Tải bản đầy đủ

SonarQube in action

IN ACTION
G. Ann Campbell
Patroklos P. Papapetrou
FOREWORD BY Olivier Gaudin

MANNING
www.it-ebooks.info


SonarQube in Action

Download from Wow!
eBook
www.it-ebooks.info


Download from Wow!
eBook
www.it-ebooks.info



SonarQube in Action
G. ANN CAMPBELL
PATROKLOS P. PAPAPETROU

MANNING
SHELTER ISLAND

Download from Wow!
eBook
www.it-ebooks.info


For online information and ordering of this and other Manning books, please visit
www.manning.com. The publisher offers discounts on this book when ordered in quantity.
For more information, please contact
Special Sales Department
Manning Publications Co.
20 Baldwin Road
PO Box 761
Shelter Island, NY 11964
Email: orders@manning.com

©2014 by Manning Publications Co. All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in
any form or by means electronic, mechanical, photocopying, or otherwise, without prior written
permission of the publisher.

Many of the designations used by manufacturers and sellers to distinguish their products are
claimed as trademarks. Where those designations appear in the book, and Manning
Publications was aware of a trademark claim, the designations have been printed in initial caps
or all caps.

Recognizing the importance of preserving what has been written, it is Manning’s policy to have
the books we publish printed on acid-free paper, and we exert our best efforts to that end.
Recognizing also our responsibility to conserve the resources of our planet, Manning books
are printed on paper that is at least 15 percent recycled and processed without the use of
elemental chlorine.

Manning Publications Co.
20 Baldwin Road
PO Box 261
Shelter Island, NY 11964

Development editor:
Copyeditor:
Proofreader:
Typesetter:
Cover designer:

Susanna Kline
Tiffany Taylor
Toma Mulligan
Dottie Marsico
Marija Tudor

ISBN 9781617290954
Printed in the United States of America
1 2 3 4 5 6 7 8 9 10 – EBM – 18 17 16 15 14 13

Download from Wow!
eBook
www.it-ebooks.info


To the software architects, programmers, testers, project managers, executives,
and end users of every piece of software ever written.
We hope this book will make your lives easier.

Download from Wow!
eBook
www.it-ebooks.info


Download from Wow!
eBook
www.it-ebooks.info


brief contents
PART 1 WHAT THE NUMBERS ARE TELLING YOU .........................1
1
2
3
4
5
6
7









An introduction to SonarQube 3
Issues and coding standards 26
Ensuring that your code is doing things right
Working with duplicate code 64
Optimizing source code documentation 82
Keeping your source code files elegant 96
Improving your application design 113

42

PART 2 SETTLING IN WITH SONARQUBE . ...............................135
8
9
10
11






Planning a strategy and expanding your insight 137
Continuous Inspection with SonarQube 156
Letting SonarQube drive code reviews 178
IDE integration 205

PART 3 ADMINISTERING AND EXTENDING . ..............................221
12
13
14
15
16







Security: users, groups, and roles 223
Rule profile administration 237
Making SonarQube fit your needs 262
Managing your projects 287
Writing your own plugin 305
vii

Download from Wow!
eBook
www.it-ebooks.info


Download from Wow!
eBook
www.it-ebooks.info


contents
foreword xvii
preface xix
acknowledgments xxi
about this book xxiii
about the cover illustration xxviii

PART 1 WHAT THE NUMBERS ARE TELLING YOU ................1

1

An introduction to SonarQube 3
1.1

Why SonarQube

4

Proven technologies 6
language 6

1.2



Multilingual: SonarQube speaks your

Running your first analysis

7

Installation considerations 7 Analyzing with SonarQube
Runner 8 Analyzing multilanguage projects 9 Seeing the
output: SonarQube’s front page 9 Drilling in: the
dashboard 10








1.3

Seven Axes of Quality

13

Potential bugs and coding rules 14 Tests 15
duplications 15 Architecture and design 16
Complexity 18




