SlideShare uma empresa Scribd logo

SonarQube

Gnanaseelan Jeb
Gnanaseelan Jeb
1 de 15
Baixar para ler offline
SonarQube: Seven Deadly Software Sins Gnanaseelan , Senior Technology Architect
Who am I ? • Senior Technical Architect @ Accenture Software • Current Role • Focusing on improving the software design /code quality • Previous Roles: • Application Architect, Infrastructure Architect and Operation Architect for SOA Java Projects
Presentation Goals • Knowledge of the Seven Deadly Developer Sins • Role of SonarQube in identifying them • Software patterns and principles to reduce the same. • Q/A
Sin • Sin can be viewed as anything that violates the ideal relationship between an individual and his conscience • Software sin can be viewed as anything that violates the ideal relationship between an software developer and SonarQube. Developer Sin Separates Developer and Code SonarQube
Architecture/Design Sin 1 : Violation of architecture layer Presentation Layer Controller Layer Service Layer Persistence Layer • MVC is a design pattern to separate the different layers. • SonarQube helps you to identify the violations of the architecture patterns
Architecture/Design Sin 1 : Violation of architecture layer • Create Architecture Rules • Create Package Structure • no access to *.controller.* from *.dao.* classes
Architecture/Design Sin 2: Creating Dependency Cycle • Design Structure Matrix (DSM) showing how components depend one on the other, highlighting dependency cycles and showing details on dependencies • Dependency –Inversion Principle • Interface Segregation Principle
Complexity Sin 3: High Cyclomatic Complexity
Lack of Proper Unit Test Sin 4: • Make sure the JUnit tests are aligned to business requirements and it tests the right business functionality. • Check for both positive and negative results • Provide logical names for your unit tests. • Verify all the mock objects to ensure unnecessary mocking is not done for the test case. • SonarQube also shares the failures and errors in the unit test success.
Un Documented Source Code Sin 5: • Public API • Public Class • Public Method • Public Property • SonarQube measures the quantity and not the quality of the API • Include the purpose of the method also the descriptions of input and output parameters /** * Test Condition 1: Check to make sure that the person is responsible for the General Medical Benefit * Inputs: Eligible programs to the rules engine. * Expected Results: Verified eligible programs are in the results.
Duplicate Source Code Sin 6: • Use Patterns like Extract Method to reduce duplication. • Violates DRY principle • SonarQube will help you to identify the duplicate code in the same file , project and even across multiple projects. • SonarQube shares the duplicate lines, blocks and files
Coding Standard Breach Sin 7 : Indication of programmer error Severity BugsPotential bugs Inefficiencies BlockerCriticalMajorMinorInfo Future programmer error Style Issues require urgent fix Issues require analysis Source: Campbell, Papapetrou: SonarQube in Action
Bugs and Potential Bugs • Bug (Blocker and Critical) : Failures to close file handles or database connections • Potential bugs (Critical or Major): Potential Null pointer condition during a certain scenario
Bugs and Potential Bugs • Indication of Programming error (Major) : Avoid logging and throwing – as this results in multiple log messages for the same problem. Exception should be logged as the last resort error handler. • Future Programming Error (Major/Minor): Methods that are too long and complex. • Inefficiencies (Minor) : Unused import and methods.
SonarQube

Recomendados

Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQubeDmytro Patserkovskyi
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? Geeks Anonymes
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionMichael Jesse
 
Sonarqube
SonarqubeSonarqube
SonarqubeKalkey
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning TalkJonathan Gregory
 
Sonar Review
Sonar ReviewSonar Review
Sonar ReviewKate Semizhon
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualityLarry Nung
 

Recomendados

Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQubeDmytro Patserkovskyi
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? Geeks Anonymes
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionMichael Jesse
 
Sonarqube
SonarqubeSonarqube
SonarqubeKalkey
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning TalkJonathan Gregory
 
Sonar Review
Sonar ReviewSonar Review
Sonar ReviewKate Semizhon
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualityLarry Nung
 
Java Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeJava Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeAngelin R
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short versionDmytro Patserkovskyi
 
Managing code quality with SonarQube
Managing code quality with SonarQubeManaging code quality with SonarQube
Managing code quality with SonarQubeRadu Vunvulea
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube OverviewAhmed M. Gomaa
 
SonarQube Presentation.pptx
SonarQube Presentation.pptxSonarQube Presentation.pptx
SonarQube Presentation.pptxSatwik Bhupathi Raju
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeEmre Dündar
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerManu Pk
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubePatroklos Papapetrou (Pat)
 
