SonarQube

Last updated
SonarQube
Developer(s) SonarSource
Initial release2006–2007 [1]
Stable release
10.6 / June 25, 2024;5 months ago (2024-06-25) [2]
Repository
Written in Java
Operating system Cross-platform
Type Static program analysis
License GNU Lesser General Public License
Website sonarqube.org

SonarQube (formerly Sonar) [3] is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security recommendations. [4] [5]

Contents

SonarQube provides automated analysis and integration with Maven, Ant, Gradle, MSBuild, and continuous integration tools. [6] [7] [8]

Overview

SonarQube supports the programming languages: Java (including Android), C#, C, C++, JavaScript, TypeScript, Python, Go, Swift, COBOL, Apex, PHP, Kotlin, Ruby, Scala, HTML, CSS, ABAP, Flex, Objective-C, PL/I, PL/SQL, RPG, T-SQL, VB.NET, VB6, and XML. [9] As of December 2021, analyzing C, C++, Objective-C, Swift, ABAP, T-SQL, and PL/SQL is only available via a commercial license.

SonarQube is an open core product for static code analysis, with additional features offered in commercial editions.

SonarQube for IDE

SonarQube is expandable with the use of plug-ins. It integrates with Eclipse, Visual Studio, Visual Studio Code, and IntelliJ IDEA development environments through SonarQube for IDE [10] plug-ins, as well as external tools such as LDAP, Active Directory, and GitHub. [11] [12]

Reception

In 2009, SonarQube received a Jolt Award under the testing tools category. [13] [14]

See also

Related Research Articles

In computer science, static program analysis is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution in the integrated environment.

In software engineering and development, a software metric is a standard of measure of a degree to which a software system or process possesses some property. Even if a metric is not a measurement, often the two terms are used as synonyms. Since quantitative measurements are essential in all sciences, there is a continuous effort by computer science practitioners and theoreticians to bring similar approaches to software development. The goal is obtaining objective, reproducible and quantifiable measurements, which may have numerous valuable applications in schedule and budget planning, cost estimation, quality assurance, testing, software debugging, software performance optimization, and optimal personnel task assignments.

<span class="mw-page-title-main">Eclipse (software)</span> Software development environment

Eclipse is an integrated development environment (IDE) used in computer programming. It contains a base workspace and an extensible plug-in system for customizing the environment. It is the second-most-popular IDE for Java development, and, until 2016, was the most popular. Eclipse is written mostly in Java and its primary use is for developing Java applications, but it may also be used to develop applications in other programming languages via plug-ins, including Ada, ABAP, C, C++, C#, Clojure, COBOL, D, Erlang, Fortran, Groovy, Haskell, HLASM, JavaScript, Julia, Lasso, Lua, NATURAL, Perl, PHP, PL/I, Prolog, Python, R, Rexx, Ruby, Rust, Scala, and Scheme. It can also be used to develop documents with LaTeX and packages for the software Mathematica. Development environments include the Eclipse Java development tools (JDT) for Java and Scala, Eclipse CDT for C/C++, and Eclipse PDT for PHP, among others.

<span class="mw-page-title-main">PMD (software)</span> Static software analysis tool

PMD is an open source static source code analyzer that reports on issues found within application code. PMD includes built-in rule sets and supports the ability to write custom rules. PMD does not report compilation errors, as it only can process well-formed source files. Rather, PMD is designed to detect inefficient code or bad programming habits, which can reduce the performance and maintainability of the program if they accumulate. It can analyze files written in Java, JavaScript, Apex and Visualforce, PLSQL, Apache Velocity, XML, and XSL.

A software build is the process of converting source code files into standalone software artifact(s) that can be run on a computer, or the result of doing so.

Automated code review software checks source code for compliance with a predefined set of rules or best practices.

<span class="mw-page-title-main">FindBugs</span> Software that finds possible errors in Java programs

FindBugs is an open-source static code analyser created by Bill Pugh and David Hovemeyer which detects possible bugs in Java programs. Potential errors are classified in four ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern. This is a hint to the developer about their possible impact or severity. FindBugs operates on Java bytecode, rather than source code. The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse, NetBeans, IntelliJ IDEA, Gradle, Hudson, Maven, Bamboo and Jenkins.

A software repository, or repo for short, is a storage location for software packages. Often a table of contents is also stored, along with metadata. A software repository is typically managed by source or version control, or repository managers. Package managers allow automatically installing and updating repositories, sometimes called "packages".

