SonarQube Guy SmithFerrier guyguysmithferriercom httpwwwguysmithferriercom About Author of NET Internationalization Visit httpwwwdotneti18ncom to download the complete source code ID: 595083
Download Presentation The PPT/PDF document "Assessing Code Quality and Technical Deb..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Assessing Code Quality and Technical Debt Using SonarQube
Guy Smith-Ferrier
guy@guysmithferrier.com
http://www.guysmithferrier.comSlide2
About…
Author of .NET Internationalization
Visit http://www.dotneti18n.com to download the complete source code
Author of NCLDRhttp://www.ncldr.comAn open source .NET implementation of CLDRSlide3
AgendaIntroduction to SonarQube
Demo: Installing
SonarQube
Demo: C# Analysis using SonarQubeRule RepositoriesSonarQube, StyleCop, FxCop, Refactoring Essentials, Code Cracker,
ReSharper, NDepend, WintellectDuplicate Rules
Holy Wars
Analyzing
Unit Test Projects
Code Quality ErosionSlide4
SonarQubeAn open source project since 2006SonarSource
formed in 2008
Based on Switzerland
60+ employees (2017)First commercial plugin in 2009700,000 downloads, 140,000 downloads in 201680,000 organisations use SonarQube800+ customers7 customers in Fortune 1047 customers in Fortune 100
60+ open source pluginsSlide5
SonarQube Language SupportActively developed
Java
, C
#, JavaScript, COBOL, C/C++Developed according to demandPL/SQL, PHP, ABAP, VB.NET, Python, RPG, Flex, Objective-C, Swift, Web, CSS, Erlang, Groovy, Lua
, PuppetPlanned for 2017?TypeScript, T-SQLThird PartyClojure
, F#, Perl, RubySlide6
DemoSlide7
Suppressing Rules1. SuppressMessage
attribute
Works in Visual Studio and on the Build Server
Includes an ‘optional’ Justification parameter2. #pragmaWorks in Visual Studio and on the Build ServerNo Justification parameterNot easily trackable3. SonarQube suppressionsHas no effect in Visual Studio
4. ReSharper “disable” commentsOnly affect ReSharperSlide8
SonarQube C# Rules238
rules
Implemented in Roslyn
Rule Help is excellent6 ‘common’ (server-side only) rulesSlide9
(Roslyn) StyleCop187 rules
Implemented in Roslyn
Rule Help is excellentSlide10
‘Classic’ FxCop233 rules
Implemented in Code Analysis in Visual Studio
Errors/warnings appear in Visual Studio’s Error List window
Rules only show in a clean buildSonarLint deletes all non-Roslyn rules from rulesetsImplemented in FxCopCmd.exe on the Build ServerRequires Visual Studio to be installed on the serverFxCop does not always respect SuppressMessages
that include a scopeHigh degree of overlap with SonarQube rulesetSlide11
Roslyn FxCop140 rules
Not all rules ported (e.g. CAS)
Implemented in
RoslynMatch the version of the analyser to the version of Microsoft.CodeAnalysis supported by Visual StudioVisual Studio 2013: Not supportedVisual Studio 2015: Microsoft.CodeAnalysis 1.2Visual Studio 2017:
Microsoft.CodeAnalysis 2.2Spread over 6 NuGet packagesSlide12
Refactoring Essentials168 rulesImplemented in Roslyn
Rule Help is poorSlide13
Code Cracker76 rulesImplemented in Roslyn
Rule Help is
poorSlide14
ReSharper675 rulesImplemented in
ReSharper
Errors / warnings appear in
ReSharper’s dedicated windowImplemented in InspectCode.exe on the Build ServerA free download (see ReSharper Command Line Tools)Rule Help is good
The SonarSource Plugin is no longer availableDownload Greg Bartlett’s replacement from:-https://github.com/GregBartlett/sonar-resharperSlide15
Wintellect Analyzers
14 rules
Implemented in Roslyn
Rule Help is goodSome rules are counted as errorsThe build breaks (even if these rules are disabled)Slide16
NDepend145 rules
Implemented in
NDepend
Errors / warnings appear in NDepend’s dedicated windowImplemented in NDepend’s runner on the Build ServerRequires a separate NDepend “Build Server” licence
Rule Help is available through the NDepend project fileRules cannot be suppressed (yet)Slide17
Duplicate RulesSlide18
.NET Ruleset Inspectorhttps://github.com/GuySmithFerrier/RulesetInspectorSlide19
My Favourite Holy Wars1. var
vs. Explicit Types
2. this vs. not this
3. Tabs vs. spaces4. XML code comments5. Ketchup: in the cupboard or in the fridge?Slide20
Analyzing Unit Test Projects
To analyse or not to analyse?
It’s not production code
It *is* an asset of the companyAnalyse but use a reduced rulesetvia a standard set of suppressionsby disabling rules according to their file pathSlide21
Code Quality ErosionSlide22
Code Quality ErosionSlide23
Information SourcesTwitter
@
SonarSource
, @SonarQube, @SonarLintNewslettershttp://www.sonarsource.com/resources/product-newshttp://www.sonarsource.com/resources/newsletterSupportSonarQube Google Groups
Bug Tracking and Developmenthttp://jira.sonarsource.comSlide24
SummarySonarQube
analyses Code Quality and assesses Technical Debt
SonarQube
exposes statistical data to all stakeholders (not just developers)SonarQube tracks metrics over timeAt least half of the effort spent on SonarQube Administration centres on the socialisation of Code QualitySlide25
It’s More ReadableThere is no such thing as empirically “more readable”
“More readable” only applies to individuals
Code is “more readable” if it looks like what you are used to reading