Assessing Code Quality and Technical Debt Using SonarQube

Slides:



Advertisements
Similar presentations
ACT! “Web” Plugins ACC Webinar (Part 1of 2) Brian Mowka and Jamie Aurand December 2010.
Advertisements

 Copyright 2005 Digital Enterprise Research Institute. All rights reserved. The Web Services Modeling Toolkit Mick Kerrigan.
Marcel de Vries Microsoft MVP and CTO Xpirit SonarQube Community Very important is to support SonarQube tooling for.NET. SonarQube.
Dr. Bill Curtis Director, Consortium for IT Software Quality The Technical Debt Management Cycle: Evaluating the Costs and Risks of IT Assets.
TD Ameritrade IT audit intern Ramez Mina. Position definition Department head  IT audit intern Managers  system analyst and developer to build automated.
Server-Side vs. Client-Side Scripting Languages
Web Sites Testing with Visual Studio Team System Shai Raiten Sela Group
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
University of Southern California Center for Systems and Software Engineering 1 © USC-CSSE Unified CodeCounter (UCC) with Differencing Functionality Marilyn.
How Static Code Analysis can change your life (for the better) Technical overview May 2008.
René Balzano Technology Solution Professional Data Platform Microsoft Switzerland Database Development with SQL Server Data Tools (SSDT)
ECLIPSE IDE N AME : A SHOK P ADMARAJU C OURSE : T OPICS ON S OFTWARE E NGINEERING I NSTRUCTOR : D R. S ERGIU D ASCALU.
Evaluate the Usability of a User Interface Tool or Toolkit Assignment 1 Assignment 1 Evaluate the Usability of a User Interface Tool or Toolkit T. H Ranasinghe.
Introduction to ArcGIS Add-Ins Exercises GIS/LIS Conference, 2014 Rochester, MN.
SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB
Continuous Integration after Hudson, CruiseControl, and Home Built Mile High Agile 2011 – Mark Waite.
ASP.NET 5 Visual Studio Code Bill Wolff July 8, 2015.
CS-0401 INTERMEDIATE PROGRAMMING USING JAVA Prof. Dr. Paulo Brasko Ferreira Fall 2014.
Tulsa SharePoint User Group TulsaSPUG. Agenda Introductions (5 Minutes) Branding Review (25 Minutes) Site Overview (5 Minutes) Office 365 Provisioning.
System & Metode A/S System & Method was established in 1989 IBM Advanced Business Partner Sales directly to customers Sales via partners System implementation.
Title slide to be used at the start of a module. Developing Mobile Apps Roland Guijt
WaveMaker Visual AJAX Studio 4.0 Training Troubleshooting.
An Introduction to ASP.NET Ed Dunhill blogs.msdn.com/edunhill SLIDE7.
Sumedha Rubasinghe October,2009 Introduction to Programming Tools.
Metadata Harvesting The Hague, 13 & 14 January 2009 Julie Verleyen Scientific Coordinator, Europeana Office EuropeanaLocal Knowledge Sharing Workshop.
WaveMaker Visual AJAX Studio 4.0 Training Installation.
StyleCop Breaking down the barriers to entry Gary Ewan Park Twitter: Blog:
The Evils of Copy and Paste Presented by Daniel Daugherty
M1G Introduction to Database Development 6. Building Applications.
Steve Dower Software Engineer Python Tools for Visual Studio.
© BJSS Limited 2005 Commercial in Confidence Visual Studio 2008 Productivity Enhancing Tips and Resources Jeff Watkins – 25 September 2008.
2006 Adobe Systems Incorporated. All Rights Reserved. Designing & Building Structured Business Reports with ColdFusion MX 7 Adam Lehman ColdFusion Specialist.
Productivity with ReSharper Rasmus Kromann-Larsen.
AUIS Assignment 01 IT Part A Visual Studio IDE   Developing IDE from Microsoft.
By Bearzx Dive Into Web Introduction To WEB
Development Overview Pertemuan 11 Matakuliah: T0413 Tahun: 2009.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 PSI/PhUSE Single Day Event – SAS Applications – June 11, 2009 SAS Drug Development from the Inside Magnus Mengelbier Director.
CIS-NG CASREP Information System Next Generation Shawn Baugh Amy Ramirez Amy Lee Alex Sanin Sam Avanessians.
Toni Petrina Microsoft MVP for C# Ekobit d.o.o. Controlling and extending development environment.
Jernej Kavka – Inova IT d.o.o. Visual Studio Everywhere - Linux, OSX (in Windows, se razume)
Anjana & Shankar September,2010 Introduction to Programming Tools.
Programming vs. Packaged
How to convert a Demo to Multi-user
Reports and Translations
PIWIK JUNIOR TIDAL ASSOCIATE PROF., WEB SERVICES & MULTIMEDIA LIBRARIAN NEW YORK CITY COLLEGE OF TECHNOLOGY, CUNY.
Software Analytics Platform
Outline Introduction Programming in eclipse Debugging in eclipse
Basic 1960s It was designed to emphasize ease of use. Became widespread on microcomputers It is relatively simple. Will make it easier for people with.
Outline Introduction Programming in eclipse Debugging in eclipse
Unit Testing with xUnit.net
W3 Status Analyzer.
Modern web tooling in Visual Studio 2015
Introduction to Web programming
The Transition to Modern Office Add-in Development
The Visual Studio .NET IDE Customization and Enhancements
Introduction to ArcGIS Add-Ins
Modern Front-End Web Development with Visual Studio
Developing applications using Chromium
Using PowerShell with Python & SQL Server
SQL Server Integration Services SSIS and PowerShell
Programming vs. Packaged
Dynamics 365 Customer Engagement Deep Dive: Creating a Basic Plug-in
Introduction to Computers and Python
CS105 Introduction to Computer Concepts Intro to programming
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Build /19/2019 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
New JDemetra+ functionalities
Web Application Development Using PHP
Presentation transcript:

