Sonarqube Overview

June Chung
3 min readAug 13, 2020

--

DASHBOARD OVERVIEW?

  • Can check bugs, vulnerability, code smell, technical debt
  • Also check code coverage(if test is used), duplications
  • Can filter by severity
  • File(where it is), assignee(who should do it)

Red lines in the code -> not covered by the unit tests

The numbers of measures will get better and better (after scanning multiple times)

> “Activity” allows you to check what has been going on with the code (if there are multiple scans — need to enhance ****)
ex. 12-aug Quality Gate:Green, 13-aug Quality Gate: Red, 17-aug Quality Gate: Green

> “Measures” allow you to view in an easy way of the overall measures (graphs)

HOW TO ASSIGN TASKS IN SONARQUBE
CF. Before starting — need to configure notifications for each account

Click on the Upper right account icon -> notifications -> add the project -> configure notifications

> Assigning the issue to someone -> just click on “assign” under the issue

If you don’t want to solve this issue (due to regulations, or effort) — Resolve as false positive
And this will not be counted in the technical debt that is shown in the dashboard

WHAT ARE MEASURES?

# Reliability : is more of a measure of bugs you have in your program.
# Security : is a measure of “vulnerabilities”
# Maintainability : is a measure of “Code smells” & “Technical Debt”
# Coverage : if there is unit testing, how much is covered by test
# Duplication : How many same logics do i have in my code
# Size : gives you a break down of Line of Code, Statement, functions, classes, files, directories, comments
# Complexity : gives you complexity in function, file, class
- Cognitive Complexity (Cyclomatic Complexity) : How many different control structures you have? How difficult is it to understand? — the lower the better

IS MY CODE GOOD ENOUGH? “QUALITY GATE”
enforcing the quality when it is analyzed (What is a Pass?)

Default : SONARWAY

You are able to change this by creating your own quality gate (A, B, C, D, E)

HOW TO CHANGE THE UNDERLYING RULES?
##Quality Profiles
= customizing the rules
- can change severity of an issue
- set desired severity
How it works? — inherits the parent quality profile -> and you override the rules

<Go to “Quality Profiles”>
> ‘SONARWAY’ is the built-in default rules

> Create a customized profile

> click on active/inactive rules to see the rules ( can customize severity & can activate more rules)

> If you click on ‘change projects’ below the custom-quality-profile, then the project will be executed by the new rules

--

--