SonarQube: Continuous Code Inspection

•Als PPTX, PDF herunterladen•

2 gefällt mir•492 views

This document discusses SonarQube, a tool for continuous code inspection. It begins with an overview of static code analysis and its benefits for organizations. It then covers quality gates and rules for inspection, integration with CI/CD pipelines, and IDE plugins. Static code analysis examines source code to find patterns that could impact security, reliability or maintainability. Quality gates help highlight critical areas for improvement and gauge technical debt over time. SonarQube allows for continuous inspection across multiple languages and frameworks.

Software

Agenda
•Static Code Analysis
•Organizational Benefits
•Quality Gates and Rules
•CI/CD integration
•IDE Code Inspection

Static Code Analysis
The analysis of source code files looking for
commonly occurring patterns that can be
considered harmful to the security, reliability,
and maintainability of programs.

Static Code Analysis
Dynamic Code Analysis occurs during the
running of an application.
•CPU and Memory Profiling
•Network Profiling

Static Code Analysis
SonarSource
SonarQube
SonarLint
SonarCloud

Static Code Analysis
Continuous Inspection
Quality Gates
Multiple Languages
Plug-Ins

Organizational Benefits
Gain Confidence in Your Product
Cost of Technical Debt
Highlight Critical Areas for Improvement

Organizational Benefits
Quality GateOrganization / Project
Issue Types Test
Coverage
Duplicate
Blocks
Lines of
Code
Languages

Organizational Benefits
Cost of Technical Debt
Debt Days * 8 Hours * Hourly Rate

Organizational Benefits
Cost of Technical Debt
31 Days * 8 Hours * Hourly Rate of $50
$12,400

Organizational Benefits
Cost of Technical Debt
768 Days * 8 Hours * Hourly Rate of $100
$614,400

Quality Gates and Rules
SQALE Method
Software Quality Assurance based on Lifecycle
Expectations

Quality Gates and Rules
Characteristics Levels
Testability
Reliability
Changeability
Efficiency
Usability
Security
Maintainability
Portability
Reusability

CI/CD Integration
Build Systems
Maven
Ant
Gradle
MakeFile
MSBuild

CI/CD Integration
CI Engines
Bamboo
Jenkins
Travis CI
Azure DevOps
AppVeyor
TeamCity

IDE Code Inspection
Eclipse IDE
JetBrains IDE (IntelliJ, Resharper Plug-In)
Microsoft Visual Studio
NetBeans IDE (with Plug-Ins)
SonarSource SonarLint Plug-In
More…

Michael Jesse
THANK YOU
Email: michael.jesse@improving.com
Twitter: @michaeljesse73
LinkedIn: www.linkedin.com/in/michaeljesse

Weitere ähnliche Inhalte

Was ist angesagt?

Tracking and improving software quality with SonarQubePatroklos Papapetrou (Pat)

SonarQube Presentation.pptxSatwik Bhupathi Raju

SonarQube - The leading platform for Continuous Code QualityLarry Nung

Managing code quality with SonarQubeRadu Vunvulea

Track code quality with SonarQube - short versionDmytro Patserkovskyi

Track code quality with SonarQubeDmytro Patserkovskyi

Sonar qubepenetration Tester

Java Source Code Analysis using SonarQubeAngelin R

Jenkins with SonarQubeSomkiat Puisungnoen

Code Quality Lightning TalkJonathan Gregory

Sonar Tool - JAVA code analysisPrashant Gupta

Cypress AutomationSusantha Pathirana

SonarPeerapat Asoktummarungsri

Sonar OverviewSamuel Langlois

Sonar ReviewKate Semizhon

CICD with JenkinsVietnam Open Infrastructure User Group

Static code analysis with sonar qubeHayi Nukman

Static Analysis with SonarlintUT, San Antonio

DevSecOps and the CI/CD PipelineJames Wickett

devops Somkiat Puisungnoen

Was ist angesagt? (20)

Tracking and improving software quality with SonarQube

SonarQube Presentation.pptx

SonarQube - The leading platform for Continuous Code Quality

Managing code quality with SonarQube

Track code quality with SonarQube - short version

Track code quality with SonarQube

Sonar qube

Java Source Code Analysis using SonarQube

Jenkins with SonarQube

Code Quality Lightning Talk

Sonar Tool - JAVA code analysis

Cypress Automation

Sonar

Sonar Overview

Sonar Review

CICD with Jenkins

Static code analysis with sonar qube

Static Analysis with Sonarlint

DevSecOps and the CI/CD Pipeline

devops

Ähnlich wie SonarQube: Continuous Code Inspection

Rtc2014 automate the_process_deliver_quality_ady_beleanuAdy Beleanu

Ady beleanu automate-theprocessdeliveryRomania Testing

Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...Swamy Shettru

Introducing: Klocwork Insight Pro | November 2009Klocwork

Agile methods and safety critical software - Peter GardnerAdaCore

How to Avoid Continuously Delivering Faulty SoftwarePerforce

Software development life cycleManindra Simhadri

5 Ways to Accelerate Standards Compliance with Static Code Analysis Perforce

Sw qual joint webinar deck (5)Seapine Software

Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability MatrixSeapine Software

Cognizant's Zero Deviation Life Cycle - an OverviewDr. Bippin Makoond

1Majong DevJfu

Outsourcing: Risk or Possibility?Thomas Peters

Software TestingAnsar Ali

Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeEmerasoft, solutions to collaborate

Aligning Software Testing With Modern Age Development PracticesAspire Systems

How To Avoid Continuously Delivering Faulty SoftwareErika Barron

DevOps introAbdelrhman Shawky

SSE Technical OverviewIBM Rational software

Digital Product SecuritySoftServe

Ähnlich wie SonarQube: Continuous Code Inspection (20)

Rtc2014 automate the_process_deliver_quality_ady_beleanu

Ady beleanu automate-theprocessdelivery

Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...

