History & Origin of SonarQube?
Simon Brandhof starts developing the Sonar platform by integrating best-of-breed open source tools for Java. The two of them are joined in September 2007 by Olivier Gaudin, who was enthused by the Sonar platform’s vision and starts contributing to it.
Back in 2007, when first lines of code were created, the founders of SonarQube (originally called Sonar) had a dream to one day provide every developer the ability to measure the code quality of his projects. Their motto: “Continuous Inspection must become mainstream as Continuous Integration”
Covering 27 programming languages, while pairing-up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues and for teams overall to deliver better, safer software. With over 170,000 deployments, helping small development teams as well as global organizations, SonarQube provides the means for all teams and companies, around the world, to own and impact their Code Quality and Security.
Back in 2007, when first lines of code were created, the founders of SonarQube (originally called Sonar) had a dream to one day provide every developer the ability to measure the code quality of his projects. Their motto: “Continuous Inspection must become mainstream as Continuous Integration”.
What is SonarQube?
Overview
Once the SonarQube platform has been installed, you’re ready to install a scanner and begin creating projects. To do that, you must install and configure the scanner that is most appropriate for your needs. Do you build with:
- Gradle – SonarScanner for Gradle
- .NET – SonarScanner for .NET
- Maven – use the SonarScanner for Maven
- Jenkins – SonarScanner for Jenkins
- Azure DevOps – SonarQube Extension for Azure DevOps
- Ant – SonarScanner for Ant
- anything else (CLI) – SonarScanner
Why should we use SonarQube?
How SonarQube works aka SonarQube architecture?
- One SonarQube Server starting 3 main processes:
- Web Server for developers, managers to browse quality snapshots and configure the SonarQube instance
- Search Server based on Elasticsearch to back searches from the UI
- Compute Engine Server in charge of processing code analysis reports and saving them in the SonarQube Database
- One SonarQube Database to store:
- the configuration of the SonarQube instance (security, plugins settings, etc.)
- the quality snapshots of projects, views, etc.
- Multiple SonarQube Plugins installed on the server, possibly including language, SCM, integration, authentication, and governance plugins
- One or more SonarScanners running on your Build / Continuous Integration Servers to analyze projects
Integration
The following schema shows how SonarQube integrates with other ALM tools and where the various components of SonarQube are used.
- Developers code in their IDEs and use SonarLint to run local analysis.
- Developers push their code into their favourite SCM : git, SVN, TFVC, …
- The Continuous Integration Server triggers an automatic build, and the execution of the SonarScanner required to run the SonarQube analysis.
- The analysis report is sent to the SonarQube Server for processing.
- SonarQube Server processes and stores the analysis report results in the SonarQube Database, and displays the results in the UI.
- Developers review, comment, challenge their Issues to manage and reduce their Technical Debt through the SonarQube UI.
- Managers receive Reports from the analysis. Ops use APIs to automate configuration and extract data from SonarQube. Ops use JMX to monitor SonarQube Server.
About Machines and Locations
- The SonarQube Platform cannot have more than one SonarQube Server (although the Server can be installed as a cluster) and one SonarQube Database.
- For optimal performance, each component (server, database, scanners) should be installed on a separate machine, and the server machine(s) should be dedicated.
- SonarScanners scale by adding machines.
- All machines must be time synchronized.
- The SonarQube Server and the SonarQube Database must be located in the same network
- SonarScanners don’t need to be on the same network as the SonarQube Server.
- There is no communication between SonarScanners and the SonarQube Database.
Use case of SonarQube?
SonarQube is used as part of the build process (Continuous Integration and Continuous Delivery) in all Java services to ensure a high quality of code and remove bugs that can be found during static analysis.
SonarQube is a Code Quality Assurance tool that collects and analyzes source code, and provides reports for the code quality of your project. It combines static and dynamic analysis tools and enables quality to be measured continually over time.
- Step 1: Download and Unzip SonarQube. Prerequisites: Java (Oracle JRE11 or OpenJDK 11 minimum) …
- Step 2: Run the SonarQube local server. …
- Step 3: Start a new SonarQube project. …
- Step 4: Setup Project properties and SonarScanner. …
- Step 5: View your analysis report on Sonar Dashboard.
- Run the SonarScanner. …
- Build your project using MSBuild.
- Run your test tool, instructing it to produce a report at the same location specified earlier to the MSBuild SonarQube Runner (How to generate reports with different tools)
- Run the SonarScanner.