1.4

The languages SonarQube covers

18

ix

Download from Wow!
eBook
www.it-ebooks.info



Comments and


x

CONTENTS

1.5

Interface conventions

20

Hierarchy: packages and classes in a metric drilldown 20
details 21
Trend arrows

1.6

Related plugins

23


Views

Issues and coding standards

26

2

2.1
2.2

Summary

File

22

Technical debt 23

1.7



24

24

Looking at your issues 27
What issues mean, and why they’re potential
problems 30
Bugs 31 Potential bugs 31 Indications of (potential)
programmer error 32 Things that may lead to future programmer
error 34 Inefficiencies 35 Style inconsistencies (future
productivity obstacles) 36








2.3



Where do issues come from? 36
Picking a rule profile 37
default 38

2.4

Related plugins
SCM Activity

2.5

3

Summary



Viewing profiles and changing the

40

40

41

Ensuring that your code is doing things right 42
3.1

Knowing how much of your code is doing things right
Understanding unit-test metrics
coverage metrics 47

3.2

44

Explaining metrics on a file level



Getting reports on unit-test

50

Hunting source code lines with low coverage
problems in your unit tests 54

3.3
3.4

50



Finding

Configuring your favorite code-coverage tool 57
Changing the default selection

Integration testing

57

58

Displaying integration testing coverage on the dashboard 59
Getting IT information in the source code Coverage tab 60

3.5
3.6

Related plugins
Summary 63

43

61

Download from Wow!
eBook
www.it-ebooks.info


xi

CONTENTS

4

Working with duplicate code

64

4.1

The hidden cost of duplicate code

4.2

Identifying duplications

65

66

Finding your first duplication 67 Finding duplications on a
larger scale 69 SonarQube’s duplication metrics 69
Drilling in: from the duplications widget to the Duplications
tab 70




4.3

Realizing the impact of code duplication

73

The DRY principle: minimizing and eliminating duplications
Duplications vs. size and complexity 74

4.4

Finding duplications across multiple projects
Turning on cross-project duplication detection 75
duplications in source code tab 75

4.5

Cleaning up your duplications

74


Cross-project

77

Introduction to refactoring patterns 77 Applying patterns to
remove code duplication 77 Time for a new commons
library? 79




4.6
4.7

5

Related plugins
Summary 81

80

Optimizing source code documentation 82
5.1
5.2

To document or not? 83
Even commenting has its own metrics 84
How SonarQube calculates metrics 84
are telling you 86

5.3

Identifying undocumented code



What the numbers

87

Finding files to improve documentation 88
generic tab in the source code viewer 89

5.4

Related plugins
Widget Lab

5.6

Viewing the

Simplifying your documentation strategy
Picking a documentation tool
straightforward process 91

5.5



Summary

93

90



90

Defining a

92


Doxygen

93

94

Download from Wow!
eBook
www.it-ebooks.info

73


xii

CONTENTS

6

Keeping your source code files elegant 96
6.1

Keeping complexity low 97
Hunting those huge files 97
how to fix it 99

6.2

Complexity: what it looks like and



Lack of Cohesion of Methods: files that do too much 101
Getting reports about the LCOM metric 102 Counting
responsibilities 103 Refactoring for fewer responsibilities


106



6.3

RFC and couplings: classes with too many friends
Response for Class 108

6.4

7

Summary

Couplings



110

112

Improving your application design
7.1

108

Layering your code

113

114

Looking at dashboard widgets 114 Understanding cycles and
unwanted dependencies 115 Moving from project to package
level 117




7.2

Discovering dependencies and eliminating cycles

118

Navigating the Dependency Structure Matrix 119 How the DSM
works 121 Identifying cycles 124 Library management for
Mavenites 127 Browsing the library-dependency tree 127
Who uses this library 131








7.3
7.4

Defining your architectural rule set
Summary 134

132

PART 2 SETTLING IN WITH SONARQUBE . ..................... 135

8

Planning a strategy and expanding your insight
8.1

Planning your strategy

137

138

Picking a metric 139 Holding your ground 141 Moving the
goal posts 141 Boy Scout approach: leave the class better than
you found it 142 SonarQube time: worst first 143
Re-architect 143 The end game 144










8.2

History and trending
Time Machine 145

8.3



145
Events and database cleanup 149

Everything’s a component
Project component view

150

150


No package history

Download from Wow!
eBook
www.it-ebooks.info

152


xiii

CONTENTS

8.4

Related plugins
Tab Metrics

8.5

9

Summary

153

153

Widget Lab



154

154

Continuous Inspection with SonarQube 156
9.1

Introducing Continuous Inspection

157

What and how? 157 Life before and after Continuous
Inspection 158 The big picture 159




9.2

Triggering your analysis with CI
Jenkins setup 162
practices 168

9.3



160

Other CI systems

Monitoring quality evolution

167



Best

169

Exploring differential views in the project dashboard 169
Differential views in the issues drilldown 172 Differential views
in the source code viewer 173 Choosing differential
periods 173 The Compare service 174






9.4

Related plugins
Cutoff

9.5

10

Summary

175



175
Build Breaker

176

177

Letting SonarQube drive code reviews 178
10.1

Reviewing code in SonarQube

179

Issues: a starting point 179 Confirm, comment, and assign: the
simplest workflow options 181 False positives: sometimes
SonarQube gets it wrong 183 Changing severity: not every issue
is that bad 186 Altering the code to make SonarQube turn a
blind eye 186 Viewing the audit trail 188










10.2

Creating manual issues: when the rules aren’t
enough 188
Why you would want extra issues 188
issues 189

10.3

Tracking issues

Making manual

190

Life cycle of an issue 190
Searching issues 195

10.4





Tracking squashed issues 194

Planning your work with SonarQube’s action plans 196
Why bother with action plans? 196 Managing action
plans 196 Using action plans 197 Tracking action
plans 198






Download from Wow!
eBook
www.it-ebooks.info


xiv

CONTENTS

10.5

Structuring a code review 198
Why: talking about code 199
Where 200 How 201

Who



200



When

200



10.6

Related plugins
JIRA

10.7

11

202

Summary

IDE integration
11.1



Taglist

202

What’s supported 206
207



Eclipse support

Setting up Eclipse integration


Issues Report

11.6

210

Working your assigned issues

Summary

212

214

Running a local analysis
Related plugins 218

208

Configuring the server 211

Finding your assigned issues
code 216

11.4
11.5

204

205

Installing the plugin 210
Project association 211

11.3

Widget Lab



204

Generic support

11.2

202



Finding and fixing the

216

218

219

PART 3 ADMINISTERING AND EXTENDING . .................... 221

12

Security: users, groups, and roles
12.1

223

Creating users and groups

224

Managing users 224 Personalization: what users can manage
for themselves 226 Managing groups 227




12.2

Roles: who can do what

229

Project Administrator role 230 User role
role 232 Best practices for roles 232


231



Code Viewer



12.3
12.4

System administrators
Related plugins 234
LDAP

12.5

Summary

235



OpenID

233
235



Crowd

235



PAM

236

Download from Wow!
eBook
www.it-ebooks.info

236


xv

CONTENTS

13

Rule profile administration 237
13.1

Making your own profile: copy and modify

238

Copy or start from scratch? 238 Your first profile edits and their
quality implications 240 Adding rules: how to find them and
why you’d want to 242




13.2

Profile inheritance

243

Establishing inheritance

13.3

243



Managing the relationship

245

Rule editing 246
Customizing individual rules: editing rule parameters 246
Cookie-cutter rules: the ones you can duplicate 248 Extend
Description: the rest of the story 250 Notes: profile-specific records
on individual rules 250




13.4
13.5

Alerts: knowing when your metrics have crossed
the line 252
How to track profile changes 254
Changelog: who did what, when 254
when changes go into production 255
comparison 256

13.6

Administrative miscellany




Profile versions:
Profile

256

Project assignment: which project uses which profile 257
Profile backup and restoration 258 Permalinks 258


13.7

Plugins

259

Switch Off Violations

13.8

14

Summary

259

Widget Lab

260

261

Making SonarQube fit your needs
14.1



Exploring filters

262

263

Adding a new filter 263 Customizing the filter view 265
Advanced filtering 266 SonarQube’s default filters 269