Introducing: Klocwork Insight Pro | November 2009

Agile methods and safety critical software - Peter Gardner

How to Avoid Continuously Delivering Faulty Software

Software development life cycle

5 Ways to Accelerate Standards Compliance with Static Code Analysis

Sw qual joint webinar deck (5)

Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix

Cognizant's Zero Deviation Life Cycle - an Overview

Outsourcing: Risk or Possibility?

Software Testing

Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype

Aligning Software Testing With Modern Age Development Practices

How To Avoid Continuously Delivering Faulty Software

DevOps intro

SSE Technical Overview

Digital Product Security

Kürzlich hochgeladen

Professional Resume Template for Software DevelopersVinodh Ram

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI

Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531

Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions

The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171

TECUNIQUE: Success Stories: IT Service providermohitmore19

Diamond Application Development Crafting Solutions with PrecisionSolGuruz

Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ

Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812

Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy

Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3

Exploring iOS App Development: Simplifying the ProcessEvangelist Apps https://twitter.com/EvangelistSW/

HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveCall Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

Right Money Management App For Your Financial GoalsJhone kinadey

Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh

why an Opensea Clone Script might be your perfect match.pdfjoe51371421

Project Based Learning (A.I).pptx detail explanationkaushalgiri8080

Kürzlich hochgeladen (20)

Professional Resume Template for Software Developers

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI

Hand gesture recognition PROJECT PPT.pptx

Advancing Engineering with AI through the Next Generation of Strategic Projec...

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

TECUNIQUE: Success Stories: IT Service provider

Diamond Application Development Crafting Solutions with Precision

Cloud Management Software Platforms: OpenStack

Unlocking the Future of AI Agents with Large Language Models

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data

Exploring iOS App Development: Simplifying the Process

HR Software Buyers Guide in 2024 - HRSoftware.com

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Right Money Management App For Your Financial Goals

Der Spagat zwischen BIAS und FAIRNESS (2024)

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...

why an Opensea Clone Script might be your perfect match.pdf

Project Based Learning (A.I).pptx detail explanation

SonarQube: Continuous Code Inspection

1. SonarQube Continuous Code Inspection

2. Agenda •Static Code Analysis •Organizational Benefits •Quality Gates and Rules •CI/CD integration •IDE Code Inspection

3. Static Code Analysis

4. Static Code Analysis The analysis of source code files looking for commonly occurring patterns that can be considered harmful to the security, reliability, and maintainability of programs.

5. Static Code Analysis Dynamic Code Analysis occurs during the running of an application. •CPU and Memory Profiling •Network Profiling

6. Static Code Analysis SonarSource SonarQube SonarLint SonarCloud

7. Static Code Analysis Continuous Inspection Quality Gates Multiple Languages Plug-Ins

8. Organizational Benefits

9. Organizational Benefits Gain Confidence in Your Product Cost of Technical Debt Highlight Critical Areas for Improvement

10. Organizational Benefits Quality GateOrganization / Project Issue Types Test Coverage Duplicate Blocks Lines of Code Languages

11.

12. Organizational Benefits Cost of Technical Debt Debt Days * 8 Hours * Hourly Rate

13. Organizational Benefits Cost of Technical Debt 31 Days * 8 Hours * Hourly Rate of $50 $12,400

14. Organizational Benefits Cost of Technical Debt 768 Days * 8 Hours * Hourly Rate of $100 $614,400

15. Organizational Benefits

16. Organizational Benefits

17. Quality Gates and Rules

18. Quality Gates and Rules SQALE Method

19. Quality Gates and Rules SQALE Method Software Quality Assurance based on Lifecycle Expectations

20. Quality Gates and Rules Characteristics Levels Testability Reliability Changeability Efficiency Usability Security Maintainability Portability Reusability

21. Quality Gates and Rules

22. Quality Gates and Rules

23.

24.

25. CI/CD Integration Build Systems Maven Ant Gradle MakeFile MSBuild

26. CI/CD Integration CI Engines Bamboo Jenkins Travis CI Azure DevOps AppVeyor TeamCity

27. IDE Code Inspection Eclipse IDE JetBrains IDE (IntelliJ, Resharper Plug-In) Microsoft Visual Studio NetBeans IDE (with Plug-Ins) SonarSource SonarLint Plug-In More…

28. Michael Jesse THANK YOU Email: michael.jesse@improving.com Twitter: @michaeljesse73 LinkedIn: www.linkedin.com/in/michaeljesse

Hinweis der Redaktion

This means it performs a code review of the source files. This is not to replace your code review practices. The analysis runs before the application is run and after it was test files created.
SonarQube allows for: Continuous Inspection Quality Gates Supports Multiple Languages Open source, community created plug-ins

SonarQube: Continuous Code Inspection

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie SonarQube: Continuous Code Inspection

Ähnlich wie SonarQube: Continuous Code Inspection (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

SonarQube: Continuous Code Inspection

Hinweis der Redaktion