SlideShare a Scribd company logo

Tracking and improving software quality with SonarQube

Patroklos Papapetrou (Pat), profile picture
Patroklos Papapetrou (Pat)

This document discusses code quality and the software analysis tool SonarQube. It begins with an introduction to the author and an overview of topics to be covered, including code quality principles, measuring quality, and technical debt. It then demonstrates how SonarQube can help development teams continuously measure and improve their code quality across seven key dimensions. The document concludes by emphasizing the importance of ongoing code quality management.

Technology
Related topics:
Technical Debt Insights
1 of 25
Downloaded 1,098 times
1
2
3
4
5
Most read
6
Most read
7
Most read
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Tracking and improving software quality with Sonar(Qube)
SonarQube and me (Patroklos Papapetrou) ● 15 years experience in software engineering ● Agile team leader ● Active member of the SonarQube user and development list ● SonarQube plugins contributor ● Addicted to software quality and Continuous Inspection ● Co-author of SonarQube in Action
Overview ● Code quality (what, why and when) ● The 7 Axes of quality and the Technical Debt ● SonarQube introduction ● SonarQube to the rescue (demo time)
private String _ugly_name; private String ANOTHER_$UGLY___NAME; private static String am_i_static; public void please_work(ArrayList objects){ for (Object object : objects){ if (object == null){ String toString = object.toString(); } else am_i_static = object.toString(); doSomething(object); } } private void doSomething(Object object) throws NullPointerException { throw new NullPointerException(object. toString()); }
What is code quality?
What is code quality? “It’s an indicator about how quickly developers can add business value to a software system”
Why measure? ● Source code is the heart of each system ● Developers don’t write new software. They maintain “legacy” systems ● A system is (almost) never “finished” ● You can’t improve if you don’t measure ● Broken window theory
The broken windows theory
When you should measure? ● From project day #0 ● Continuously ● Prevent vs post-actions ● Prioritize and plan
What you should measure? ● Not just abstract numbers ● Evolution through time ● Metrics? ● Welcome to the 7 deadly sins of devs
The seven axes of quality
Co xi e pl ty Tes t m ver Co age The seven axes of quality l Bugs a otenti P ation up D ment o ati lic ns Docu Architecture & Design Technical Debt Co din g Ru les
Technical Debt “If the debt grows large enough, eventually the company will spend more on servicing its debt than it invests in increasing the value of its other assets” Steve McConnell (author of code complete)
This is your source code when you don’t pay your technical debt
“Good” & “Bad” Technical Debt
How to deal with Technical Debt
What SonarQube is / does ● Free & open source “Code Quality Platform” ● Provides moment-in-time quality snapshots ● Gives trends of lagging and leading indicators ● Tracks developers’ seven deadly sins (seven axes of quality )
How does it work? ● Analyzes source code and byte code ● Computes hundreds of metrics ● Associates metrics with analysis snapshots ● Shows the results in dashboards and widgets accessible by any browser
SonarQube for everything ● Initially developed only for Java projects ● Today supports over twenty languages Commercial : ABAP, C, C++, Cobol, Natural, PL/SQL, Visual Basic Open Source : C++, C#, Flex, Groovy, Android, Javascript, PHP, Python, XML, Web(xhtml, jsp , jsf, )
… and for everyone For developers. Is my code “good”? How can I improve it? For testers / QA staff. Which parts of the system lack unit testing? For architects. Is the initial design “broken”? How about complexity? For managers. Give me the numbers!! Are we going up or down?
Managing code quality ● Dashboards ● Historical data ● Differential views ● Compare service ● Code reviews ● Action plans
Managing code quality DEMO TIME
The big picture ● Track and reduce Technical Debt on an ongoing basis. (Clean up kitchen every day) ● Engage all developers from project day #1 (Not only mums wash the dishes) ● Get alerted when Technical debt is beyond a threshold (when someone is leaving the kitchen in a mess)
I have a dream… ...that one day code quality management will be as much as important and essential is today source code management
Thank you Patroklos Papapetrou @ppapapetrou76 http://www.linkedin.com/in/ppapapetrou

More Related Content

PPTX
Track code quality with SonarQube - short version
Dmytro Patserkovskyi
 
PPTX
SonarQube - The leading platform for Continuous Code Quality
Larry Nung
 
PDF
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Nexus FrontierTech
 
PDF
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
PPTX
Track code quality with SonarQube
Dmytro Patserkovskyi
 
PPTX
Sonarqube
Kalkey
 
PPTX
SonarQube: Continuous Code Inspection
Michael Jesse
 
PPTX
Sonarlint
penetration Tester
 
Track code quality with SonarQube - short version
Dmytro Patserkovskyi
 
SonarQube - The leading platform for Continuous Code Quality
Larry Nung
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Nexus FrontierTech
 
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
Track code quality with SonarQube
Dmytro Patserkovskyi
 
Sonarqube
Kalkey
 
SonarQube: Continuous Code Inspection
Michael Jesse
 
Sonarlint
penetration Tester
 

What's hot (20)

PDF
Sonarqube
Peerapat Asoktummarungsri
 
PDF
SonarQube - Should I Stay or Should I Go ?
Geeks Anonymes
 
PDF
SonarQube
Gnanaseelan Jeb
 
PPTX
SonarQube Presentation.pptx
Satwik Bhupathi Raju
 
PDF
Java Source Code Analysis using SonarQube
Angelin R
 
PPT
SonarQube Overview
Ahmed M. Gomaa
 
PPTX
Introduction to CI/CD
Steve Mactaggart
 
PDF
Introduction to CICD
Knoldus Inc.
 
ODP
An Introduction To Jenkins
Knoldus Inc.
 
PDF
The story of SonarQube told to a DevOps Engineer
Manu Pk
 
PDF
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
Edureka!
 
PPTX
CI/CD
AmitDhodi
 
PPTX
Sonar Review
Kate Semizhon
 
PPTX
CI/CD Overview
An Nguyen
 
PPTX
Jenkins CI presentation
Jonathan Holloway
 
PDF
Sonar
Peerapat Asoktummarungsri
 
PDF
DevOps
ARYA TM
 
PPT
Jenkins Overview
Ahmed M. Gomaa
 
PPTX
Jenkins CI
Viyaan Jhiingade
 
PPTX
Sonar qube
penetration Tester
 
Sonarqube
Peerapat Asoktummarungsri
 
SonarQube - Should I Stay or Should I Go ?
Geeks Anonymes
 
SonarQube
Gnanaseelan Jeb
 
SonarQube Presentation.pptx
Satwik Bhupathi Raju
 
Java Source Code Analysis using SonarQube
Angelin R
 
SonarQube Overview
Ahmed M. Gomaa
 
Introduction to CI/CD
Steve Mactaggart
 
Introduction to CICD
Knoldus Inc.
 
An Introduction To Jenkins
Knoldus Inc.
 
The story of SonarQube told to a DevOps Engineer
Manu Pk
 
CI CD Pipeline Using Jenkins | Continuous Integration and Deployment | DevOps...
Edureka!
 
CI/CD
AmitDhodi
 
Sonar Review
Kate Semizhon
 
CI/CD Overview
An Nguyen
 
Jenkins CI presentation
Jonathan Holloway
 
Sonar
Peerapat Asoktummarungsri
 
DevOps
ARYA TM
 
Jenkins Overview
Ahmed M. Gomaa
 
Jenkins CI
Viyaan Jhiingade
 
Sonar qube
penetration Tester
 
Ad

Similar to Tracking and improving software quality with SonarQube (20)

PDF
ITAKE Unconference - Holding down your technical debt with Sonarqube
Patroklos Papapetrou (Pat)
 
PDF
Patroklos Papapetrou: Holding Down Your Technical Debt With SonarQube at I T....
Mozaic Works
 
DOCX
What is SonarQube in DevOps.docx
DevOps University
 
PDF
Code Quality Lightning Talk
Jonathan Gregory
 
PPTX
postgres.pptx
ssuserf111e7
 
PPTX
Test driven development with sonarQube
Nanthakumar Suvethan
 
PPTX
mastering-code-quality-an-in-depth-guide-to-sonarqube.pptx
PawanKumarJaiswal6
 
PPTX
Tracking your Technical Debt with Sonarqube
Puppet
 
PPTX
A year of SonarQube and TFS/VSTS
Matteo Emili
 
PDF
Control source code quality using the SonarQube platform
PVS-Studio
 
PPTX
SonarQube.pptx
YASHWANTHGANESH1
 
PPTX
mydevops.pptx
ssuserf111e7
 
PPTX
Sonar qube to impove code quality
Mani Sarkar
 
PPTX
postdev.pptx
ssuserf111e7
 
PDF
Sonar In Action 20110302-vn
Arnaud Héritier
 
PDF
Quality Metrics: The Dirty Word in the Room
Josiah Renaudin
 
PPT
CiklumJavaSat15112011:Alexey Trusov-Code quality management
Ciklum Ukraine
 
PDF
Continuous inspection with Sonar
gaudol
 
PDF
Ady beleanu automate-theprocessdelivery
Romania Testing
 
PDF
Rtc2014 automate the_process_deliver_quality_ady_beleanu
Ady Beleanu
 
ITAKE Unconference - Holding down your technical debt with Sonarqube
Patroklos Papapetrou (Pat)
 
Patroklos Papapetrou: Holding Down Your Technical Debt With SonarQube at I T....
Mozaic Works
 
What is SonarQube in DevOps.docx
DevOps University
 
Code Quality Lightning Talk
Jonathan Gregory
 
postgres.pptx
ssuserf111e7
 
Test driven development with sonarQube
Nanthakumar Suvethan
 
mastering-code-quality-an-in-depth-guide-to-sonarqube.pptx
PawanKumarJaiswal6
 
Tracking your Technical Debt with Sonarqube
Puppet
 
A year of SonarQube and TFS/VSTS
Matteo Emili
 
Control source code quality using the SonarQube platform
PVS-Studio
 
SonarQube.pptx
YASHWANTHGANESH1
 
mydevops.pptx
ssuserf111e7
 
Sonar qube to impove code quality
Mani Sarkar
 
postdev.pptx
ssuserf111e7
 
Sonar In Action 20110302-vn
Arnaud Héritier
 
Quality Metrics: The Dirty Word in the Room
Josiah Renaudin
 
CiklumJavaSat15112011:Alexey Trusov-Code quality management
Ciklum Ukraine
 
Continuous inspection with Sonar
gaudol
 
Ady beleanu automate-theprocessdelivery
Romania Testing
 
Rtc2014 automate the_process_deliver_quality_ady_beleanu
Ady Beleanu
 
Ad

More from Patroklos Papapetrou (Pat) (8)

PDF
Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller
Patroklos Papapetrou (Pat)
 
PDF
The Art of Software Gardening
Patroklos Papapetrou (Pat)
 
PDF
Boost your development speed - ITAKE Unconference
Patroklos Papapetrou (Pat)
 
ODP
Thessaloniki rb-24
Patroklos Papapetrou (Pat)
 
PPT
Continous integration with jenkins
Patroklos Papapetrou (Pat)
 
PPTX
Sonar platform
Patroklos Papapetrou (Pat)
 
PPS
Thessaloniki through history with images
Patroklos Papapetrou (Pat)
 
PDF
J2EE Introduction
Patroklos Papapetrou (Pat)
 
Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller
Patroklos Papapetrou (Pat)
 
The Art of Software Gardening
Patroklos Papapetrou (Pat)
 
Boost your development speed - ITAKE Unconference
Patroklos Papapetrou (Pat)
 
Thessaloniki rb-24
Patroklos Papapetrou (Pat)
 
Continous integration with jenkins
Patroklos Papapetrou (Pat)
 
Sonar platform
Patroklos Papapetrou (Pat)
 
Thessaloniki through history with images
Patroklos Papapetrou (Pat)
 
J2EE Introduction
Patroklos Papapetrou (Pat)
 

Recently uploaded (20)

PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Cloud computing and distributed systems.
kkkkkhan
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Teaching material agriculture food technology
LiaRayya
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Encapsulation theory and applications.pdf
gurumoop
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 

Tracking and improving software quality with SonarQube

  • 1. Tracking and improving software quality with Sonar(Qube)
  • 2. SonarQube and me (Patroklos Papapetrou) ● 15 years experience in software engineering ● Agile team leader ● Active member of the SonarQube user and development list ● SonarQube plugins contributor ● Addicted to software quality and Continuous Inspection ● Co-author of SonarQube in Action
  • 3. Overview ● Code quality (what, why and when) ● The 7 Axes of quality and the Technical Debt ● SonarQube introduction ● SonarQube to the rescue (demo time)
  • 4. private String _ugly_name; private String ANOTHER_$UGLY___NAME; private static String am_i_static; public void please_work(ArrayList objects){ for (Object object : objects){ if (object == null){ String toString = object.toString(); } else am_i_static = object.toString(); doSomething(object); } } private void doSomething(Object object) throws NullPointerException { throw new NullPointerException(object. toString()); }
  • 5. What is code quality?
  • 6. What is code quality? “It’s an indicator about how quickly developers can add business value to a software system”
  • 7. Why measure? ● Source code is the heart of each system ● Developers don’t write new software. They maintain “legacy” systems ● A system is (almost) never “finished” ● You can’t improve if you don’t measure ● Broken window theory
  • 9. When you should measure? ● From project day #0 ● Continuously ● Prevent vs post-actions ● Prioritize and plan
  • 10. What you should measure? ● Not just abstract numbers ● Evolution through time ● Metrics? ● Welcome to the 7 deadly sins of devs
  • 11. The seven axes of quality
  • 12. Co xi e pl ty Tes t m ver Co age The seven axes of quality l Bugs a otenti P ation up D ment o ati lic ns Docu Architecture & Design Technical Debt Co din g Ru les
  • 13. Technical Debt “If the debt grows large enough, eventually the company will spend more on servicing its debt than it invests in increasing the value of its other assets” Steve McConnell (author of code complete)
  • 14. This is your source code when you don’t pay your technical debt
  • 15. “Good” & “Bad” Technical Debt
  • 16. How to deal with Technical Debt
  • 17. What SonarQube is / does ● Free & open source “Code Quality Platform” ● Provides moment-in-time quality snapshots ● Gives trends of lagging and leading indicators ● Tracks developers’ seven deadly sins (seven axes of quality )
  • 18. How does it work? ● Analyzes source code and byte code ● Computes hundreds of metrics ● Associates metrics with analysis snapshots ● Shows the results in dashboards and widgets accessible by any browser
  • 19. SonarQube for everything ● Initially developed only for Java projects ● Today supports over twenty languages Commercial : ABAP, C, C++, Cobol, Natural, PL/SQL, Visual Basic Open Source : C++, C#, Flex, Groovy, Android, Javascript, PHP, Python, XML, Web(xhtml, jsp , jsf, )
  • 20. … and for everyone For developers. Is my code “good”? How can I improve it? For testers / QA staff. Which parts of the system lack unit testing? For architects. Is the initial design “broken”? How about complexity? For managers. Give me the numbers!! Are we going up or down?
  • 21. Managing code quality ● Dashboards ● Historical data ● Differential views ● Compare service ● Code reviews ● Action plans
  • 23. The big picture ● Track and reduce Technical Debt on an ongoing basis. (Clean up kitchen every day) ● Engage all developers from project day #1 (Not only mums wash the dishes) ● Get alerted when Technical debt is beyond a threshold (when someone is leaving the kitchen in a mess)
  • 24. I have a dream… ...that one day code quality management will be as much as important and essential is today source code management