Sonar qube
Sonar qubeSonar qube
Sonar qubepenetration Tester
 
Sonarqube
SonarqubeSonarqube
SonarqubePeerapat Asoktummarungsri
 
Jenkins with SonarQube
Jenkins with SonarQubeJenkins with SonarQube
Jenkins with SonarQubeSomkiat Puisungnoen
 
What is SonarQube in DevOps.docx
What is SonarQube in DevOps.docxWhat is SonarQube in DevOps.docx
What is SonarQube in DevOps.docxDevOps University
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisPrashant Gupta
 
Software Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsSoftware Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsKMS Technology
 
Sonar Overview
Sonar OverviewSonar Overview
Sonar OverviewSamuel Langlois
 
Agile testing - Testing From Day 1
Agile testing - Testing From Day 1Agile testing - Testing From Day 1
Agile testing - Testing From Day 1Kaizenko
 
Agile Testing Strategy
Agile Testing StrategyAgile Testing Strategy
Agile Testing Strategytharindakasun
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qubeHayi Nukman
 
SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...
SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...
SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...Igor Rosa Macedo
 
Sonarqube
SonarqubeSonarqube
SonarqubeCDS
 
Code Quality, Standards and Best Practices, Discuss
Code Quality, Standards and Best Practices, DiscussCode Quality, Standards and Best Practices, Discuss
Code Quality, Standards and Best Practices, DiscussJapheth Thomson
 
SonarQube 로 Unity 프로젝트 관리
SonarQube 로 Unity 프로젝트 관리SonarQube 로 Unity 프로젝트 관리
SonarQube 로 Unity 프로젝트 관리EG Lim
 

Mais conteúdo relacionado

Mais procurados

Java Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeJava Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeAngelin R
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short versionDmytro Patserkovskyi
 
Managing code quality with SonarQube
Managing code quality with SonarQubeManaging code quality with SonarQube
Managing code quality with SonarQubeRadu Vunvulea
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeEmre Dündar
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerManu Pk
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubePatroklos Papapetrou (Pat)
 
What is SonarQube in DevOps.docx
What is SonarQube in DevOps.docxWhat is SonarQube in DevOps.docx
What is SonarQube in DevOps.docxDevOps University
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisPrashant Gupta
 
Software Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsSoftware Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsKMS Technology
 
Agile testing - Testing From Day 1
Agile testing - Testing From Day 1Agile testing - Testing From Day 1
Agile testing - Testing From Day 1Kaizenko
 
Agile Testing Strategy
Agile Testing StrategyAgile Testing Strategy
Agile Testing Strategytharindakasun
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qubeHayi Nukman
 
SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...
SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...
SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...Igor Rosa Macedo
 
Sonarqube
SonarqubeSonarqube
SonarqubeCDS
 

Mais procurados (20)

Java Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeJava Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQube
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short version
 
Managing code quality with SonarQube
Managing code quality with SonarQubeManaging code quality with SonarQube
Managing code quality with SonarQube
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube Overview
 
SonarQube Presentation.pptx
SonarQube Presentation.pptxSonarQube Presentation.pptx
SonarQube Presentation.pptx
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps Engineer
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQube
 
Sonar qube
Sonar qubeSonar qube
Sonar qube
 
Sonarqube
SonarqubeSonarqube
Sonarqube
 
Jenkins with SonarQube
Jenkins with SonarQubeJenkins with SonarQube
Jenkins with SonarQube
 
What is SonarQube in DevOps.docx
What is SonarQube in DevOps.docxWhat is SonarQube in DevOps.docx
What is SonarQube in DevOps.docx
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysis
 
Software Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsSoftware Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing Trends
 
Sonar Overview
Sonar OverviewSonar Overview
Sonar Overview
 
Agile testing - Testing From Day 1
Agile testing - Testing From Day 1Agile testing - Testing From Day 1
Agile testing - Testing From Day 1
 
Agile Testing Strategy
Agile Testing StrategyAgile Testing Strategy
Agile Testing Strategy
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qube
 
SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...
SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...
SonarQube - Como avaliar seus fornecedores e garantir a qualidade de suas ent...
 
