SlideShare uma empresa Scribd logo

Static code analysis with sonar qube

Transferir como PPTX, PDF
Hayi Nukman
Hayi Nukman

Static Code Analysis with Sonar Qube for Maven and Gradle Projects.

Tecnologia
1 de 23
Static Code Analysis with SonarQube hayi.nkm - Software Engineer in Test
“All code is guilty, until proven innocent.”– Anonymous
Static Analysis Static analysis or also known as Static Code Analysis is a process to analyze the source code of a software without running the software itself. Static Analysis are generally used by developers as part of the development and component testing process.
Benefits... Detecting the possible bugs on your code (crash, memory leak, stack overflow, buffer overflow, etc), Find any vulnerabilities in the corner of your applications (clumsy developer miss), Finding possible wrong logic and any bad practice on your project, Finding areas of the code that may need more testing or deeper review,
Benefits… (cont) Finding duplicate code which is could be moved into another methods to reduce code complexity, Identifying design issues such as Cyclomatic Complexity and helping reduce the code complexity improve maintainability, Identifying potential software quality issues before the code moves to production.
Sonar Qube
Architecture... img src: http://tech.gaeatimes.com
Setting up SQ Server. (Mac) $ brew install sonar
Setting up SQ Server. (Linux) # download SonarQube $ wget http://dist.sonar.codehaus.org/sonarqube-5.X.zip # Unzip and move file into /opt/ $ unzip sonarqube-5.X.zip $ mv sonarqube-5.X /opt/sonar
Setting up Databases (MySQL) $ mysql -u root -p CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci; CREATE USER 'sonar' IDENTIFIED BY 'sonar'; GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar'; GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar'; FLUSH PRIVILEGES;
Connect SQ to Databases Open /opt/sonar/conf/sonar.properties sonar.jdbc.username=sonar sonar.jdbc.password=sonar sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&c haracterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=max Performance
Setting up web server. Open /opt/sonar/conf/sonar.properties sonar.web.host=127.0.0.1 sonar.web.context=/sonar sonar.web.port=9000
Starting sonar... $ sonar start Or $ sudo sonar start
Analyzing Maven Projects Gradle Projects
Maven
Setting up Maven. Edit the settings.xml file, located in $MAVEN_HOME/conf or ~/.m2 <settings> <pluginGroups><pluginGroup>org.sonarsource.scanner.maven</pluginGroup></pluginGroups> <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url>http://myserver:9000</sonar.host.url> </properties> </profile> </profiles> </settings>
Analyzing Maven Projects $ mvn clean verify sonar:sonar ## In some cases: $ mvn clean install $ mvn sonar:sonar
Gradle
Setting up Gradle Projects Add this line into build.gradle plugins { id "org.sonarqube" version "1.2" } apply plugin: "org.sonarqube" sonarqube { properties { property "sonar.host.url", "http://myserver:9000" property "sonar.sourceEncoding", "UTF-8" property "sonar.language", "java" property "sonar.profile", "Android Lint" property "sonar.projectKey","PROJECT-KEY" property "sonar.projectName","PROJECT_NAME" property "sonar.projectVersion","VERSION" property "sonar.java.source", "1.7" property "sonar.sources", "./" } }
Analyzing Gradle Project $ ./gradlew clean check sonarqube
Sample Reports
Sample Reports.
Thank you…. Image credits: www.sonarqube.org http://tech.gaeatimes.com

Recomendados

Jenkins with SonarQube
Jenkins with SonarQubeJenkins with SonarQube
Jenkins with SonarQube
Somkiat Puisungnoen
 
Sonarqube
SonarqubeSonarqube
Sonarqube
Kalkey
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQube
Dmytro Patserkovskyi
 
Sonarqube
SonarqubeSonarqube
Sonarqube
Peerapat Asoktummarungsri
 
Sonar qube
Sonar qubeSonar qube
Sonar qube
penetration Tester
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code Inspection
Michael Jesse
 
SonarQube
SonarQubeSonarQube
SonarQube
Gnanaseelan Jeb
 

Recomendados

Jenkins with SonarQube
Jenkins with SonarQubeJenkins with SonarQube
Jenkins with SonarQube
Somkiat Puisungnoen
 
Sonarqube
SonarqubeSonarqube
Sonarqube
Kalkey
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQube
Dmytro Patserkovskyi
 
Sonarqube
SonarqubeSonarqube
Sonarqube
Peerapat Asoktummarungsri
 
Sonar qube
Sonar qubeSonar qube
Sonar qube
penetration Tester
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code Inspection
Michael Jesse
 