Assessing Code Quality and Technical Debt Using SonarQube Guy Smith-Ferrier guy@guysmithferrier.com http://www.guysmithferrier.com

About… Author of .NET Internationalization Author of NCLDR Visit http://www.dotneti18n.com to download the complete source code Author of NCLDR http://www.ncldr.com An open source .NET implementation of CLDR

Agenda Introduction to SonarQube Demo: Installing SonarQube Demo: C# Analysis using SonarQube Rule Repositories SonarQube, StyleCop, FxCop, Refactoring Essentials, Code Cracker, ReSharper, NDepend, Wintellect Duplicate Rules Holy Wars Analyzing Unit Test Projects Code Quality Erosion

SonarQube An open source project since 2006 SonarSource formed in 2008 Based on Switzerland 60+ employees (2017) First commercial plugin in 2009 700,000 downloads, 140,000 downloads in 2016 80,000 organisations use SonarQube 800+ customers 7 customers in Fortune 10 47 customers in Fortune 100 60+ open source plugins

SonarQube Language Support Actively developed Java, C#, JavaScript, COBOL, C/C++ Developed according to demand PL/SQL, PHP, ABAP, VB.NET, Python, RPG, Flex, Objective-C, Swift, Web, CSS, Erlang, Groovy, Lua, Puppet Planned for 2017? TypeScript, T-SQL Third Party Clojure, F#, Perl, Ruby

Demo

Suppressing Rules 1. SuppressMessage attribute 2. #pragma Works in Visual Studio and on the Build Server Includes an ‘optional’ Justification parameter 2. #pragma No Justification parameter Not easily trackable 3. SonarQube suppressions Has no effect in Visual Studio 4. ReSharper “disable” comments Only affect ReSharper

SonarQube C# Rules 238 rules Implemented in Roslyn Rule Help is excellent 6 ‘common’ (server-side only) rules

(Roslyn) StyleCop 187 rules Implemented in Roslyn Rule Help is excellent

‘Classic’ FxCop 233 rules Implemented in Code Analysis in Visual Studio Errors/warnings appear in Visual Studio’s Error List window Rules only show in a clean build SonarLint deletes all non-Roslyn rules from rulesets Implemented in FxCopCmd.exe on the Build Server Requires Visual Studio to be installed on the server FxCop does not always respect SuppressMessages that include a scope High degree of overlap with SonarQube ruleset

Roslyn FxCop 140 rules Implemented in Roslyn Not all rules ported (e.g. CAS) Implemented in Roslyn Match the version of the analyser to the version of Microsoft.CodeAnalysis supported by Visual Studio Visual Studio 2013: Not supported Visual Studio 2015: Microsoft.CodeAnalysis 1.2 Visual Studio 2017: Microsoft.CodeAnalysis 2.2 Spread over 6 NuGet packages

Refactoring Essentials 168 rules Implemented in Roslyn Rule Help is poor

Code Cracker 76 rules Implemented in Roslyn Rule Help is poor

ReSharper 675 rules Implemented in ReSharper Errors / warnings appear in ReSharper’s dedicated window Implemented in InspectCode.exe on the Build Server A free download (see ReSharper Command Line Tools) Rule Help is good The SonarSource Plugin is no longer available Download Greg Bartlett’s replacement from:- https://github.com/GregBartlett/sonar-resharper

Wintellect Analyzers 14 rules Implemented in Roslyn Rule Help is good Some rules are counted as errors The build breaks (even if these rules are disabled)

NDepend 145 rules Implemented in NDepend Errors / warnings appear in NDepend’s dedicated window Implemented in NDepend’s runner on the Build Server Requires a separate NDepend “Build Server” licence Rule Help is available through the NDepend project file Rules cannot be suppressed (yet)

Duplicate Rules SonarQube ReSharper NDepend StyleCop FxCop

.NET Ruleset Inspector https://github.com/GuySmithFerrier/RulesetInspector

My Favourite Holy Wars 1. var vs. Explicit Types 2. this vs. not this 3. Tabs vs. spaces 4. XML code comments 5. Ketchup: in the cupboard or in the fridge?

Analyzing Unit Test Projects To analyse or not to analyse? It’s not production code It *is* an asset of the company Analyse but use a reduced ruleset via a standard set of suppressions by disabling rules according to their file path

Code Quality Erosion

Code Quality Erosion

Information Sources Twitter Newsletters Support @SonarSource, @SonarQube, @SonarLint Newsletters http://www.sonarsource.com/resources/product-news http://www.sonarsource.com/resources/newsletter Support SonarQube Google Groups Bug Tracking and Development http://jira.sonarsource.com

Summary SonarQube analyses Code Quality and assesses Technical Debt SonarQube exposes statistical data to all stakeholders (not just developers) SonarQube tracks metrics over time At least half of the effort spent on SonarQube Administration centres on the socialisation of Code Quality

It’s More Readable There is no such thing as empirically “more readable” “More readable” only applies to individuals Code is “more readable” if it looks like what you are used to reading

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.