Sonarqube
SonarqubeSonarqube
Sonarqube
 

Destaque

Code Quality, Standards and Best Practices, Discuss
Code Quality, Standards and Best Practices, DiscussCode Quality, Standards and Best Practices, Discuss
Code Quality, Standards and Best Practices, DiscussJapheth Thomson
 
SonarQube 로 Unity 프로젝트 관리
SonarQube 로 Unity 프로젝트 관리SonarQube 로 Unity 프로젝트 관리
SonarQube 로 Unity 프로젝트 관리EG Lim
 
DevOps – SonarQube
DevOps – SonarQubeDevOps – SonarQube
DevOps – SonarQubeDelta-N
 
Sonar qube to impove code quality
Sonar qube to impove code qualitySonar qube to impove code quality
Sonar qube to impove code qualityMani Sarkar
 
Continuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarContinuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarPascal Larocque
 

Destaque (9)

Code Quality, Standards and Best Practices, Discuss
Code Quality, Standards and Best Practices, DiscussCode Quality, Standards and Best Practices, Discuss
Code Quality, Standards and Best Practices, Discuss
 
SonarQube 로 Unity 프로젝트 관리
SonarQube 로 Unity 프로젝트 관리SonarQube 로 Unity 프로젝트 관리
SonarQube 로 Unity 프로젝트 관리
 
DevOps – SonarQube
DevOps – SonarQubeDevOps – SonarQube
DevOps – SonarQube
 
Sonar
SonarSonar
Sonar
 
SONAR
SONARSONAR
SONAR
 
Sonar Metrics
Sonar MetricsSonar Metrics
Sonar Metrics
 
Sonar qube to impove code quality
Sonar qube to impove code qualitySonar qube to impove code quality
Sonar qube to impove code quality
 
Continuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarContinuous integration using Jenkins and Sonar
Continuous integration using Jenkins and Sonar
 
SONAR
SONAR SONAR
SONAR
 

Semelhante a SonarQube

Understand release engineering
Understand release engineeringUnderstand release engineering
Understand release engineeringgaoliang641
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsShafiul Azam Chowdhury
 
Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality ToolsAnju ML
 
Blackboard DevCon 2012 - Ensuring Code Quality
Blackboard DevCon 2012 - Ensuring Code QualityBlackboard DevCon 2012 - Ensuring Code Quality
Blackboard DevCon 2012 - Ensuring Code QualityNoriaki Tatsumi
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0Jasmine Conseil
 
Software Development Life Cycle (SDLC )
Software Development Life Cycle (SDLC )Software Development Life Cycle (SDLC )
Software Development Life Cycle (SDLC )eshtiyak
 
sdlc presentation.pptx
sdlc presentation.pptxsdlc presentation.pptx
sdlc presentation.pptxwaseemasghar20
 
Tools for Software Testing
Tools for Software TestingTools for Software Testing
Tools for Software TestingMohammed Moishin
 
Slides for Houston iPhone Developers' Meetup (April 2012)
Slides for Houston iPhone Developers' Meetup (April 2012)Slides for Houston iPhone Developers' Meetup (April 2012)
Slides for Houston iPhone Developers' Meetup (April 2012)lqi
 
Software Engineering Methodologies
Software Engineering MethodologiesSoftware Engineering Methodologies
Software Engineering MethodologiesDamian T. Gordon
 
Quality assuarance bharath anche (1)
Quality assuarance bharath anche (1)Quality assuarance bharath anche (1)
Quality assuarance bharath anche (1)bharathanche
 
Application Lifecycle Management
Application Lifecycle ManagementApplication Lifecycle Management
Application Lifecycle ManagementAmazon Web Services
 
Static Analysis Primer
Static Analysis PrimerStatic Analysis Primer
Static Analysis PrimerCoverity
 
ITFT - Software development life cycle
ITFT - Software development life cycleITFT - Software development life cycle
ITFT - Software development life cycleShruti Kunwar
 

Semelhante a SonarQube (20)

Understand release engineering
Understand release engineeringUnderstand release engineering
Understand release engineering
 
White box testing
White box testingWhite box testing
White box testing
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development Concepts
 
Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
SE Unit-1.pptx
SE Unit-1.pptxSE Unit-1.pptx
SE Unit-1.pptx
 
Coding - SDLC Model
Coding - SDLC ModelCoding - SDLC Model
Coding - SDLC Model
 
Blackboard DevCon 2012 - Ensuring Code Quality
Blackboard DevCon 2012 - Ensuring Code QualityBlackboard DevCon 2012 - Ensuring Code Quality
Blackboard DevCon 2012 - Ensuring Code Quality
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0
 
