2017-12-06

Mantas Gedrimas

What’s SonarQube?

• Static code analysis tool

• Open-source

• Commercial for some languages

• Creators – SonarSource (Switzerland)

2017-12-06 VU, MIF

Supported Languages

• Free (open-source):

– JavaScript, C#, Java, PHP, Python, HTML…

• Commercial:

– C/C++, COBOL, PL/SQL, VB.NET, Objective-C,

Swift…

2017-12-06 VU, MIF

Supported Languages

• Several languages can be used at the same time

2017-12-06 VU, MIF

Overall Health

2017-12-06 VU, MIF

Focus on the Leak

2017-12-06 VU, MIF

Enforce Quality Gate

2017-12-06 VU, MIF

Analyze pull requests

2017-12-06 VU, MIF

Branch Analysis

2017-12-06 VU, MIF

Dig into issues

2017-12-06 VU, MIF

Highlight hot spots

2017-12-06 VU, MIF

Visualise the history of a project

2017-12-06 VU, MIF

Detect Bugs

2017-12-06 VU, MIF

Code Smells

2017-12-06 VU, MIF

Security Vulnerability

2017-12-06 VU, MIF

Activate The Rules You Need

2017-12-06 VU, MIF

Explore All Execution Paths

2017-12-06 VU, MIF

Build Systems

2017-12-06 VU, MIF

CI Engines

2017-12-06 VU, MIF

Pass/Fail Notification

2017-12-06 VU, MIF

Metrics

• LOC

• Functions

• Classes

• Files

• Directories

• ...

2017-12-06 VU, MIF

Metrics

• Cyclomatic complexity

• Comments

• Coverage

• …

2017-12-06 VU, MIF

Questions?

2017-12-06 VU, MIF