Code review with SonarQube

You know, for the code quality

Intro code quality analysis with SonarQube Renato Ivancic

Bad code

  • Bugs
  • Time spent for code reviews
  • Complexity - hard to maintain or to add new feature

3 Lines of Defense

  1. Sonar Lint
  2. Code Review/Pair Programming
  3. Sonar Qube

Measure quality

why

  • Source code is the heart of the system
  • At some point maintaining old system
  • System is almost never finished
  • Can't improve if its not measured
  • Prevention vs. Treatment


How

  • From day 1
  • Continuously, CI
  • Customize

What SonarQube is / does

  • Free & open source “Code Quality Platform”
  • Provides moment-in-time quality snapshots
  • Gives trends of lagging and leading indicators
  • Tracks developers’ seven deadly sins (seven axes of quality)

How does it work

  • Analyzes source code and byte code
  • Computes hundreds of metrics
  • Associates metrics with analysis snapshots
  • Shows the results in dashboards and widgets accessible by any browser

7 Deadly Sins

  • Coding Rules
  • Complexity
  • Duplicated code
  • Potential bugs
  • Test coverage
  • Arhitecture, design
  • Comments

Hands on

Take-away

Only tool

  • Code Review
  • Unit Tests
  • Functional Tests
  • CI/CI
  • Requirements
  • Static Analysis