Software Development Life Cycle (SDLC )
Software Development Life Cycle (SDLC )Software Development Life Cycle (SDLC )
Software Development Life Cycle (SDLC )
 
postgres.pptx
postgres.pptxpostgres.pptx
postgres.pptx
 
sdlc presentation.pptx
sdlc presentation.pptxsdlc presentation.pptx
sdlc presentation.pptx
 
Tools for Software Testing
Tools for Software TestingTools for Software Testing
Tools for Software Testing
 
Slides for Houston iPhone Developers' Meetup (April 2012)
Slides for Houston iPhone Developers' Meetup (April 2012)Slides for Houston iPhone Developers' Meetup (April 2012)
Slides for Houston iPhone Developers' Meetup (April 2012)
 
Software Engineering Methodologies
Software Engineering MethodologiesSoftware Engineering Methodologies
Software Engineering Methodologies
 
Quality assuarance bharath anche (1)
Quality assuarance bharath anche (1)Quality assuarance bharath anche (1)
Quality assuarance bharath anche (1)
 
Application Lifecycle Management
Application Lifecycle ManagementApplication Lifecycle Management
Application Lifecycle Management
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Static Analysis Primer
Static Analysis PrimerStatic Analysis Primer
Static Analysis Primer
 
ITFT - Software development life cycle
ITFT - Software development life cycleITFT - Software development life cycle
ITFT - Software development life cycle
 

SonarQube

  • 1. SonarQube: Seven Deadly Software Sins Gnanaseelan , Senior Technology Architect
  • 2. Who am I ? • Senior Technical Architect @ Accenture Software • Current Role • Focusing on improving the software design /code quality • Previous Roles: • Application Architect, Infrastructure Architect and Operation Architect for SOA Java Projects
  • 3. Presentation Goals • Knowledge of the Seven Deadly Developer Sins • Role of SonarQube in identifying them • Software patterns and principles to reduce the same. • Q/A
  • 4. Sin • Sin can be viewed as anything that violates the ideal relationship between an individual and his conscience • Software sin can be viewed as anything that violates the ideal relationship between an software developer and SonarQube. Developer Sin Separates Developer and Code SonarQube
  • 5. Architecture/Design Sin 1 : Violation of architecture layer Presentation Layer Controller Layer Service Layer Persistence Layer • MVC is a design pattern to separate the different layers. • SonarQube helps you to identify the violations of the architecture patterns
  • 6. Architecture/Design Sin 1 : Violation of architecture layer • Create Architecture Rules • Create Package Structure • no access to *.controller.* from *.dao.* classes
  • 7. Architecture/Design Sin 2: Creating Dependency Cycle • Design Structure Matrix (DSM) showing how components depend one on the other, highlighting dependency cycles and showing details on dependencies • Dependency –Inversion Principle • Interface Segregation Principle
  • 8. Complexity Sin 3: High Cyclomatic Complexity
  • 9. Lack of Proper Unit Test Sin 4: • Make sure the JUnit tests are aligned to business requirements and it tests the right business functionality. • Check for both positive and negative results • Provide logical names for your unit tests. • Verify all the mock objects to ensure unnecessary mocking is not done for the test case. • SonarQube also shares the failures and errors in the unit test success.
  • 10. Un Documented Source Code Sin 5: • Public API • Public Class • Public Method • Public Property • SonarQube measures the quantity and not the quality of the API • Include the purpose of the method also the descriptions of input and output parameters /** * Test Condition 1: Check to make sure that the person is responsible for the General Medical Benefit * Inputs: Eligible programs to the rules engine. * Expected Results: Verified eligible programs are in the results.
  • 11. Duplicate Source Code Sin 6: • Use Patterns like Extract Method to reduce duplication. • Violates DRY principle • SonarQube will help you to identify the duplicate code in the same file , project and even across multiple projects. • SonarQube shares the duplicate lines, blocks and files
  • 12. Coding Standard Breach Sin 7 : Indication of programmer error Severity BugsPotential bugs Inefficiencies BlockerCriticalMajorMinorInfo Future programmer error Style Issues require urgent fix Issues require analysis Source: Campbell, Papapetrou: SonarQube in Action
  • 13. Bugs and Potential Bugs • Bug (Blocker and Critical) : Failures to close file handles or database connections • Potential bugs (Critical or Major): Potential Null pointer condition during a certain scenario
  • 14. Bugs and Potential Bugs • Indication of Programming error (Major) : Avoid logging and throwing – as this results in multiple log messages for the same problem. Exception should be logged as the last resort error handler. • Future Programming Error (Major/Minor): Methods that are too long and complex. • Inefficiencies (Minor) : Unused import and methods.