Continuous Code Quality with the sonar ecosystem

Editor's Notes

• #5: Questions in between / Discussion at the end Question: Raise your hand if you are using it?
• #6: Wikipedia: William Thomson, 1st Baron Kelvin, OM, GCVO, PC, FRS, FRSE (/ˈkɛlvɪn/; 26 June 1824 – 17 December 1907) was a Scots-Irish[1][2] mathematical physicist and engineer who was born in Belfast in 1824. At the University of Glasgow he did important work in the mathematical analysis of electricity and formulation of the first and second laws of thermodynamics, and did much to unify the emerging discipline of physics in its modern form.
• #7: Software Product Quality is a multi dimensional concept External factors that directly influence the customer and internal factors that only have an indirect impact And as as software developer you may only have impact on some of these dimensions (e.g. you could write perfect code, but still no one may need your product; i.e. it doesn‘t meet your customers‘ needs)
• #8: Wikipedia: SQALE (Software Quality Assessment based on Lifecycle Expectations) is a method to support the evaluation of a software application source code. It is a generic method, independent of the language and source code analysis tools, licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported license.[1] Software editors can freely use and implement the SQALE method. The SQALE method has been developed to answer a general need for assessing the quality of source code. It is meant to answer fundamental questions such as: What is the quality of the source code delivered by the developers? Is the code changeable, maintainable, portable, reusable? What is the design debt stored up by the project?
• #10: SonarSource: SQALE is primarily about maintainability, but the SQALE quality model also encompasses bugs and vulnerabilities. So those important issues get lost in the crowd. The result is that a project can have blocker-level bugs, but still get an A SQALE rating. For us, that was kinda like seeing a green light at the intersection while cross-traffic is still flowing. Yes, it’s recoverable if you’re paying attention, but still dangerous.
• #12: Wikipedia: The Harvard Mark II was an electromechanical computer built under the direction of Howard Aiken and was finished in 1947. It was financed by the United States Navy.
• #13: Code Complete: industry average 15-50 bugs per 1000 lines of code
• #14: Visual Studio: .Net
• #15: http://www.sonarlint.org/intellij/index.html
• #16: http://www.sonarlint.org/intellij/index.html#Connected
• #17: http://www.sonarlint.org/commandline/index.html
• #18: https://blog.sonarsource.com/putting-it-all-together-end-to-end-quality-with-sonarecosystem/ Fast Feedback
• #19: Unfortunately, there are issues that won’t be raised in SonarLint or by pull request analysis. That’s where you start managing the leak.
• #20: you can also use gradle to achieve this
• #22: https://blog.sonarsource.com/putting-it-all-together-end-to-end-quality-with-sonarecosystem/ Fast Feedback
• #24: I‘ll show you sonarqube 6.3 which is the latest version
• #28: https://blog.sonarsource.com/water-leak-changes-the-game-for-technical-debt-management/
• #36: Wikipedia: Thomas J. McCabe introduced Cyclomatic Complexity in 1976 as a way to guide programmers in writing methods that “are both testable and maintainable”. At SonarSource, we believe Cyclomatic Complexity works very well for measuring testability, but not for maintainability. That’s why we’re introducing Cognitive Complexity, which you’ll begin seeing in upcoming versions of our language analyzers. We’ve designed it to give you a good relative measure of how difficult the control flow of a method is to understand.
• #38: https://blog.sonarsource.com/putting-it-all-together-end-to-end-quality-with-sonarecosystem/ Fast Feedback