Feature and Advantage of using SonarQube
SonarQube platform significantly increases the lifetime of applications by reducing complexities, duplications and potential bugs in the code, by keeping neat and clean code architecture and increased unit tests. SonarQube increases maintainability of the software. It also has the ability to handle changes.
- Sustainability – Reduces complexity, possible vulnerabilities, and code duplications, optimising the life of applications.
- Increase productivity – Reduces the scale, cost of maintenance, and risk of the application; as such, it removes the need to spend more time changing the code.
What is SonarQube and its features?
Best Alternative of SonarQube
Browse options below. Based on reviewer data you can see how SonarQube stacks up to the competition, check reviews from current & previous users in industries like Information Technology and Services, Computer Software, and Financial Services, and find the best product for your business.
- Embold.
- GitHub.
- Coverity.
- Checkmarx.
- Klocwork.
- GitLab.
- Veracode Application Security Platform.
- Kiuwan Code Security & Insights.
Please Click here more Top 10 Alternatives to SonarQube
Best Resources, Tutorials and Guide for SonarQu
Free Video Tutorials of SonarQube
Interview Questions and Answer for SonarQube
Is it right definition of Sonarqube?
SonarQube (formerly Sonar) is a quality management platform focusing on continuous analysis of source code quality.
- YES (Ans)
- NO
Which is not a severities in this list
- Blocker
- Critical
- Major
- Biggest (Ans)
Is it right defintion of SonarQube Scanners?
The SonarQube Scanner is recommended as the default launcher to analyze a project with SonarQube.
- YES (Ans)
- NO
How to extend the functionality of SonarQube?
- Modules
- Plugins (Ans)
- Extension
- Ads on
Which statement is correct?
- Sonar will run CheckStyle, FindBugs and PMD by default for Java projects (Ans)
- Sonar will run Checkmate by default for Java projects
- Sonar will run FindIssue by default for Java projects
- Sonar will run PMDtest by default for Java projects
Which is not a axis of code quality in SonarQube?
- Architecture and Design
- Complexity
- Potential bugs
- Code Coverage (Ans)
What is the prerequisite for SonarQube Installation?
- Java (Ans)
- DOTNET
- JavaScript
- Php
Which is not part of Code Technical Review in SoanrQube?
- Confirm
- Change Severity
- Resolve
- Submited (Ans)
What is not a search criteria for the rules in SonarQube?
- Language
- Type
- Tag
- Develop (Ans)
Which is the not found in sonar-project.properties?
- sonar.projectVersion
- sonar.sources
- sonar.code (Ans)
- sonar.language
Which property should be decalred for SonarQube Project base dir?
- sonar.projectBaseDir (Ans)
- sonar.working.directory
- sonar.basedir
- sonar.projectdir
Which property should be decalred to tell SonarQube which SCM plugin should be used to grab SCM data on the project
- sonar.scm.provider (Ans)
- sonar.scm
- sonar.git
- sonar.version
Which property should be decalred to tell SonarQube log level?
- INFO
- DEBUG
- TRACE
- ERROR (Ans)
Which is not supported Log Level in SonarQube?
- sonar.log.level
- sonar.verbose (Ans)
- sonar.log
- sonar.loglevel
Is it right definition of Code Smell? A maintainability-related issue in the code. Leaving it as-is means that at best maintainers will have a harder time than they should making changes to the code. At worst, they’ll be so confused by the state of the code that they’ll introduce additional errors as they make changes.
- YES (Ans)
- NO
Is it right definition of Coding Rule? A good coding practice. Not complying to coding rules leads to quality flaws and creation of issues in SonarQube. Coding rules can check quality on files, unit tests or packages.
- YES (Ans)
- NO
Is it right definition of Analyzer? A client application that analyzes the source code to compute snapshots.
- YES (Ans)
- NO
Which is not severities in Sonarqube?
- Options
- Blocker
- Major
- Critical
- Issues (Ans)
Is it possible to Copy the rules from one profile to another?
- YES (Ans)
- NOT
Is it possible to Copy a profile from one SonarQube instance to another?
- YES (Ans)
- NOT
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/
My Linkedin - https://www.linkedin.com/in/rajeshkumarin
- Apache Lucene Query Example - April 8, 2024
- Google Cloud: Step by Step Tutorials for setting up Multi-cluster Ingress (MCI) - April 7, 2024
- What is Multi-cluster Ingress (MCI) - April 7, 2024
What is the purpose of this site?