Table of Contents
What is SonarQube
SonarQube is a web-based open-source platform used to measure and analyse the quality of source code. Its static code analysis provides insights into code issues and technical debt, helping to assess the code quality in a software project, but also to estimate the remaining effort needed for achieving the production level. SonarQube also helps with tracking code coverage with unit tests. These features reduce the chances of deploying broken or untested code, particularly during the maintenance phase. Use of such a tool helps to identify many bugs and vulnerabilities that would otherwise stay undetected and cause damage. SonarQube’s tracking of quality norms allows enforcing them and making the code more reliable and readable. Readability for its part increases productivity and quality, as developers must read many lines of code before editing one; therefore, making the code easier to read makes it easier to write.
- Continuous inspections within a continuous integration and deployment integration (DevOps) lifecycle managed by a tool such as GÉANT GitLab (GitLab info), Bamboo, Jenkins (Jenkins info), (details in MANUAL: Adding Software Projects to SonarQube [DRAFT], MANUAL: Continuous Integration Setup with GitLab, Jenkins and SonarQube (Community Edition)). This is the recommended scenario.