sonarqube - should i stay or should i go ?
Post on 28-Jul-2015
126 Views
Preview:
TRANSCRIPT
SonarWhat ?
Developers – Maintenability
– Good programming practises
– Bugs
Tech transfer – Info on software maturity
– Better valuation
– Preparation for a due diligence (Technical Debt)
Static code analysis
Sonar not what !
What it doesn’t do : • Performance analysis (memory, CPU)
• Conformity to requirements specifications
• Expertise on architecture and technological choices
SonarWhat ?
Open source (LGPL v3)
Developped by a Swiss company : SonarSource
Used by major companies (Thales, Cisco, Siemens, Adobe, Tom-Tom…)
Supports more than 20 programming languages
Supported languages
Free – Java / groovy
– Python
– Web
– Android
– C++
Commercial
– C/C++/objective C
– Visual Basic
– COBOL
– Swift
Not supported – Fortran
– Matlab
– R
– Pascal
Basic metrics : LOC
• LOC = Lines of Code
• Useful for reporting
• Sometimes used in software valuation (Cocomo II)
Complexity
= number of ways to run through code
In practise : if, while, for… à +1
Guide value : complexity /function should be less than 8.
Issues
• Possible bugs
• Security issues
• Coding rules / style
• Show « magic numbers »
Guide value : no blocker or critical errors.
SonarQube, in short
• A set of « quality » metrics
• Better use : day-to-day
…or even continuous integration !
A continuous improvement
• Software protection and licenses http://www.interface.ulg.ac.be/docs/Researchers_Guide.pdf
Fossology installed and running
• Software quality
http://www.interface.ulg.ac.be/docs/Metriques-qualite-logiciel.pdf
SonarQube installed and running + C/C++ commercial plugin
SonarQube : our services
• Snapshot analysis – A first contact with SonarQube
• Preparation for a transfer – Before a tech transfer (license or spin-off)
– Before opening the code
• Operational use – Day-to-day use of our SonarQube instance
Conclusions
• SonarQube is useful for : – Short term quality mission
– Day-to-day use (up to continuous integration)
• A SonarQube instance is available at ITF :
– Commercial C/C++ plugin installed
– One shot analysis
– Account creation for day-to-day use
è Contact me !
top related