SonarQube
SonarQubeSonarQube
SonarQube
Gnanaseelan Jeb
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
Obika Gellineau
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube Overview
Ahmed M. Gomaa
 
Sonar Review
Sonar ReviewSonar Review
Sonar Review
Kate Semizhon
 
SonarQube Presentation.pptx
SonarQube Presentation.pptxSonarQube Presentation.pptx
SonarQube Presentation.pptx
Satwik Bhupathi Raju
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQube
Patroklos Papapetrou (Pat)
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps Engineer
Manu Pk
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Nexus FrontierTech
 
DevOps overview 2019-04-13 Nelkinda April Meetup
DevOps overview 2019-04-13 Nelkinda April MeetupDevOps overview 2019-04-13 Nelkinda April Meetup
DevOps overview 2019-04-13 Nelkinda April Meetup
Shweta Sadawarte
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning Talk
Jonathan Gregory
 
Java Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeJava Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQube
Angelin R
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code Quality
Larry Nung
 
"DevOps > CI+CD "
"DevOps > CI+CD ""DevOps > CI+CD "
"DevOps > CI+CD "
Innovation Roots
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short version
Dmytro Patserkovskyi
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
Annyce Davis
 
Azure DevOps CI/CD For Beginners
Azure DevOps CI/CD For BeginnersAzure DevOps CI/CD For Beginners
Azure DevOps CI/CD For Beginners
Rahul Nath
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ?
Geeks Anonymes
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introduction
Stefan Streichsbier
 
Introduction to DevOps | Edureka
Introduction to DevOps | EdurekaIntroduction to DevOps | Edureka
Introduction to DevOps | Edureka
Edureka!
 
Code Review Gerrittel
Code Review GerrittelCode Review Gerrittel
Code Review Gerrittel
Zsolt Huba
 
Continous Integration and Deployment
Continous Integration and DeploymentContinous Integration and Deployment
Continous Integration and Deployment
Károly Nagy
 

Mais conteúdo relacionado

Mais procurados

Introduction to DevOps | Edureka
Introduction to DevOps | EdurekaIntroduction to DevOps | Edureka
Introduction to DevOps | Edureka
Edureka!
 

Mais procurados (20)

Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube Overview
 
Sonar Review
Sonar ReviewSonar Review
Sonar Review
 
SonarQube Presentation.pptx
SonarQube Presentation.pptxSonarQube Presentation.pptx
SonarQube Presentation.pptx
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQube
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps Engineer
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
 
DevOps overview 2019-04-13 Nelkinda April Meetup
DevOps overview 2019-04-13 Nelkinda April MeetupDevOps overview 2019-04-13 Nelkinda April Meetup
DevOps overview 2019-04-13 Nelkinda April Meetup
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning Talk
 
Java Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeJava Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQube
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code Quality
 
"DevOps > CI+CD "
"DevOps > CI+CD ""DevOps > CI+CD "
"DevOps > CI+CD "
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short version
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
 
Azure DevOps CI/CD For Beginners
Azure DevOps CI/CD For BeginnersAzure DevOps CI/CD For Beginners
Azure DevOps CI/CD For Beginners
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ?
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introduction
 
Introduction to DevOps | Edureka
Introduction to DevOps | EdurekaIntroduction to DevOps | Edureka
Introduction to DevOps | Edureka
 

Destaque

Code Review Gerrittel
Code Review GerrittelCode Review Gerrittel
Code Review Gerrittel
Zsolt Huba
 
Continous Integration and Deployment
Continous Integration and DeploymentContinous Integration and Deployment
Continous Integration and Deployment
Károly Nagy
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
Rune Sundling
 

Destaque (7)

Code Review Gerrittel
Code Review GerrittelCode Review Gerrittel
Code Review Gerrittel
 
Continous Integration and Deployment
Continous Integration and DeploymentContinous Integration and Deployment
Continous Integration and Deployment
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysis
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
 
Static Analysis and Code Optimizations in Glasgow Haskell Compiler
Static Analysis and Code Optimizations in Glasgow Haskell CompilerStatic Analysis and Code Optimizations in Glasgow Haskell Compiler
Static Analysis and Code Optimizations in Glasgow Haskell Compiler
 
Jenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous DeliveryJenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous Delivery
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
 

Semelhante a Static code analysis with sonar qube

Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
webhostingguy
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
webhostingguy
 
Heroku pycon
Heroku pyconHeroku pycon
Heroku pycon
Sabatino Severino
 
J1 2015 "Debugging Java Apps in Containers: No Heavy Welding Gear Required"
J1 2015 "Debugging Java Apps in Containers: No Heavy Welding Gear Required"J1 2015 "Debugging Java Apps in Containers: No Heavy Welding Gear Required"
J1 2015 "Debugging Java Apps in Containers: No Heavy Welding Gear Required"
Daniel Bryant
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
 
