Presentation is loading. Please wait.

Presentation is loading. Please wait.

Assessing Code Quality and Technical Debt Using SonarQube

Published byMervyn Hopkins Modified over 7 years ago

Similar presentations

Presentation on theme: "Assessing Code Quality and Technical Debt Using SonarQube"— Presentation transcript:

1 Assessing Code Quality and Technical Debt Using SonarQube
Guy Smith-Ferrier

2 About… Author of .NET Internationalization Author of NCLDR
Visit to download the complete source code Author of NCLDR An open source .NET implementation of CLDR

3 Agenda Introduction to SonarQube Demo: Installing SonarQube
Demo: C# Analysis using SonarQube Rule Repositories SonarQube, StyleCop, FxCop, Refactoring Essentials, Code Cracker, ReSharper, NDepend, Wintellect Duplicate Rules Holy Wars Analyzing Unit Test Projects Code Quality Erosion

4 SonarQube An open source project since 2006 SonarSource formed in 2008
Based on Switzerland 60+ employees (2017) First commercial plugin in 2009 700,000 downloads, 140,000 downloads in 2016 80,000 organisations use SonarQube 800+ customers 7 customers in Fortune 10 47 customers in Fortune 100 60+ open source plugins

5 SonarQube Language Support
Actively developed Java, C#, JavaScript, COBOL, C/C++ Developed according to demand PL/SQL, PHP, ABAP, VB.NET, Python, RPG, Flex, Objective-C, Swift, Web, CSS, Erlang, Groovy, Lua, Puppet Planned for 2017? TypeScript, T-SQL Third Party Clojure, F#, Perl, Ruby

6 Demo

7 Suppressing Rules 1. SuppressMessage attribute 2. #pragma
Works in Visual Studio and on the Build Server Includes an ‘optional’ Justification parameter 2. #pragma No Justification parameter Not easily trackable 3. SonarQube suppressions Has no effect in Visual Studio 4. ReSharper “disable” comments Only affect ReSharper

8 SonarQube C# Rules 238 rules Implemented in Roslyn
Rule Help is excellent 6 ‘common’ (server-side only) rules

9 (Roslyn) StyleCop 187 rules Implemented in Roslyn
Rule Help is excellent

10 ‘Classic’ FxCop 233 rules Implemented in Code Analysis in Visual Studio Errors/warnings appear in Visual Studio’s Error List window Rules only show in a clean build SonarLint deletes all non-Roslyn rules from rulesets Implemented in FxCopCmd.exe on the Build Server Requires Visual Studio to be installed on the server FxCop does not always respect SuppressMessages that include a scope High degree of overlap with SonarQube ruleset

11 Roslyn FxCop 140 rules Implemented in Roslyn
Not all rules ported (e.g. CAS) Implemented in Roslyn Match the version of the analyser to the version of Microsoft.CodeAnalysis supported by Visual Studio Visual Studio 2013: Not supported Visual Studio 2015: Microsoft.CodeAnalysis 1.2 Visual Studio 2017: Microsoft.CodeAnalysis 2.2 Spread over 6 NuGet packages

12 Refactoring Essentials
168 rules Implemented in Roslyn Rule Help is poor

13 Code Cracker 76 rules Implemented in Roslyn Rule Help is poor

14 ReSharper 675 rules Implemented in ReSharper
Errors / warnings appear in ReSharper’s dedicated window Implemented in InspectCode.exe on the Build Server A free download (see ReSharper Command Line Tools) Rule Help is good The SonarSource Plugin is no longer available Download Greg Bartlett’s replacement from:-

15 Wintellect Analyzers 14 rules Implemented in Roslyn Rule Help is good
Some rules are counted as errors The build breaks (even if these rules are disabled)

16 NDepend 145 rules Implemented in NDepend
Errors / warnings appear in NDepend’s dedicated window Implemented in NDepend’s runner on the Build Server Requires a separate NDepend “Build Server” licence Rule Help is available through the NDepend project file Rules cannot be suppressed (yet)

17 Duplicate Rules SonarQube ReSharper NDepend StyleCop FxCop

18 .NET Ruleset Inspector

19 My Favourite Holy Wars 1. var vs. Explicit Types 2. this vs. not this
3. Tabs vs. spaces 4. XML code comments 5. Ketchup: in the cupboard or in the fridge?

20 Analyzing Unit Test Projects
To analyse or not to analyse? It’s not production code It *is* an asset of the company Analyse but use a reduced ruleset via a standard set of suppressions by disabling rules according to their file path

21 Code Quality Erosion

22 Code Quality Erosion

23 Information Sources Twitter Newsletters Support
@SonarLint Newsletters Support SonarQube Google Groups Bug Tracking and Development

24 Summary SonarQube analyses Code Quality and assesses Technical Debt
SonarQube exposes statistical data to all stakeholders (not just developers) SonarQube tracks metrics over time At least half of the effort spent on SonarQube Administration centres on the socialisation of Code Quality

25 It’s More Readable There is no such thing as empirically “more readable” “More readable” only applies to individuals Code is “more readable” if it looks like what you are used to reading

Download ppt "Assessing Code Quality and Technical Debt Using SonarQube"

Similar presentations

ACT! “Web” Plugins ACC Webinar (Part 1of 2) Brian Mowka and Jamie Aurand December 2010.

ACT! “Web” Plugins ACC Webinar (Part 1of 2) Brian Mowka and Jamie Aurand December 2010.
 Copyright 2005 Digital Enterprise Research Institute. All rights reserved. www.deri.org The Web Services Modeling Toolkit Mick Kerrigan.

 Copyright 2005 Digital Enterprise Research Institute. All rights reserved. The Web Services Modeling Toolkit Mick Kerrigan.
Marcel de Vries Microsoft MVP and CTO Xpirit SonarQube Community Very important is to support SonarQube tooling for.NET. SonarQube.

Marcel de Vries Microsoft MVP and CTO Xpirit SonarQube Community Very important is to support SonarQube tooling for.NET. SonarQube.
Dr. Bill Curtis Director, Consortium for IT Software Quality The Technical Debt Management Cycle: Evaluating the Costs and Risks of IT Assets.

Dr. Bill Curtis Director, Consortium for IT Software Quality The Technical Debt Management Cycle: Evaluating the Costs and Risks of IT Assets.
TD Ameritrade IT audit intern Ramez Mina. Position definition Department head  IT audit intern Managers  system analyst and developer to build automated.

TD Ameritrade IT audit intern Ramez Mina. Position definition Department head  IT audit intern Managers  system analyst and developer to build automated.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
Web Sites Testing with Visual Studio Team System Shai Raiten Sela Group

Web Sites Testing with Visual Studio Team System Shai Raiten Sela Group
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
University of Southern California Center for Systems and Software Engineering 1 © USC-CSSE Unified CodeCounter (UCC) with Differencing Functionality Marilyn.

University of Southern California Center for Systems and Software Engineering 1 © USC-CSSE Unified CodeCounter (UCC) with Differencing Functionality Marilyn.
How Static Code Analysis can change your life (for the better) Technical overview May 2008.

How Static Code Analysis can change your life (for the better) Technical overview May 2008.
René Balzano Technology Solution Professional Data Platform Microsoft Switzerland Database Development with SQL Server Data Tools (SSDT)

René Balzano Technology Solution Professional Data Platform Microsoft Switzerland Database Development with SQL Server Data Tools (SSDT)
ECLIPSE IDE N AME : A SHOK P ADMARAJU C OURSE : T OPICS ON S OFTWARE E NGINEERING I NSTRUCTOR : D R. S ERGIU D ASCALU.

ECLIPSE IDE N AME : A SHOK P ADMARAJU C OURSE : T OPICS ON S OFTWARE E NGINEERING I NSTRUCTOR : D R. S ERGIU D ASCALU.
Evaluate the Usability of a User Interface Tool or Toolkit Assignment 1 Assignment 1 Evaluate the Usability of a User Interface Tool or Toolkit T. H Ranasinghe.

Evaluate the Usability of a User Interface Tool or Toolkit Assignment 1 Assignment 1 Evaluate the Usability of a User Interface Tool or Toolkit T. H Ranasinghe.
Introduction to ArcGIS Add-Ins Exercises GIS/LIS Conference, 2014 Rochester, MN.

Introduction to ArcGIS Add-Ins Exercises GIS/LIS Conference, 2014 Rochester, MN.
SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB

SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB
Continuous Integration after Hudson, CruiseControl, and Home Built Mile High Agile 2011 – Mark Waite.

Continuous Integration after Hudson, CruiseControl, and Home Built Mile High Agile 2011 – Mark Waite.
ASP.NET 5 Visual Studio Code Bill Wolff July 8, 2015.

ASP.NET 5 Visual Studio Code Bill Wolff July 8, 2015.
CS-0401 INTERMEDIATE PROGRAMMING USING JAVA Prof. Dr. Paulo Brasko Ferreira Fall 2014.

CS-0401 INTERMEDIATE PROGRAMMING USING JAVA Prof. Dr. Paulo Brasko Ferreira Fall 2014.
Tulsa SharePoint User Group TulsaSPUG. Agenda Introductions (5 Minutes) Branding Review (25 Minutes) Site Overview (5 Minutes) Office 365 Provisioning.

Tulsa SharePoint User Group TulsaSPUG. Agenda Introductions (5 Minutes) Branding Review (25 Minutes) Site Overview (5 Minutes) Office 365 Provisioning.
System & Metode A/S System & Method was established in 1989 IBM Advanced Business Partner Sales directly to customers Sales via partners System implementation.

System & Metode A/S System & Method was established in 1989 IBM Advanced Business Partner Sales directly to customers Sales via partners System implementation.

Similar presentations

Ads by Google