SlideShare a Scribd company logo

Continuous inspection with Sonar

G
gaudol

This document summarizes a presentation about continuous inspection and reducing technical debt in software development. It discusses the "7 deadly sins" that can accumulate technical debt, such as duplications, lack of testing, and complexity. It introduces Sonar as a tool to help developers measure and reduce these sins by augmenting their ability to reduce, reuse and recycle source code. The presentation demonstrates Sonar and outlines its future roadmap to expand its rules, metrics, and language support to further help developers improve software quality.

Technology
1 of 35
Downloaded 160 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
JEE Conf Continuous Inspection Fight back the 7 deadly sins of the developer! Olivier Gaudin olivier.gaudin@sonarsource.com @gaudol
Back in old times
The genius
The super hero Au fin fond de l'Univers, à des années et des années-lumière de la Terre, Veille celui que le gouvernement intersidéral appelle quand il n'est plus Capable de trouver une solution à ses problèmes, quand il ne reste plus Aucun espoir : le Capitaine FLAM !
This is my toy
Fear of changes
Industrialisation has entered the game... ● Project under version control ● Project under continuous integration ● Technical and functional traceability
What is the mission of today's developer ? ?
Sustainable development
(Almost) Everything is maintenance ! Creation of an application Maintenance of an application
Nothing is more important than code But source code is nothing alone
Old times are over
Developing for others
Methodology
Transparency
Software factories evolve Makefile Issue Tracker IDE Continuous Refactoring Inspection VI / SCM Continuous Unit Tests Emacs Integration
Pushed by requirements Configuration Manager ● No change should be authorized to production system without being in configuration manager ● The complete version of an application should be found easily in the source control manager
Pushed by requirements Continuous Integration ● Projects in SCM can be built by anybody at any time ● Executing unit tests is part of the build process ● The output of a build is an artifact “ready to be used” ● If one of those requirements is not fulfilled, nothing is more important than fixing it
Pushed by requirements Continuous Inspection ● Any new code should ship with corresponding unit tests ● No new method should exceed a pre-defined level of complexity ● No cycle between packages should be introduced ● ...
BUT... Maturity steps should be followed ● Insuring technical traceability Configuration Manager ● Insuring functional traceability Issue Manager ● Insuring build stability Continuous Integration ● Insuring source code quality Continuous Inspection (Sonar)
The end does not justify the means Doing the right software Doing the software right
What is quality? « A well-written program is a program where the cost of implementing a feature is constant throughout the program's lifetime. » Itay Maman
How to measure quality ?
The technical debt
The 7 deadly sins of the developer Sins Technical Debt
The 7 deadly sins ? Applied to source code ● ? ● ? ● ? ● ? ● ? ● ? ● ?
The 7 deadly sins ? Applied to source code ● Duplications ● Bad distribution of complexity ● Spaghetti Design ● Lack of unit tests ● No coding standards ● Potential bugs ● Not enough or too many comments
The mission of Sonar Declare open the hunt of the developer's 7 deadly sins
The mission of Sonar More seriously Augment everybody's capability to reduce, reuse and recycle source code
Sonar: a reality 6,000+ downloads per month (300 in 2008) 1,300+ subscribers to mailing list 60 plugins in the open source forge 150,000 downloads X?,000 instances in the world
Demo
Sonar is only a tool ! ● What should happen in case new defects are added ? ● How, when and who should make quality standards evolve ? ● How to train new joiners ? ● Any measure reported must be analysed
The « Done, Done, Done, Done » ● Developed ● Tested ● Approved by the « Product Owner » ● Technical debt under control
Roadmap 2012 Review Expand rules Process and metrics Governance dashboards Sonar IDE Quality of Track changes Unit Tests PL/SQL Code Churn Developer Cockpit Sonar-cpd VB .NET ABAP 2.0 C++
Questions & Answers Thank You ! http://www.sonarsource.org http://www.sonarsource.com

