Page History

What is SonarQube

SonarQube is a web-based open-source platform used to measure and analyse the quality of source code. Its static code analysis provides insights into code issues and technical debt, helping to assess the code quality in a software project, but also to estimate the remaining effort needed for achieving the production level. SonarQube also helps with tracking code coverage with unit tests. These features reduce the chances of deploying broken or untested code, particularly during the maintenance phase. Use of such a tool helps to identify many bugs and vulnerabilities that would otherwise stay undetected and cause damage. SonarQube’s tracking of quality norms allows enforcing them and making the code more reliable and readable. Readability for its part increases productivity and quality, as developers must read many lines of code before editing one; therefore, making the code easier to read makes it easier to write.

...

• On-demand:
  • The provided software may be a locally stored source code.
  • Code is stored in a Git, Bitbucket or SVN source code repository (including GÉA​NT Gitlab and Bitbucket) and code used by a build management system such as Maven, Gradle, MSBuild or makefile.
• Continuous inspections within a continuous integration and deployment integration (DevOps) lifecycle managed by a tool such as GÉA​NT GitLab (GitLab info), Bamboo, Jenkins (Jenkins info), (details in MANUAL: Adding Software Projects to SonarQube [DRAFT], MANUAL: Continuous Integration Setup with GitLab, Jenkins and SonarQube (Community Edition)). This is the recommended scenario.

...