Scribd Logo
Upload

Welcome to Scribd!

  • 232 views

    Static Analysis Vs Dynamic Analysis: What Is Sonarqube?S

    Uploaded by

    shrinath bhat
    SonarQube is an open source platform for static code analysis. It can analyze code written in many languages, including Java. The main components of SonarQube are the server, database, plugins, and SonarQube scanner. The scanner analyzes projects on CI servers. Developers commit code to repositories, which triggers builds that run the scanner. Analysis reports are sent to the SonarQube server for processing and storage in the database. This allows issues to be viewed and managed through the SonarQube UI.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Static Analysis Vs Dynamic Analysis: What Is Sonarqube?S

    Uploaded by

    shrinath bhat
    232 views3 pages
    SonarQube is an open source platform for static code analysis. It can analyze code written in many languages, including Java. The main components of SonarQube are the server, database, plugins, and SonarQube scanner. The scanner analyzes projects on CI servers. Developers commit code to repositories, which triggers builds that run the scanner. Analysis reports are sent to the SonarQube server for processing and storage in the database. This allows issues to be viewed and managed through the SonarQube UI.

    Original Description:

    kkk

    Original Title

    Sonar

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    SonarQube is an open source platform for static code analysis. It can analyze code written in many languages, including Java. The main components of SonarQube are the server, database, plugins, and SonarQube scanner. The scanner analyzes projects on CI servers. Developers commit code to repositories, which triggers builds that run the scanner. Analysis reports are sent to the SonarQube server for processing and storage in the database. This allows issues to be viewed and managed through the SonarQube UI.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    232 views3 pages

    Static Analysis Vs Dynamic Analysis: What Is Sonarqube?S

    Uploaded by

    shrinath bhat
    SonarQube is an open source platform for static code analysis. It can analyze code written in many languages, including Java. The main components of SonarQube are the server, database, plugins, and SonarQube scanner. The scanner analyzes projects on CI servers. Developers commit code to repositories, which triggers builds that run the scanner. Analysis reports are sent to the SonarQube server for processing and storage in the database. This allows issues to be viewed and managed through the SonarQube UI.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 3

    What is SonarQube?

    s
    SonarQube is an open source platform which is mainly used to perform a static analysis of your source code.
    Besides, although the tool was initially thought for Java projects, it has been extended to accept extensions for other
    programming languages.

    Static Analysis vs Dynamic Analysis


    The static code analysis is the one that is performed without running the software, that is, evaluating the source
    code so that we can obtain information and metrics to improve our code detecting errors as early as possible,
    run the software for the dynamic analysis to check its behaviour at runtime. Besides, we need to pay extra attention
    with the dynamic analysis and have enough test cases -that will help us ensure that a portion of the code has been
    checked and observed- so that the behaviour we test is relevant enough to be able to give the OK to the code.

    Main Features
    The main purpose of this application is to invest in controlling the quality of your software, so that you start analysing
    the code and be able to detect code smells and the main big problems as early as posible to put a solution before
    deploying our code into production and before reaching our customers.

    Sonarqube
    Sonarqube architecture and its usage in Continous Integration.

    The SonarQube Platform is made of 4 components:


    Sonarqube server
     Webserver :Manage to browse quality snapshots and configure the sonarqube server.
     Search server based on Elasticseach to back search from ui.
     Compute engine server in charge of processing code analysis report and saving them in SonarQube
    database.
    Sonarqube database

     Configuration of sonarqube instance (security , plugin setting etc)


     Quality snapshots of projects, view .
    Sonarqube Plugin
    Multiple SonarQube Plugins installed on the server, possibly including language, SCM, integration, authentication,
    and governance plugins
    sonarScanner
    One or more SonarScanners running on your Build / Continuous Integration Servers to analyze project
    Integration

    • Developer push their code into their favourite SCM : git .


    • The continue integration server triggers an automatic build , and the the execution of the sonarScanner required to
    run the sonarqube analysis. • The analysis report is sent to sonarqube server for processing . • Sonarqube server
    process and stores the analysis report result in the sonarqube database and display the result in the UI .

    Sonarqube Scanner metrics details


     Bug An issue that represents something wrong in the code.
     Vulnerability
     Code Smell A maintainability-related issue in the code.
     Security Hotspot A security related issue highlighting a piece of code that uses a security sensitive API .
     Cost see Remediation cost .
     Technical Debt . Issue when a piece of code does not comply with a rule .
     Snapshot A set of measures and issue on a given given project at a given time .

    What is SonarQube
    A:Sonar is a web based code quality analysis tool for Maven based Java projects. It covers a wide area of code
    quality check points which include: Architecture & Design, Complexity, Duplications, Coding Rules, Potential Bugs,
    Unit Test etc.

    Q: Why use SonarQube ?


    A:Sonar covers the 7 sections of code quality

     Architecture and Design


     Unit tests
     Duplicated code
     Potential bugs
     Complex code
     Coding standards
     Comments

    Q: What are the advantages of using SonarQube?


    A:

    2
     SonarQube is open source
     SonarQube supports for various languages like Java, C#
     SonarQube reports for duplicate code, unit testing, code coverage, code complexity historical
     We can integrate SonarQube with build tools like ant, gradle
     SonarQube has Eclipse plugin like Sonarlint
     SonarQube supports external plugins like plugin for ldap

    Q: What are Quality Profiles in SonarQube?


    A: The Quality Profiles service is central to SonarQube, since it is where you define your requirements by defining
    sets of rules

    What is SonarQube ?

    It is an open source platform for Continuous Inspection of code quality.

    At which port sonar server is available by default ?

    9000

    Does SonarQube only analysis java code ?

    No , SonarQube can analysis more than 20 languages.

    In which language SonarQube is written ?

    java

    What are the main components of SonarQube Platform ?

     SonarQube plugin for languages


     SonarQube Scanner
     SonarQube Server
     SonarQube Database

    What is the use of SonarQube Database ?

    SonarQube Database stores configuration of the SonarQube instance like security settings and they also store
    project quality snapshot.

    What is the use of SonarQube Scanners ?

    It analyze projects on Continuous Integration Servers

    Mention basic steps for SonarQube processing ?

     Developer develops code and sends its code into repository system like SCM, git
     An automatic build is fired in Continuous Integration Server and execution of SonarQube Scanner happens
    for SonarQube analysis.
     Report is sent to SonarQube Server for processing.
     SonarQube Server processes the report and stores the analysis report results in the SonarQube Database
    and displays the results in the UI
     Developers review, comment, challenge their Issues to manage and reduce their Technical Debt through the
    SonarQube UI.

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy