzes source code, and provides reports for the code quality of your project. It combines static and dynamic analysis tools and enables quality to be measured continually over time.this tool helps in delivering clean code and reviewing static analysis of code to detect
we can use any one of the supported databases: Oracle, Postgres, SQL Server, and of course MySQL.
Benefits :
SonarQube is open source.
SonarQube supports various languages such as C# and Java.
SonarQube reports duplicate code, code coverage, unit testing, code complexity historical, and so on.
We can integrate SonarQube with build tools, such as Gradle and ant.
SonarLint
SonarLint is a SonarQube plugin which helps to easily integrate SonarQube with any IDE without any
need to download & install the whole Sonar software.
It offers reports on duplicate code,unit test,code complexity,code coverage, comments, bugs,any security vulnerability.It can track all the repositories at a common place & a profile[which r like some specific rule or coding standard to be followed] is set in sonar.Based on that profile our code quality is monitored. & vulnerabilities r identified.
SonarQube is different from SonarLint as
SonarQube is a server where you can receive your plans and perform code analysis, whereas SonarLint is a tool that enables us to relate with SonarQube and perform the analysis remotely. SonarLint can be practiced with IDE or can also be done via CLI instructions.
It offers reports on duplicate code,unit test,code complexity,code coverage, comments, bugs,any security vulnerability.It can track all the repositories at a common place & a profile[which r like some specific rule or coding standard to be followed] is set in sonar.Based on that profile our code quality is monitored. & vulnerabilities r identified.
SonarQube is different from SonarLint as
SonarQube is a server where you can receive your plans and perform code analysis, whereas SonarLint is a tool that enables us to relate with SonarQube and perform the analysis remotely. SonarLint can be practiced with IDE or can also be done via CLI instructions.
Code coverage using SonarQube
Code coverage gives us the metric of the percentage of production code that is tested. either
unit testing or integration testing.If the code coverage is good than we can have the faster release cycle.
Everytime we will try to build & run our code in azure repo .it will do unit testing, code coverage testing and all other testing & pre production steps involved.
SonarQube itself does not calculate coverage. To include coverage results in your analysis, you must set up a third-party coverage tool and configure SonarQube to import the results produced by that tool.SonarQube is used in integration with JaCoCo, a free code coverage library for Java. the minimum code coverage is set to 50%, even so, sonar is using its own code coverage threshold.
Code Coverage Percentage = (Number of lines of code executed)/(Total Number of lines of code in an application) * 100.
Everytime we will try to build & run our code in azure repo .it will do unit testing, code coverage testing and all other testing & pre production steps involved.
SonarQube itself does not calculate coverage. To include coverage results in your analysis, you must set up a third-party coverage tool and configure SonarQube to import the results produced by that tool.SonarQube is used in integration with JaCoCo, a free code coverage library for Java. the minimum code coverage is set to 50%, even so, sonar is using its own code coverage threshold.
Code Coverage Percentage = (Number of lines of code executed)/(Total Number of lines of code in an application) * 100.