14.2

One size doesn’t fit all: managing global dashboards

270

Creating your first global dashboard 271 Customizing your
dashboards 272 Defining default global dashboards 275




14.3

Getting notified by SonarQube 277
Activating the notification mechanism 277
types 278



Subscribing to event

Download from Wow!
eBook
www.it-ebooks.info


xvi

CONTENTS

14.4

Adjusting global settings
Database cleaner 280
Server ID 282

14.5



279

General

281



Localization

Housekeeping 282
Backing up your SonarQube configuration
the update center 283

14.6

15

282

Summary

282



Working with

286

Managing your projects 287
15.1
15.2

Working with project dashboards 288
Adopting Continuous Inspection more quickly

289

Assigning quality profiles 290 Defining your own metrics
Excluding source code from analysis 296 Understanding
versions, snapshots, and events 297


291



15.3

Exploring the rest of the project configuration

299

Changing permissions 300 Setting project links 300
Modifying the project key 302 Deleting projects 303
Miscellaneous settings 304




15.4

16

Summary

304

Writing your own plugin
16.1
16.2

305

Understanding SonarQube’s architecture
Implementing the Redmine plugin 307

306

Creating the plugin Maven project 308 Defining the plugin’s
available configuration 310 Describing the metrics: what you’ll
calculate and store 313 Implementing your analyzer with a
sensor 314 Creating your first widget 318 Supporting
internationalization 321 A decorator example 322












16.3
16.4
appendix A
appendix B

Adding support for new programming languages
Summary 325
Installation and setup 327
Analysis 338
index 355

Download from Wow!
eBook
www.it-ebooks.info

324


foreword
The software industry is still a young industry in which software quality means for many
people “pain,” “cost,” “constraint,” “nice to have,” “one-shot effort,” or “external
reviews.” Fortunately, with the Agile movement, the industry has started to realize during the last decade that software quality also means “fun,” “built-in,” “rewarding,” and
“higher productivity.” Ann Campbell and Patroklos Papapetrou belong to the latter
group, and they strongly believe that software quality should be a daily concern shared
by all stakeholders in the industry for long-term success.
Software quality is divided into external and internal quality. External quality looks
at how well the software fulfills its functional requirements: in other words, whether
you’re building the right software. Internal quality looks at how well the software is
designed/implemented to constantly welcome new changes: in other words, whether
you’re building the software right. Industry statistics show that on average, 80% of the
cost of software is spent on maintenance; there is considerable variability depending
on internal quality. This makes internal quality a key component for the future cost of
software.
This is the reason why managing code quality of applications has become a major
concern for any company that builds or is involved in building software. Traditional
approaches to managing code quality propose to test code from time to time, mainly
at the end of a development phase. In the best case, this approach leads to delays and
re-work; in the worse case, it leads to the shipment of poor-quality, expensive-to-maintain software. There is therefore an urgent need for a new approach: one that clearly
gives ownership of code quality back to the development team; one that emphasizes
quality throughout the development phase and has a shorter feedback loop to ensure

xvii

Download from Wow!
eBook
www.it-ebooks.info


xviii

FOREWORD

rapid resolution of quality problems; in short, a model that builds in quality from the
start, rather than considering it after the fact.
This is the mission we have set ourselves at SonarSource: to provide tooling for
support of this new approach called Continuous Inspection. This is what we believe
we have achieved with SonarQube, the open source platform to continuously manage
technical debt. SonarQube has a large ecosystem, is widely adopted, and has a very
large community. Ann and Patroklos are part of this community and among the most
active members, contributing not only by their feedback but also by expanding the
ecosystem. When they approached me with the idea of writing a book, I was thrilled,
because this is clearly something that is missing in the SonarQube ecosystem. Having
Ann and Patroklos writing it also meant it would have some great insight from the
community and, more important, that it would contain the end-user perspective on
the solution.
This book will be your companion in your journey with SonarQube. It will take you
from why you should use SonarQube to installation, configuration, administration,
and utilization of services, up to extending the platform. You can use it either by reading through from A to Z or as a support reference for information about a specific
topic.
But that isn’t all! Ann and Patroklos also discuss the process surrounding the tool,
challenge existing and missing functionality, and provide numerous tips for using
SonarQube, all based on their own experience. Whatever your level of familiarity with
the product, you’ll learn from this book. This is what, in my opinion, makes this book
a unique source of information for a successful implementation.
Enjoy!
OLIVIER GAUDIN
CEO AND COFOUNDER
SONARSOURCE

Download from Wow!
eBook
www.it-ebooks.info


preface
“Would you like to help me write a book about Sonar?” My reaction was immediate:
“Yes!”
I knew Patroklos Papapetrou from the Sonar mailing list, and I was aware that he
was pitching Sonar in Action (now SonarQube in Action, to match the technology’s new
name) to Manning. What I didn’t know was that he wanted a coauthor. Because I was
a native English speaker and active (and helpful) on the list, he thought of me. I had
only been a member of the list for about six months, but I’d been aware of Sonar since
late 2008 when my boss came across a mention of Sonar and asked me to evaluate it.
I was coding in Java at the time, but I had started my programming career with Perl
and C. Lint was your friend, and bugs were found the hard way—by the users. So I
found Sonar intriguing. It promised to scan each line of code and point out all kinds
of things that were wrong or could go wrong. But to use it, you had to be building with
Maven. Unfortunately, we were in an Ant-build shop. Sonar was off the table.
Fast-forward to early 2010. Sonar was approximately three years old, but already it
was gaining broad acceptance among community and enterprise users and being
downloaded more than 2,000 times a month. Patroklos had found the Sonar website
while researching software quality tools, and it was a classic boy-meets-software story.
(Cue the sappy music.) It didn’t take long before he was in love and Sonar was one of
his favorite tools.
Meanwhile, I had begun moving our Ant builds to Jenkins (it was still called Hudson then), and I stumbled across the Sonar plugin for Hudson. It works differently
now, but at the time, it performed a shallow “Maven-ization” of a non-Maven project
and ran an analysis. Hmmm. Maybe Sonar was back on the table.

xix

Download from Wow!
eBook
www.it-ebooks.info


xx

PREFACE

I installed Sonar and the plugin on my localhost and ran an analysis. When I
poked around in the results, I didn’t understand everything I was seeing, but I knew I
liked the way it presented issues in the context of the offending code. And because
Sonar had a web-based front end, instead of having to send quality reports to people, I
could send the people to the reports! When I showed my colleagues, they agreed that
what we were seeing was good stuff, so we teamed up on our management.
We pretty quickly got first-level management’s buy-in to pilot Sonar, and we started
talking about it to anyone who would listen. Pretty soon other teams were approaching me to set them up “with that Sonar thing.” We were seeing a viral adoption. After
only a couple of months, management at the next level up said that everyone needed
to be on Sonar by the end of the year.
By this time it was early 2011, and Patroklos was an active member of the Sonar
community. He had spent 2010 telling everyone he knew about Sonar via his articles
and blog posts. He also implemented his first Sonar plugin that year. By August of
2011, he was such a prominent figure in the small Sonar community that another publisher approached him to write a book about it. He was flattered, but didn’t have the
time to do it justice, so he turned it down.
But although Patroklos didn’t write that book, he didn’t forget the idea. When his
schedule cleared at the end of the year, he approached Manning about writing Sonar
in Action. A few short months after that, we were on our way.
Our goal in writing this book has been to condense the SonarQube lessons we
learned in the last few years, combine them with whatever wisdom we can lay claim to
from our combined 30 years of programming, and put a bow on all of it for you. The
first time I ran a Sonar analysis, I didn’t understand some of the things I was seeing,
but we don’t want that to happen to you. We’ll tell you not only what SonarQube’s
metrics mean, but also why you should care and (unless it’s really, really obvious) what
steps to take in your code to get started fixing what’s wrong. We’ll help you plan a
strategy for tackling your technical debt, and we’ll show you how to make SonarQube
a part of your routine rather than something extra you have to remember to do. We’ll
guide you in twiddling SonarQube’s knobs so you can tune it to get the best experience in your environment. And finally, in case you feel the need, we’ll show you how
to get started writing your own SonarQube plugin.
Over and over, I’ve seen this in action: good programmers are passionate about
quality code. Show us what the problems are, and we’ll be almost compelled to fix
them. In the past, the hard part has been pinpointing the problems. With SonarQube,
the only hard part is finding the time to deal with them. Code quality used to be hard.
Now it’s easy. Welcome to SonarQube.
ANN CAMPBELL

Download from Wow!
eBook
www.it-ebooks.info


acknowledgments
When we signed up to write this book, we didn’t know how much effort it would
require. It was for both of us our first authoring attempt, and although Ann had considerable experience with documentation and journalism, Patroklos’s most recent
writing had taken place a decade earlier. Without the assistance of many people, this
book would definitely not be in your hands or on your screen right now. It’s much
more likely that we would still be working on it.
From day one of the project, help has poured in, and all of it has been not only
appreciated but essential. If we’ve forgotten anyone, please accept our sincere apologies. In no particular order, we’d like to thank the following people for their work and
support.

Manning Publications
Many thanks to publisher Marjan Bace for accepting the initial proposal of two new and
inexperienced authors. He helped the book take its first—and most important—step.
Thanks to Christina Rudolph and Michael Stephens, who were the first two people
we talked with about the book. They guided us as we improved our proposal, and they
explained the publishing process in detail.
Hillary Clinton said it takes a village to raise a child. It turns out that it takes one to
produce a book, too. Clearly, our development editor, Susanna Kline, deserves a
shout-out for her continuous support and help. Her patience and encouragement
were invaluable.
Thanks to Bert Gates and Cynthia Kane for teaching us how to write our first chapters following “Manning style.”

xxi

Download from Wow!
eBook
www.it-ebooks.info


xxii

ACKNOWLEDGMENTS

Thanks to Candace Gillhoolley for her marketing efforts on the first MEAP release.
She is a master of social media.
Knowing that we didn’t have to worry about every semicolon because a copyeditor
would come after us has been tremendously freeing; our thanks to Tiffany Taylor. And
thanks to many other members of the Manning team who helped us behind the
scenes: Maureen Spencer, Kevin Sullivan, Olivia Booth, Toma Mulligan, Mary Piergies,
Dottie Marsico, and Janet Vail. And special thanks to our technical proofreader, Craig
Smith, for his final review of the manuscript shortly before it went into production.

The SonarSource team
Of course, without SonarQube itself, the book wouldn’t have been possible. That puts
the folks at SonarSource squarely at the front of the line for thanks for their incredible free and open source contribution to software quality. More than simply providing
the software, they’ve actively supported this book. SonarSource CEO Olivier Gaudin
and Product Director Freddy Mallet reviewed each chapter, offering invaluable feedback and insight. The fact that we have their blessings and support … wow. We
couldn’t ask for more. Without their help, we wouldn’t have been able to publish this
book with the most updated material.

The reviewers
Thanks to our MEAP readers and to the reviewers who read the manuscript at various
stages during its development and gave helpful comments and feedback to our editors
and to us: Alex Garret, Bobby Abraham, Brandon Campbell, Chris Baxter, Christopher Taylor, Gregor Zurowski, Jason S. Shapiro, Javier Garcia Martin, Joshua White,
Mark Elston, Michael Hüttermann, Mikkel Arentoft, Rashid Jilani, Reinhard Prehofer,
Robert Wenner, and Steven Hicks.

Ann Campbell
I’d like to thank my husband, Charles Nix; my dog; and the rest of my family for their
patience with me this past year as I concentrated on writing rather than on … really,
anything else in my life.
I’d also like to thank my high school English teacher, Dr. Richard L. Handlesman (“Doc” to his students), for forcing me to write an essay every two weeks; and
my mother, Polly Campbell, for teaching me to write them (whether I wanted to
learn or not).