More Related Content

PPTX
Sonar Review
Kate Semizhon
 
PPTX
Sonar Overview
Samuel Langlois
 
PDF
Sonar Metrics
Keheliya Gallaba
 
KEY
Unit Testing Your Application
Paladin Web Services
 
PPTX
Track code quality with SonarQube - short version
Dmytro Patserkovskyi
 
PDF
ITAKE Unconference - Holding down your technical debt with Sonarqube
Patroklos Papapetrou (Pat)
 
PDF
Tracking and improving software quality with SonarQube
Patroklos Papapetrou (Pat)
 
PPTX
A year of SonarQube and TFS/VSTS
Matteo Emili
 
Sonar Review
Kate Semizhon
 
Sonar Overview
Samuel Langlois
 
Sonar Metrics
Keheliya Gallaba
 
Unit Testing Your Application
Paladin Web Services
 
Track code quality with SonarQube - short version
Dmytro Patserkovskyi
 
ITAKE Unconference - Holding down your technical debt with Sonarqube
Patroklos Papapetrou (Pat)
 
Tracking and improving software quality with SonarQube
Patroklos Papapetrou (Pat)
 
A year of SonarQube and TFS/VSTS
Matteo Emili
 

What's hot (20)

PDF
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Nexus FrontierTech
 
PPTX
SonarQube: Continuous Code Inspection
Michael Jesse
 
PDF
SonarQube - Should I Stay or Should I Go ?
Geeks Anonymes
 
PPTX
Track code quality with SonarQube
Dmytro Patserkovskyi
 
PDF
Code Review with Sonar
Max Kleiner
 
PDF
SonarQube
Gnanaseelan Jeb
 
PPTX
Sonar qube to impove code quality
Mani Sarkar
 
PPTX
Tracking your Technical Debt with Sonarqube
Puppet
 
PDF
Code Quality Lightning Talk
Jonathan Gregory
 
PDF
Quality Assurance Guidelines
Tim Stribos
 
PPTX
Sonar
prabakaranbrick
 
PDF
Sonar
Peerapat Asoktummarungsri
 
PPTX
Automation and Technical Debt
IBM UrbanCode Products
 
PDF
Static code analysis
Prancer Io
 
PDF
Code Review
Tu Hoang
 
PPT
How to become a testing expert
gaoliang641
 
PDF
Sonarqube
Peerapat Asoktummarungsri
 
PPTX
Code review process with JetBrains UpSource
Oleksii Prohonnyi
 
PDF
Leaning on the two Ts
Mani Sarkar
 
PDF
Java Source Code Analysis using SonarQube
Angelin R
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Nexus FrontierTech
 
SonarQube: Continuous Code Inspection
Michael Jesse
 
SonarQube - Should I Stay or Should I Go ?
Geeks Anonymes
 
Track code quality with SonarQube
Dmytro Patserkovskyi
 
Code Review with Sonar
Max Kleiner
 
SonarQube
Gnanaseelan Jeb
 
Sonar qube to impove code quality
Mani Sarkar
 
Tracking your Technical Debt with Sonarqube
Puppet
 
Code Quality Lightning Talk
Jonathan Gregory
 
Quality Assurance Guidelines
Tim Stribos
 
Sonar
prabakaranbrick
 
Sonar
Peerapat Asoktummarungsri
 
Automation and Technical Debt
IBM UrbanCode Products
 
Static code analysis
Prancer Io
 
Code Review
Tu Hoang
 
How to become a testing expert
gaoliang641
 
Sonarqube
Peerapat Asoktummarungsri
 
Code review process with JetBrains UpSource
Oleksii Prohonnyi
 
Leaning on the two Ts
Mani Sarkar
 
Java Source Code Analysis using SonarQube
Angelin R
 
Ad

Viewers also liked (16)

PPTX
Tech debt will kill us
Julian Warszawski
 
PDF
Análise de qualidade de código com Sonar - Fernando Boaglio
Fernando Boaglio
 
PPT
Maven Overview
FastConnect
 
PPTX
Maven for Dummies
Tomer Gabel
 
PDF
Maven 3 Overview
Mike Ensor
 
PPT
Maven Introduction
Sandeep Chawla
 
PPT
Demystifying Maven
Mike Desjardins
 
PPTX
An Introduction to Maven
Vadym Lotar
 
PDF
Repository Management with JFrog Artifactory
Stephen Chin
 
PDF
Continuous delivery-with-maven
John Ferguson Smart Limited
 
PPTX
Artifactory Docker Integration Webinar
Baruch Sadogursky
 
PDF
Jenkins with SonarQube
Somkiat Puisungnoen
 
KEY
The Technical Debt Trap - Michael "Doc" Norton
LeanDog
 
PPTX
Sonar-Hodson-Maven
Slimen Belhaj Ali
 
PDF
Apache Maven 3
Maxime Gréau
 
PDF
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
Tech debt will kill us
Julian Warszawski
 
