Track code quality with SonarQube
Download as PPTX, PDF7 likes7,624 views
The document discusses the importance of tracking code quality using SonarQube, citing a Toyota incident that resulted in significant losses due to code bugs. It emphasizes best practices for writing code, maintaining documentation, and managing technical debt while leveraging metrics and quality gates for continuous inspection. Additionally, it outlines the community support for ongoing development and monitoring of code quality.
Track code quality with SonarQube
- 1. Track code quality with SonarQube
- 2. HELLO! I am Dmytro Patserkovskyi Project Manager and Founder of Dev SonarQube Community at V.I.Tech
- 3. Low code quality costs a lot
- 4. Toyota story Aug. 28, 2009, San Diego CA, USA ◉ Toyota reached 100 mph ◉ Phone call during event ◉ All 4 occupants killed in crash ◉ This is a trigger for Toyota investigation
- 5. Toyota story NASA’s investigation found 7134 violations in code. Oklahoma’s investigation found 81 514 violations in code.
- 6. Toyota story: Results ◉ Recall of 10 000 000+ cars entire the world. ◉ Lost of billions dollars. ◉ 89 death till 2010 because of bugs.
- 8. Source Code Should Be Simple & Readable Extendable Testable & Covered with Tests Flexible
- 9. Code Metrics
- 10. Rules Violations Code Style checks if code compliant with conventions Vulnerabilities search for bottlenecks with lacks of validations, security issues etc Bugs looking for bugs and potential bugs Performance checks if everything doing in the best way 100% - rules compliance
- 11. Code Coverage Line Coverage Branch Coverage Overall Coverage 85% - min overall coverage
- 12. Cyclomatic Complexity 10 - max compliant complexity 50 - function unsupported
- 13. Dublications I SHALL NOT DUPLICATE ANY CODE ANY CODE ANY CODE 0% - perfect solution 1% - keep buffer
- 14. Documentation Code tells you what is doing, documentation should tell why and how. JavaDocs Block Comments 100% - public documented API 15% - comments in code
- 15. Technical Debt Extra development work, that rises with not clear code. Financial DEBT Time DEBT
- 16. An open source platform for Continuous Inspection
- 17. 20+ programming languages 50+ official plugins
- 18. Quality Rules and Profiles Code Smells Bugs Vulnerabilities Quality Profile
- 19. Rules Plugins and Repositories 44 53 357 43 73
- 20. Quality Gates Set of boolean conditions per project, based on measure thresholds. Passed Warning Failed
- 21. Quality Gates Metric Operator Open Issues Is greater than 70 100 Blocker Issues Is greater than 0 Critical Issues Is greater than 0 New Issues Is greater than 0 10 Overall Coverage Is less than 85 80 Unit Test Failures Is greater than 0
- 22. Quality of New Code Tracking quality of code, added in current snapshot Comparison measures for different versions Good for long term projects
- 23. Project Dashboard Issues Coverage Complexity Anything you wantAnother awesome widget Duplications Documentation Useful Info
- 25. Support Team for SonarQube
- 26. Administrator Sonar support and monitoring Sonar upgrade (new version every 2 months) Plugins upgrade (new version every month)
- 27. Dev Sonar Community Working on Rules List Updating Quality Profiles Setting up Dashboards Looking for new Plugins
- 28. Project Teams Update project analysis frequently Monitoring Quality of own project Defining project Quality Gate Voice and discuss all concerns with Sonar Community
- 30. 24/7 monitoring and transparency
- 31. Summary ◉ Start from small: perform analysis ◉ Track code quality everyday ◉ Develop your own standard, or use existing ◉ Organize support process to make SonarQube alive ◉ Transparency 24/7, even for customers
- 32. Questions
- 33. THANKS! Resources ◉ http://sonarqube.org ◉ http://docs.sonarqube.org/display/PLUG/Plugin+Library ◉ https://analysis.apache.org/ Links ◉ https://facebook.com/dmytro.wng ◉ http://slideshare.net/DmytroPatserkovskyi