Azure DevOps Server, formerly known as Team Foundation Server (TFS) and Visual Studio Team System (VSTS), is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle and enables DevOps capabilities. Azure DevOps can be used as a back-end to numerous integrated development environments (IDEs) but is tailored for Microsoft Visual Studio and Eclipse on all platforms.

<span class="mw-page-title-main">Snake case</span> Words joined with underscores

Snake case is the naming convention in which each space is replaced with an underscore (_) character, and words are written in lowercase. It is a commonly used naming convention in computing, for example for variable and subroutine names, and for filenames. One study has found that readers can recognize snake case values more quickly than camel case. However, "subjects were trained mainly in the underscore style", so the possibility of bias cannot be eliminated.

SQUORE is a software analytics and static code analysis tool for software projects. It gathers information from different artefacts types and tools and publishes a summarised view of the project quality or progress.

<span class="mw-page-title-main">ThreadSafe</span>

ThreadSafe is a source code analysis tool that identifies application risks and security vulnerabilities associated with concurrency in Java code bases, using whole-program interprocedural analysis. ThreadSafe is used to identify and avoid software failures in concurrent applications running in complex environments.

Java code coverage tools are of two types: first, tools that add statements to the Java source code and require its recompilation. Second, tools that instrument the bytecode, either before or during execution. The goal is to find out which parts of the code are tested by registering the lines of code executed when running a test.

iDempiere Community Powered Enterprise. Full Open Source Business Suite

iDempiere. Community Powered Enterprise, also known as OSGi + ADempiere, is an open source enterprise resource planning (ERP) software that is fully navigable on PCs, tablets and smartphones, it also has customer relationship management (CRM) and supply chain management (SCM) functions.

RIPS is a static code analysis software, designed for automated detection of security vulnerabilities in PHP and Java applications. The initial tool was written by Johannes Dahse and released during the Month of PHP Security in May 2010 as open-source software. The open-source version is released under the GNU Lesser General Public License and was maintained until 2013.

<span class="mw-page-title-main">SourceMeter</span> Source code analyzer tool

SourceMeter is a source code analyzer tool, which can perform deep static program analysis of the source code of complex programs in C, C++, Java, Python, C#, and RPG (AS/400). FrontEndART has developed SourceMeter based on the Columbus technology researched and developed at the Department of Software Engineering of the University of Szeged.

Visual Expert is a static code analysis tool, extracting design and technical information from software source code by reverse-engineering, used by programmers for software maintenance, modernization or optimization.

SonarSource is a Swiss company founded in 2008. It develops open source software for continuous code quality and security.

References

  1. "History | SonarSource". www.sonarsource.com.
  2. "What's New in latest releases | SonarQube". www.sonarqube.org.
  3. Freddy Mallet (20 March 2013). "SONAR is becoming SONARQUBE". SonarQube project mailing list. Archived from the original on 24 July 2013. Retrieved 3 July 2013.
  4. "Sonar" (PDF). Methods and Tools. Vol. 18, no. 1. 2010-03-01. pp. 40–46. ISSN   1661-402X . Retrieved 2017-08-29.
  5. Campell/Papapetrou, Ann/Patroklos (2013). Sonar (SonarQube) in action. Greenwich, Connecticut, USA: Manning Publications. p. 350. ISBN   978-1617290954.
  6. Buijze, Allard (2010-02-26). "Measuring Code Quality With Sonar". Archived from the original on 2011-08-12. Retrieved 2017-08-29.
  7. Odendaal, René (2009-06-24). "Continuous Integration on SAP using Subversion, Maven, Hudson, Nexus and Sonar". Archived from the original on 2012-07-24. Retrieved 2017-08-29.
  8. Smart, John (2010-03-14). "How can you improve, harmonize and automate your development process using tools like Maven, Hudson, and Nexus?" . Retrieved 2017-08-29.
  9. "Multi-Language - SonarQube" . Retrieved 2021-01-25.
  10. "Sonar Streamlines Product Naming to Reflect Core Mission of Code Quality and Security" . Retrieved 2024-12-14.
  11. Mariano (2009-11-17). "Creating a Sonar Plugin for software development metrics". Archived from the original on March 24, 2010. Retrieved 2017-08-29.
  12. Hazrati, Vikas (2010-03-30). "Monetizing the Technical Debt" . Retrieved 2017-08-29.
  13. "Jolt Awards Winners". 2009-03-18. Archived from the original on February 1, 2010. Retrieved 2010-04-13.
  14. "Jolt Productivity Award #2: Testing and Debugging". 2010-12-01. Retrieved 2010-12-09.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.