The following are the terms and tools within the overall principles described above that successful DevOps engineers need to know
SonarQube (formerly known as Sonar) is an open source tool suite to measure and analyze to the quality of source code. It is implemented in Java language and is able to analyze the code of about 20 different programming languages. Anything that affects code base, from minor styling details to critical design errors, is inspected and evaluated by SonarQube, which helps software application developers to identify the issue and its effect.
Write Clean Code
• Overall Health
Discovered issues can either be Unreachable source code, a Bug, Vulnerability, Code Smell, Coverage or Duplication. Each category has a corresponding number of issues. Dashboard page shows where you stand in terms of quality in a glimpse of an eye.
• Enfore Quality gate
To fully enforce a code quality practice across all teams, you need to set up a Quality Gate. A Quality Gate is a set of conditions the project must meet before it can qualify for production release. The overview of the project will show the results of the SonarQube analysis.
• Analyze Pull requests
SonarQube categorizes Issues in the different type. It displays the corresponding number of issues or a percentage value as per different categories.
There are five different severity levels of Issues like blocker, critical, major, minor and info.
The issues tab has different filter criteria like category, severity level, tag(s), and the calculated effort (regarding time) it will take to rectify an issue.
• Dig into Issues
From the issues tab, you have full power to analyze in detail what the main issues are, where they are located when they were added to your code base and who originally introduced them. It provides facility to assign an issue to another user, to add the comment on it, and change its severity level. On Click of a particular issue, shows more description about the issue.
• Detect Bugs
Represents wrong code which has not broken yet but it will probably at the worst possible moment. Examples include null-pointer, memory leaks, and logic errors.
• Code Smells
A maintainability-related issue in the code which indicate a violation of fundamental design principles. Code smell technically not incorrect but it is not functional as well. Examples include duplicated code, too complex code, Dead Code, Long Parameter List.
• Security Vulnerability
A security-related issue which represents a backdoor for attackers. Examples include SQL injection, hard-coded passwords and badly managed errors.
• 20+ Programming Languages
SonarQube 4.2 and higher version comes with code analyzer for each major programming language.
• Multi-Language Projects
• All projects in one place
SonarQube enables the centralized system of storing the code metrics which allows an organization to estimate and predict risks of the project. It will not only simplify the deployment but also allows making a qualitative step forward for the project management, monitor the project status.
• Shared rulesets
SonarQube provides the facility to create your own quality profiles, in which you can define Sonar Rules which can be shared among different projects.