mantas gedrimas - klevas.mif.vu.ltadamonis/tikv/1718r/pr/sonarqube.pdf · sonarqube analysis...
TRANSCRIPT
2017-12-06
Mantas Gedrimas
What’s SonarQube?
• Static code analysis tool
• Open-source
• Commercial for some languages
• Creators – SonarSource (Switzerland)
2017-12-06 VU, MIF
Supported Languages
• Free (open-source):
– JavaScript, C#, Java, PHP, Python, HTML…
• Commercial:
– C/C++, COBOL, PL/SQL, VB.NET, Objective-C,
Swift…
2017-12-06 VU, MIF
Supported Languages
• Several languages can be used at the same time
2017-12-06 VU, MIF
Overall Health
2017-12-06 VU, MIF
Focus on the Leak
2017-12-06 VU, MIF
Enforce Quality Gate
2017-12-06 VU, MIF
Analyze pull requests
2017-12-06 VU, MIF
Branch Analysis
2017-12-06 VU, MIF
Dig into issues
2017-12-06 VU, MIF
Highlight hot spots
2017-12-06 VU, MIF
Visualise the history of a project
2017-12-06 VU, MIF
Detect Bugs
2017-12-06 VU, MIF
Code Smells
2017-12-06 VU, MIF
Security Vulnerability
2017-12-06 VU, MIF
Activate The Rules You Need
2017-12-06 VU, MIF
Explore All Execution Paths
2017-12-06 VU, MIF
Build Systems
2017-12-06 VU, MIF
CI Engines
2017-12-06 VU, MIF
Pass/Fail Notification
2017-12-06 VU, MIF
Metrics
• LOC
• Functions
• Classes
• Files
• Directories
• ...
2017-12-06 VU, MIF
Metrics
• Cyclomatic complexity
• Comments
• Coverage
• …
2017-12-06 VU, MIF
Questions?
2017-12-06 VU, MIF