From printed circuit boards to exploits
From printed circuit boards to exploitsFrom printed circuit boards to exploits
From printed circuit boards to exploits
virtualabs
 
Kraken
KrakenKraken
Kraken
PayPal
 

Semelhante a Static code analysis with sonar qube (20)

Nikto
NiktoNikto
Nikto
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)
 
Kraken Front-Trends
Kraken Front-TrendsKraken Front-Trends
Kraken Front-Trends
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
Osquery
OsqueryOsquery
Osquery
 
Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next Frontier
 
Build Automation 101
Build Automation 101Build Automation 101
Build Automation 101
 
Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
 
Virus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing GatekeeperVirus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing Gatekeeper
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
 
Heroku pycon
Heroku pyconHeroku pycon
Heroku pycon
 
J1 2015 "Debugging Java Apps in Containers: No Heavy Welding Gear Required"
J1 2015 "Debugging Java Apps in Containers: No Heavy Welding Gear Required"J1 2015 "Debugging Java Apps in Containers: No Heavy Welding Gear Required"
J1 2015 "Debugging Java Apps in Containers: No Heavy Welding Gear Required"
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
From printed circuit boards to exploits
From printed circuit boards to exploitsFrom printed circuit boards to exploits
From printed circuit boards to exploits
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014
 
Kraken
KrakenKraken
Kraken
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Static code analysis with sonar qube

  • 1. Static Code Analysis with SonarQube hayi.nkm - Software Engineer in Test
  • 2. “All code is guilty, until proven innocent.”– Anonymous
  • 3. Static Analysis Static analysis or also known as Static Code Analysis is a process to analyze the source code of a software without running the software itself. Static Analysis are generally used by developers as part of the development and component testing process.
  • 4. Benefits... Detecting the possible bugs on your code (crash, memory leak, stack overflow, buffer overflow, etc), Find any vulnerabilities in the corner of your applications (clumsy developer miss), Finding possible wrong logic and any bad practice on your project, Finding areas of the code that may need more testing or deeper review,
  • 5. Benefits… (cont) Finding duplicate code which is could be moved into another methods to reduce code complexity, Identifying design issues such as Cyclomatic Complexity and helping reduce the code complexity improve maintainability, Identifying potential software quality issues before the code moves to production.
  • 8. Setting up SQ Server. (Mac) $ brew install sonar
  • 9. Setting up SQ Server. (Linux) # download SonarQube $ wget http://dist.sonar.codehaus.org/sonarqube-5.X.zip # Unzip and move file into /opt/ $ unzip sonarqube-5.X.zip $ mv sonarqube-5.X /opt/sonar
  • 10. Setting up Databases (MySQL) $ mysql -u root -p CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci; CREATE USER 'sonar' IDENTIFIED BY 'sonar'; GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar'; GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar'; FLUSH PRIVILEGES;
  • 11. Connect SQ to Databases Open /opt/sonar/conf/sonar.properties sonar.jdbc.username=sonar sonar.jdbc.password=sonar sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&c haracterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=max Performance
  • 12. Setting up web server. Open /opt/sonar/conf/sonar.properties sonar.web.host=127.0.0.1 sonar.web.context=/sonar sonar.web.port=9000
  • 13. Starting sonar... $ sonar start Or $ sudo sonar start
  • 15. Maven
  • 16. Setting up Maven. Edit the settings.xml file, located in $MAVEN_HOME/conf or ~/.m2 <settings> <pluginGroups><pluginGroup>org.sonarsource.scanner.maven</pluginGroup></pluginGroups> <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url>http://myserver:9000</sonar.host.url> </properties> </profile> </profiles> </settings>
  • 17. Analyzing Maven Projects $ mvn clean verify sonar:sonar ## In some cases: $ mvn clean install $ mvn sonar:sonar
  • 19. Setting up Gradle Projects Add this line into build.gradle plugins { id "org.sonarqube" version "1.2" } apply plugin: "org.sonarqube" sonarqube { properties { property "sonar.host.url", "http://myserver:9000" property "sonar.sourceEncoding", "UTF-8" property "sonar.language", "java" property "sonar.profile", "Android Lint" property "sonar.projectKey","PROJECT-KEY" property "sonar.projectName","PROJECT_NAME" property "sonar.projectVersion","VERSION" property "sonar.java.source", "1.7" property "sonar.sources", "./" } }
  • 20. Analyzing Gradle Project $ ./gradlew clean check sonarqube