31 – Your code got a B+ – Code Quality with Sonarqube

  • Post author:
  • Post category:Uncategorized

Date:  8/10/2020

 Welcome and greetings

  • I would like to say welcome and thanks for listening to our friends in Warsaw, Poland.

Recap of last episode

  • In our last episode we discussed how to put together and use a Vagrantfile to automatically stand up a server and even use scripting to install software as part of automated server provisioning. 

Summary of this episode

  • In this episode, I will discuss software code quality scanning using Sonarsource’s SonarQube product.
    • I will discuss why it is useful to scan your code for quality.
    • I will discuss the SonarQube tool.
    • I will discuss how I have used it with Jenkins and Bitbucket.
    • I will discuss some of the issues that I have seen in trying to scale the tool to be useful for multiple teams

What’s in it for you?

  • By the end of this episode you should be able to talk about software code quality, why it is important and help direct discussions on this topic in the future.

Episode Content

  • Why scan your code?
    • Scanning your code gives you a good baseline for the quality of your application.
    • A code scan can identify areas that your development staff might need training to bring them into compliance with your companies coding policies and standards.
    • Code Quality can identify areas that your developers need to improve their code for efficiency (i.e. too many nested loops, etc).
    • Code Quality scans provide metrics on the health of your application so that you can make more intelligent decisions regarding your software deployments.
  • What is SonarQube?
    • SonarQube is a product of the vendor Sonarsource
    • It provides the ability to scan your codebase for various categories of items to provide quality metrics on the health of your application.
    • Code scans are performed using quality profiles based on the type of technology (coding language) that it is written in.
    • The quality profiles use rulesets for each coding language to enforce the rules that are associated with the application code.
    • Each ruleset is managed and maintained separately and in our current version only full administrators can make changes to them. 
  • How can I use SonarQube in CI/CD?
    • Sonar has a plugin for Jenkins that allows it to check out the codebase to the Jenkins workspace and then upload it to the Sonar server to run the scan.   it will then publish the results link back to the Jenkins console output.
    • Sonar also has a plugin for Atlassian’s Bitbucket product.  It will publish the results directly into the BitBucket repo that the codebase was checked out of.
    • This allows a developer to check the quality scores without having to log into another tool.
  • What are some of the issues that I should look out for when trying to scale SonarQube for use by multiple teams?
    • As stated in the last section, only full administrators in the version that I have used can make changes to rulesets and quality profiles.  I believe that the vendor has fixed this in newer versions of the product.

Recap of this episode

  • Performing regular code quality scans on your application source code can provide valuable metrics to allow you to track trends in the health of your applications.  This allows you to help your development staff become better at their jobs and help ensure that you are following your company’s policies and standards.  Sonarqube is a tool that can allow you to plug code scanning into your CICD pipelines by using plugins for popular products like Jenkins and Atlasisan’s BitBucket.

I’d like to thank you for joining me in this episode.  

I hope that you found some value in what I covered and if you have suggestions for future topics, please feel free to drop me a message and I’ll be sure to review those to work into the schedule.  

If you enjoy this podcast and the topics I cover, you can help me out by sharing the link with your friends.  You can also give us a like or a thumbs-up where-ever you listen.

Please leave a review on your favorite podcast service as this will help me become better and ensure that I’m providing the value that you are looking for.

Before you leave, don’t forget to subscribe to ensure that you are notified of future episodes.

Next Episode:  

Where you can find us!

Direct Messages:

  • @cs_everhart on Twitter
  • ScottTalksTech group on Facebook
  • ScottTalksTech.slack.com

Links to Podcast Providers: