SonarQube is a continuous code quality solution created and designed by SonarSource Company in 2006. Currently it has 900+ valuable customers such as Cisco, Samsung, BMW, JP Morgan etc. and 85,000 organizations who are using this product across the world. It’s all started by Freddy mallet with his idea to provide access to code quality management.
How SonarQube dominates its rivals
SonarQube is designed for multi language support with easy installation, less or no configuration for popular build systems, IDEs and CI tools. SonarQube comes with built-in and commercial plugins for Source code management, programming languages, quality gates, security systems etc. SonarQube releases are available as open source and commercial use for extended support.
There are many tools available in software market for static code analysis, however they are behind the SonarQube in providing features like language support, flexible usage, installation and configuration, license cost.
Why it is important for IT firms
The Software Industry is exponentially evolving day to day. Since its invention, the lines of code and business logic functions are increasing rapidly to compete with each other and this leading to un-maintainability of code. Every firm has the following concerns on dealing with its code
- Code maintainability
- Bugs in code
The above mentioned problems can be overcome by practising the static code analysis before releasing the software in the market. In simple terms, static code analysis means, the analysis performed on some version of the source code without actually executing programs. We have several static code analysis solutions available in the market based on particular programming language or supporting multi languages including SonarQube. Some of the well known of them are – IBM Security AppScan, Coverity, AppScreener, HP Fortify Software, Veracode, CPPCheck, FxCop. However none of these tools focused to provide common solution to overcome the above mentioned three major problems.
SonarQube provides the capability to show the overall health of an application on Web dashboard by highlighting the possible code smells and issues with defined quality gates and profiles. By fixing the leaks, software can improve its code quality steadily.
SonarQube can be implemented in Continuous Integration and deployment approach as quality check regulator at all phases of product life cycle.
The DevOps teams in organizations had to ensure the quality and delivery of software was built in efficient way. The DevOps team have many responsibilities and among them is enabling the code quality toll-gate. SonarQube can be implemented at any phase of the DevOps continuous deployment. But what attracts the DevOps to SonarQube
- SonarQube comes with free open source and commercial use based on the company size and requirement.
- Integration with build systems to provide zero-configuration approach. SonarQube has less or no configuration needed for the popular build systems like Maven, Gradle, ANT, MSBuild.
- Easy integration with Continuous Integration engines like Jenkins, TeamCity, Bamboo, Travis CI, VS Team Foundation Server etc.
- Developers can get the code quality metrics in their local environment by using SonarLint installing in IDEs like Eclipse, Visual Studio, Intellij idea.
- Can use SonarQube in Continuous Deployment and Delivery process at any steps of its cycle to promote the build by defining code quality criteria.
- SonarQube comes with built-in features to integrate with authentication and authorization methodologies like Active Directory, Oauth and LDAP.
- SonarQube has built with powerful Rest API to provide web services to cross functional teams.
- The dashboard view to show overall metrics and health of the application like code coverage, lines of code, code issues, analysis per module etc.
SonarQube is a cross platform solution that can be installed on Windows, MacOS, Linux. SonarQube releases its products as LTS (long term support) format with respective documentation and release notes.
SonarQube related references:
Latest Release - https://www.sonarqube.org/downloads/
Plugin Library - https://docs.sonarqube.org/display/PLUG/Plugin+Library
SonarLint - https://www.sonarlint.org/