Análise de qualidade de código com Sonar - Fernando Boaglio
Fernando Boaglio
 
Maven Overview
FastConnect
 
Maven for Dummies
Tomer Gabel
 
Maven 3 Overview
Mike Ensor
 
Maven Introduction
Sandeep Chawla
 
Demystifying Maven
Mike Desjardins
 
An Introduction to Maven
Vadym Lotar
 
Repository Management with JFrog Artifactory
Stephen Chin
 
Continuous delivery-with-maven
John Ferguson Smart Limited
 
Artifactory Docker Integration Webinar
Baruch Sadogursky
 
Jenkins with SonarQube
Somkiat Puisungnoen
 
The Technical Debt Trap - Michael "Doc" Norton
LeanDog
 
Sonar-Hodson-Maven
Slimen Belhaj Ali
 
Apache Maven 3
Maxime Gréau
 
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
Ad

Similar to Continuous inspection with Sonar (20)

PDF
Sonar
Novencia Groupe
 
PPT
Part5 - enforcing coding standard and best practices with jas forge v1.0
Jasmine Conseil
 
PPTX
Software development lifecycle_release_management
netdbncku
 
PDF
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
PPT
Software Engineering Fundamentals Svetlin Nakov
nazeer pasha
 
PPT
Software Engineering Fundamentals - Svetlin Nakov
Svetlin Nakov
 
PDF
Continuous Inspection: Fight back the 7 deadly sins of a developer!
Sebastian Marek
 
PPT
Softwareengineeringfundamentalssvetlinnakov 1233295163644547-1
gururguru01
 
PPTX
Continuous integration
Nathaniel Richand
 
PPTX
Continuous Integration & the Release Maturity Model
cPrime | Project Management | Agile | Consulting | Staffing | Training
 
PDF
Friday final test
bcoder
 
PDF
It is a sunny day
bcoder
 
PDF
Software Testing and Quality Assurance Assignment 3
Gurpreet singh
 
PPTX
Continuous Integration and development environment approach
Aleksandr Tsertkov
 
PPTX
unit 1.pptx regasts sthatbabs shshsbsvsbsh
sagarjsicg
 
PPTX
Introduction-to-Software-Development.pptx
missionpassed738
 
PPTX
Introduction-to-Software-Development.pptx
missionpassed738
 
PPTX
Blackboard DevCon 2012 - Ensuring Code Quality
Noriaki Tatsumi
 
PPTX
UNIT 1 - MPP.pptxdfvvnfuvbrrujfvbvndvnbn
rachanahrr123
 
DOCX
Software engineering Questions and Answers
Bala Ganesh
 
Sonar
Novencia Groupe
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
Jasmine Conseil
 
Software development lifecycle_release_management
netdbncku
 
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
Software Engineering Fundamentals Svetlin Nakov
nazeer pasha
 
Software Engineering Fundamentals - Svetlin Nakov
Svetlin Nakov
 
Continuous Inspection: Fight back the 7 deadly sins of a developer!
Sebastian Marek
 
Softwareengineeringfundamentalssvetlinnakov 1233295163644547-1
gururguru01
 
Continuous integration
Nathaniel Richand
 
Continuous Integration & the Release Maturity Model
cPrime | Project Management | Agile | Consulting | Staffing | Training
 
Friday final test
bcoder
 
It is a sunny day
bcoder
 
Software Testing and Quality Assurance Assignment 3
Gurpreet singh
 
Continuous Integration and development environment approach
Aleksandr Tsertkov
 
unit 1.pptx regasts sthatbabs shshsbsvsbsh
sagarjsicg
 
Introduction-to-Software-Development.pptx
missionpassed738
 
Introduction-to-Software-Development.pptx
missionpassed738
 
Blackboard DevCon 2012 - Ensuring Code Quality
Noriaki Tatsumi
 
UNIT 1 - MPP.pptxdfvvnfuvbrrujfvbvndvnbn
rachanahrr123
 
Software engineering Questions and Answers
Bala Ganesh
 

Recently uploaded (20)

PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
KodekX | Application Modernization Development
KodekX
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Cloud computing and distributed systems.
kkkkkhan
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 

Continuous inspection with Sonar

  • 1. JEE Conf Continuous Inspection Fight back the 7 deadly sins of the developer! Olivier Gaudin olivier.gaudin@sonarsource.com @gaudol
  • 2. Back in old times
  • 4. The super hero Au fin fond de l'Univers, à des années et des années-lumière de la Terre, Veille celui que le gouvernement intersidéral appelle quand il n'est plus Capable de trouver une solution à ses problèmes, quand il ne reste plus Aucun espoir : le Capitaine FLAM !
  • 7. Industrialisation has entered the game... ● Project under version control ● Project under continuous integration ● Technical and functional traceability
  • 8. What is the mission of today's developer ? ?
  • 10. (Almost) Everything is maintenance ! Creation of an application Maintenance of an application
  • 11. Nothing is more important than code But source code is nothing alone
  • 16. Software factories evolve Makefile Issue Tracker IDE Continuous Refactoring Inspection VI / SCM Continuous Unit Tests Emacs Integration
  • 17. Pushed by requirements Configuration Manager ● No change should be authorized to production system without being in configuration manager ● The complete version of an application should be found easily in the source control manager
  • 18. Pushed by requirements Continuous Integration ● Projects in SCM can be built by anybody at any time ● Executing unit tests is part of the build process ● The output of a build is an artifact “ready to be used” ● If one of those requirements is not fulfilled, nothing is more important than fixing it
  • 19. Pushed by requirements Continuous Inspection ● Any new code should ship with corresponding unit tests ● No new method should exceed a pre-defined level of complexity ● No cycle between packages should be introduced ● ...
  • 20. BUT... Maturity steps should be followed ● Insuring technical traceability Configuration Manager ● Insuring functional traceability Issue Manager ● Insuring build stability Continuous Integration ● Insuring source code quality Continuous Inspection (Sonar)
  • 21. The end does not justify the means Doing the right software Doing the software right
  • 22. What is quality? « A well-written program is a program where the cost of implementing a feature is constant throughout the program's lifetime. » Itay Maman
  • 23. How to measure quality ?
  • 25. The 7 deadly sins of the developer Sins Technical Debt
  • 26. The 7 deadly sins ? Applied to source code ● ? ● ? ● ? ● ? ● ? ● ? ● ?
  • 27. The 7 deadly sins ? Applied to source code ● Duplications ● Bad distribution of complexity ● Spaghetti Design ● Lack of unit tests ● No coding standards ● Potential bugs ● Not enough or too many comments
  • 28. The mission of Sonar Declare open the hunt of the developer's 7 deadly sins
  • 29. The mission of Sonar More seriously Augment everybody's capability to reduce, reuse and recycle source code
  • 30. Sonar: a reality 6,000+ downloads per month (300 in 2008) 1,300+ subscribers to mailing list 60 plugins in the open source forge 150,000 downloads X?,000 instances in the world
  • 31. Demo
  • 32. Sonar is only a tool ! ● What should happen in case new defects are added ? ● How, when and who should make quality standards evolve ? ● How to train new joiners ? ● Any measure reported must be analysed
  • 33. The « Done, Done, Done, Done » ● Developed ● Tested ● Approved by the « Product Owner » ● Technical debt under control
  • 34. Roadmap 2012 Review Expand rules Process and metrics Governance dashboards Sonar IDE Quality of Track changes Unit Tests PL/SQL Code Churn Developer Cockpit Sonar-cpd VB .NET ABAP 2.0 C++
  • 35. Questions & Answers Thank You ! http://www.sonarsource.org http://www.sonarsource.com