Versions Compared

Old Version 17

changes.mady.by.user Branko Marovic

Saved on

compared with

New Version Current

changes.mady.by.user Marcin Wolski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • SonarQube setup assistance

  • Extended source code review review 

  • Software Composition Analysis

  • Software Licence AnalysisAnalysis 

These vary in the review, scope and granularity of the report, and usually compromise between automated analysis and manual review activities. The main differences between automated analysis and manual review are as follows:

  • Automated code analysis concerns, among others, maintainability, security, and reliability as the core quality metrics as well as the analysis of software dependencies and their licences. SonarQube (SQ) tool scans the source code of the development project, identifying flaws and vulnerabilities in the source code based on internally computed software metrics and comparing the subject source code with known anti-patterns. The tool defines Quality Gates that can verify if the code meets specific requirements (such as requirements defined by Product Lifecycle Management (PLM)) and provide recommendations for the decision-makers. Mend tool performs software composition analysis identifying among other licences and vulnerabilities of external components used by a software project.
    Automated code analysis is a great feature when new code needs to be constantly and quickly scanned for many common reliability and security issues. However, it is not able to detect complex or complicated situations or side effects that could happen during runtime.
  • Manual expert review has the same quality objectives as automated code analysis, but it is conducted by domain experts. These Subject Matter Experts (SMEs) conduct the review in an exploratory manner, or by using pre-defined checklists. Experts review and validate the results reported by the automated code analysis and independently check the parts of code or software components that require particular attention, e.g., classes or components that are complex and play important roles in the system.
    The expert code review requires significantly more effort than automated analysis, so it is performed according to the priorities defined by the requestor. A manual review takes much longer than automated analysis but gives more precision with complex code and execution structures.


Info
titleOur competences

Task 2 SMEs are highly skilled in the following software languages: Java, C#, SQL, PHP, JavaScript and Python.
If your product is written in another language/technology do not hesitate contacting us to discuss the options to carry out a software review. 

 

SonarQube Setup Assistance

...