SonarQube

Last updated
SonarQube
Developer(s) SonarSource
Initial release2006–2007 [1]
Stable release
10.4 / February 6, 2024;38 days ago (2024-02-06) [2]
Repository
Written in Java
Operating system Cross-platform
Type Static program analysis
License Lesser GNU General Public License
Website sonarqube.org

SonarQube (formerly Sonar) [3] is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security recommendations. [4] [5]

Contents

SonarQube provides automated analysis and integration with Maven, Ant, Gradle, MSBuild, and continuous integration tools. [6] [7] [8]

Overview

SonarQube supports the programming languages: Java (including Android), C#, C, C++, JavaScript, TypeScript, Python, Go, Swift, COBOL, Apex, PHP, Kotlin, Ruby, Scala, HTML, CSS, ABAP, Flex, Objective-C, PL/I, PL/SQL, RPG, T-SQL, VB.NET, VB6, and XML. [9] As of December 2021, analyzing C, C++, Objective-C, Swift, ABAP, T-SQL, and PL/SQL is only available via a commercial license.

SonarQube is an open core product for static code analysis, with additional features offered in commercial editions.

SonarLint

SonarQube is expandable with the use of plug-ins. It integrates with Eclipse, Visual Studio, Visual Studio Code, and IntelliJ IDEA development environments through SonarLint plug-ins, as well as external tools such as LDAP, Active Directory, and GitHub. [10] [11]

Reception

In 2009, SonarQube received a Jolt Award under the testing tools category. [12] [13]

See also

Related Research Articles

<span class="mw-page-title-main">Eclipse (software)</span> Software development environment

Eclipse is an integrated development environment (IDE) used in computer programming. It contains a base workspace and an extensible plug-in system for customizing the environment. It is the second-most-popular IDE for Java development, and, until 2016, was the most popular. Eclipse is written mostly in Java and its primary use is for developing Java applications, but it may also be used to develop applications in other programming languages via plug-ins, including Ada, ABAP, C, C++, C#, Clojure, COBOL, D, Erlang, Fortran, Groovy, Haskell, JavaScript, Julia, Lasso, Lua, NATURAL, Perl, PHP, Prolog, Python, R, Ruby, Rust, Scala, and Scheme. It can also be used to develop documents with LaTeX and packages for the software Mathematica. Development environments include the Eclipse Java development tools (JDT) for Java and Scala, Eclipse CDT for C/C++, and Eclipse PDT for PHP, among others.

<span class="mw-page-title-main">PMD (software)</span>

PMD is an open source static source code analyzer that reports on issues found within application code. PMD includes built-in rule sets and supports the ability to write custom rules. PMD does not report compilation errors, as it only can process well-formed source files. Rather, PMD is designed to detect inefficient code or bad programming habits, which can reduce the performance and maintainability of the program if they accumulate. It can analyze files written in Java, JavaScript, Apex and Visualforce, PLSQL, Apache Velocity, XML, and XSL.

In software development, a build is the process of converting source code files into standalone software artifact(s) that can be run on a computer, or the result of doing so.

Automated code review software checks source code for compliance with a predefined set of rules or best practices. The use of analytical methods to inspect and review source code to detect bugs or security issues has been a standard development practice in both Open Source and commercial software domains. This process can be accomplished both manually and in an automated fashion. With automation, software tools provide assistance with the code review and inspection process. The review program or tool typically displays a list of warnings. A review program can also provide an automated or a programmer-assisted way to correct the issues found. This is a component for mastering easily software. This is contributing to the Software Intelligence practice. This process is usually called "linting" since one of the first tools for static code analysis was called Lint.

<span class="mw-page-title-main">FindBugs</span> Software that finds possible errors in Java programs

FindBugs is an open-source static code analyser created by Bill Pugh and David Hovemeyer which detects possible bugs in Java programs. Potential errors are classified in four ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern. This is a hint to the developer about their possible impact or severity. FindBugs operates on Java bytecode, rather than source code. The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse, NetBeans, IntelliJ IDEA, Gradle, Hudson, Maven, Bamboo and Jenkins.

A software repository, or repo for short, is a storage location for software packages. Often a table of contents is also stored, along with metadata. A software repository is typically managed by source or version control, or repository managers. Package managers allow automatically installing and updating repositories, sometimes called "packages".

Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle and enables DevOps capabilities. Azure DevOps can be used as a back-end to numerous integrated development environments (IDEs) but is tailored for Microsoft Visual Studio and Eclipse on all platforms.

AnthillPro is a software tool originally developed and released as one of the first continuous integration servers. AnthillPro automates the process of building code into software projects and testing it to verify that project quality has been maintained. Software developers are able to identify bugs and errors earlier by using AnthillPro to track, collate, and test changes in real time to a collectively maintained body of computer code.

<span class="mw-page-title-main">TestComplete</span> Software test automation tool

TestComplete is a functional automated testing platform developed by SmartBear Software. TestComplete gives testers the ability to create automated tests for Microsoft Windows, Web, Android, and iOS applications. Tests can be recorded, scripted or manually created with keyword driven operations and used for automated playback and error logging.

<span class="mw-page-title-main">Parasoft</span> Software testing framework

Parasoft is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working hypercube computer built.

<span class="mw-page-title-main">Snake case</span> Words joined with underscores

Snake case is the naming convention in which each space is replaced with an underscore (_) character, and words are written in lowercase. It is a commonly used naming convention in computing, for example for variable and subroutine names, and for filenames. One study has found that readers can recognize snake case values more quickly than camel case. However, "subjects were trained mainly in the underscore style", so the possibility of bias cannot be eliminated.

Java code coverage tools are of two types: first, tools that add statements to the Java source code and require its recompilation. Second, tools that instrument the bytecode, either before or during execution. The goal is to find out which parts of the code are tested by registering the lines of code executed when running a test.

iDempiere Community Powered Enterprise. Full Open Source Business Suite

iDempiere. Community Powered Enterprise, also known as OSGi + ADempiere, is an open source Enterprise Resource Planning (ERP) software that is fully navigable on PCs, tablets and smartphones, it also has customer relationship management (CRM) and supply chain management (SCM) functions. It is in contrast to proprietary or most other open source ERP solutions driven only by a community of supporters.

RIPS is a static code analysis software, designed for automated detection of security vulnerabilities in PHP and Java applications. The initial tool was written by Johannes Dahse and released during the Month of PHP Security in May 2010 as open-source software. The open-source version is released under the Lesser GNU General Public License and was maintained until 2013.

<span class="mw-page-title-main">SourceMeter</span> Source code analyzer tool

SourceMeter is a source code analyzer tool, which can perform deep static program analysis of the source code of complex programs in C, C++, Java, Python, C#, and RPG (AS/400). FrontEndART has developed SourceMeter based on the Columbus technology researched and developed at the Department of Software Engineering of the University of Szeged.

Visual Expert is a static code analysis tool, extracting design and technical information from software source code by reverse-engineering, used by programmers for software maintenance, modernization or optimization.

SonarSource is a Swiss company founded in 2008. It develops open source software for continuous code quality and security.

<span class="mw-page-title-main">CodeScene</span> Behavioral code analysis tool

CodeScene is a behavioral code analysis tool developed by Empear AB. CodeScene provides code visualizations based on version-control data and machine learning algorithms that identify social patterns and hidden risks in code.

References

  1. "History | SonarSource". www.sonarsource.com.
  2. "What's New in latest releases | SonarQube". www.sonarqube.org.
  3. Freddy Mallet (20 March 2013). "SONAR is becoming SONARQUBE". SonarQube project mailing list. Archived from the original on 24 July 2013. Retrieved 3 July 2013.
  4. "Sonar" (PDF). Methods and Tools. Vol. 18, no. 1. 2010-03-01. pp. 40–46. ISSN   1661-402X . Retrieved 2017-08-29.
  5. Campell/Papapetrou, Ann/Patroklos (2013). Sonar (SonarQube) in action. Greenwich, Connecticut, USA: Manning Publications. p. 350. ISBN   978-1617290954.
  6. Buijze, Allard (2010-02-26). "Measuring Code Quality With Sonar". Archived from the original on 2011-08-12. Retrieved 2017-08-29.
  7. Odendaal, René (2009-06-24). "Continuous Integration on SAP using Subversion, Maven, Hudson, Nexus and Sonar". Archived from the original on 2012-07-24. Retrieved 2017-08-29.
  8. Smart, John (2010-03-14). "How can you improve, harmonize and automate your development process using tools like Maven, Hudson, and Nexus?" . Retrieved 2017-08-29.
  9. "Multi-Language - SonarQube" . Retrieved 2021-01-25.
  10. Mariano (2009-11-17). "Creating a Sonar Plugin for software development metrics". Archived from the original on March 24, 2010. Retrieved 2017-08-29.
  11. Hazrati, Vikas (2010-03-30). "Monetizing the Technical Debt" . Retrieved 2017-08-29.
  12. "Jolt Awards Winners". 2009-03-18. Archived from the original on February 1, 2010. Retrieved 2010-04-13.
  13. "Jolt Productivity Award #2: Testing and Debugging". 2010-12-01. Retrieved 2010-12-09.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.