Patroklos Papapetrou
I’d like to thank my loving and beautiful wife, Anna, for her patience all these months,
especially during the weekends. Without her encouragement, I wouldn’t have
managed to finish my part of the book. Thanks to my sons, Panagiotis (age 4) and
Charis (age 2), who understood that sometimes Daddy couldn’t play with them or go
to the park. You can have me back now! Thanks to our families for their patience as
well and for sometimes watching the kids to let me work on the book.

Download
from Wow! eBook
www.it-ebooks.info


about this book
Welcome to SonarQube in Action. This book is aimed at turning all the tedious and
sometimes hard-to-understand stuff about source code quality and software metrics
into an exciting experience. It aims to become the Holy Bible of software quality: a
reference for every development team that wishes to improve their source code. You’ll
see that metrics are meaningful and affect several aspects of your software’s health. In
this journey, SonarQube will be our pilot. SonarQube is an open source platform for
continuously measuring, managing, tracking, and improving source code’s quality.

How this book is organized
We begin each chapter of the book by describing a real problem/situation, and then
we talk about the features of SonarQube and the relevant metrics that help you
address and eventually solve that problem. We elaborate by providing some theoretical background, we discuss best practices (if any), and we end each chapter by talking
about relevant—to the chapter’s topic—SonarQube plugins and how you can take
advantage of them.
Now it’s time to list in detail the book’s content.
Part 1 gives you an overview of SonarQube, explains the seven axes of quality (like the
seven deadly sins of software development), and sets the stage for the following parts.
We introduce SonarQube’s key features and benefits and discuss the core metrics that
SonarQube calculates.
 Chapter 1 sets the scene, introducing the core concepts of SonarQube. We

begin by showing you what you should expect to see when you analyze a project

xxiii

Download from Wow!
eBook
www.it-ebooks.info


xxiv

ABOUT THIS BOOK










using SonarQube for the first time. We briefly discuss the different metrics presented in SonarQube’s dashboard. At the end, we present the Technical Debt
plugin.
Chapter 2 introduces the topic of code issues. You’ll learn, among other things,
where they come from and how they’re related to bugs or potential bugs.
Chapter 3 is all about testing (unit and integration). It describes the importance of code-coverage metrics and how they’re calculated, and it gives you
some tips for improving the test quality and coverage of your code.
Chapter 4 focuses on duplicated code by illustrating the problems that may
arise and the resulting impact on the quality and maintainability of your source
code.
Chapter 5 deals with a topic which is rarely considered by development teams as
a quality factor: documentation. You’ll find out when and why it’s a good practice to document your code, and we’ll present a proposed documentation strategy that fits any development process.
Chapters 6 and 7 talk about design and complexity. Although some may argue
that they’re more or less the same thing, we’ve chosen to split them in order to
provide more examples and illustrate their value in code quality.

Part 2 discusses how you can get the best out of SonarQube, where it fits in any development lifecycle, and how to make it part of your everyday work life. It also introduces
the concept of Continuous Inspection, which is the ultimate target when talking
about software quality.
 Chapter 8 discusses several approaches for improving the quality of your source

code. You can pick one or all of them based on your experience. Then we’ll
take you on a tour of all the possible data perspectives that SonarQube offers,
and we finish by explaining the concepts of history and trending.
 Chapter 9 delves into the details of Continuous Inspection. We’ll talk about
integrating SonarQube with Jenkins, and you’ll learn about the star feature of
differential views that lets you track quality evolution over time.
 Chapter 10 deals with the popular practice of code reviews and explains how
you can benefit from SonarQube. You’ll find out how issues are associated with
reviews, how to track them, and what SonarQube features let you plan your
work with action plans.
 Chapter 11 talks about integrating SonarQube with Eclipse. Enjoy most of the
SonarQube advantages without leaving your IDE by following the step-by-step
guide provided in this chapter.
Part 3 covers several administrative topics and gives you ideas about customizing and
tuning SonarQube to make it suitable for any kind of project. In an enterprise environment with a SonarQube installation that hosts several projects, it’s a good idea to
adjust many of SonarQube’s predifined settings to fit your needs. This part of the

Download from Wow!
eBook
www.it-ebooks.info


Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay

×

×