The question is typically phrased like this: how do I keep developers from checking in bad code? Usually the asker has in mind some automated check that prevents commits of code containing new issues.
Typically, he’s looking for a quick “turn on X” type of response, but the answer is more subtle and more powerful than that. Read the rest of this page »
So there you are: you’ve finally decided to install the SonarQube platform and run a couple of analyses on your projects, but it unveiled so many issues that your team doesn’t know where to start. Don’t be tempted to start fixing issues here and there! It could be an endless effort, and you would quickly be depressed by the amount of work that remains. Instead, the first thing you should do is make sure your development team fixes the leak. Apply this principle from the very beginning, and it will ensure that your code is progressively cleaned up as you update and refactor over time. This new paradigm is so efficient at managing code quality that it just makes the traditional “remediation plan” approach obsolete. Actually, so obsolete that related features will disappear in SonarQube 5.5: action plans and the ability to link an issue to a third party task management system.
Read the rest of this page »
For the last year, we’ve been quietly working to add security-related rules in SonarQube’s language plugins. At September’s SonarQube Geneva User Conference we stopped being quiet about it. Read the rest of this page »
A few months ago, at the end of a customer presentation about “The Code Quality Paradigm Change”, I was approached by an attendee who said, “I have been following SonarQube & SonarSource for the last 4-5 years and I am wondering how I could have missed the stuff you just presented. Where do you publish this kind of information?”. I told him that it was all on our blog and wiki and that I would send him the links. Well…
When I checked a few days later, I realized that actually there wasn’t much available, only bits and pieces such as the 2011 announcement of SonarQube 2.5, the 2013 discussion of how to use the differential dashboard, the 2013 whitepaper on Continuous Inspection, and last year’s announcement of SonarQube 4.3. Well (again)… for a concept that is at the center of the SonarQube 4.x series, that we have presented to every customer and at every conference in the last 3 years, and that we use on a daily basis to support our development at SonarSource, those few mentions aren’t much.
Let me elaborate on this and explain how you can sustainably manage your technical debt, with no pain, no added complexity, no endless battles, and pretty much no cost. Does it sound appealing? Let’s go! Read the rest of this page »
“What is the speed of a caravan in the desert?” Language Team Technical Lead Evgeny Mandrikov posed that question recently to illustrate a point about developer tools. The answer to the caravan question is that it moves at the speed of the slowest camel. He was using the metaphor to illustrate a point about developer tools: a developer can only work at the speed of her slowest tool.
This is one reason developers want – and smart managers buy – machines with fast processors. We like them not just because we’re gear-head (chip-head?) geeks, but because they get us closer to the ability to work at the speed of thought. But what about the other tools? What about the quality tools? Read the rest of this page »
A few weeks ago, I had a passionate debate with my old friend Nicolas Frankel about the usefulness of the code coverage metric. We started on Twitter and then Nicolas wrote a blog entry stating “Your code coverage metric is not meaningful” and so useless. Not only am I thinking exactly the opposite, but I would even say that not tracking the code coverage on new code is almost insane nowadays. Read the rest of this page »
With SonarQube 4.3, the concept formerly known as alerts came into its own. No longer, a subset of Quality Profiles (it was always a slightly awkward fit there), the alert concept has grown up and become Quality Gates. Read the rest of this page »
As a quality-first focus becomes increasingly important in modern software development, more and more developers are asking how to find new issues before they check their code in.
For some of you, it’s a point of pride. For others, it’s a question of keeping management off your back, and for still others it’s simply a matter of not embarrassing yourself publicly. Fortunately, the SonarQube developers (being developers themselves) understand the problem and have come up with three different ways of dealing with it: the Eclipse plugin, the IntelliJ plugin, and the Issues Report plugin. Read the rest of this page »
With the release of SonarQube 4.0, we now have three different paradigms for SonarQube analysis. There’s full analysis, which updates the central database and provides organizational visibility of code quality. There’s preview analysis, which tells you whether the code in question is good enough to move forward with (E. G. merging it into the Git master). And now that SonarQube has the ability to limit preview analysis to only changed files, there’s also incremental preview analysis, or “incremental analysis”.
Let’s talk about when you would use each one. I’ll start with the new guy: incremental analysis. Read the rest of this page »
One of the things I love about SonarQube is that gives you tools to tackle all aspects of your technical debt. I am not just talking here about the Seven Axes of Quality / Seven Deadly Developer Sins. No, what I’m talking about is quality along the axis of time.
Of course SonarQube shows you what’s wrong in the present – from the macro level to the micro. It also reaches back to the past to show you where you’ve come from; start analyzing a new project on day one and you can get a great perspective on how its technical debt has grown (or not) along with its size. But that’s not what I want to talk about today. Today, I want to talk about the future, because SonarQube’s issues workflow can help you manage today’s debt into the future. Read the rest of this page »
