Skip to main content

Sonar Qube Quickstart

Software Characterstics


1. Specific Conventions followed or not
2. Good Practices are being followed and bad practices have been avoided.
3. Are there any potential bugs and performance issues and security vulnerabilities
4. Is there any duplicate code.
5. public API has good information or not
6. unit tests
7.good design and architecture principles



Static Code Analysis:

1. It is similar to compiler warnings
2. Static code analysis is like a white box testing looks at appliacations in non-runtime environments.
3. It is considered as a way to automate the code review process.
4. Detecting errors in programs
5. Recommending code formatiing if the source code follows the code formatting accepted in your company.



Static Code Analysis Tools:-

1. FindBugs :- It is better than PMD and CheckStyle
It helps in detecting the potential bugs and performance issues.


2. PMD:- Main focus --> Bad practices

3. Checkstyle  --> Main focus --> Conventions

4. HP Fortify:- Main focus --> security Vulnerabilities






SonarQube:-

1. Combination of static and dynamic analysis Tools.
2.SonarQube addresses not just bugs but also coding rules, test coverage, duplications, API documentation, complexity, and architecture, providing all these details in a dashboard
3.



















Labels:

Comments

Post a Comment

Popular posts from this blog

Clean Code Sonar Lint Java

Coding Guidelines 1. Sections of code should not be commented out (java:S125) CODE_SMELLCode smellMAJORMajor Programmers should not comment out code as it bloats programs and reduces readability. Unused code should be deleted and can be retrieved from source control history if required. 2. Standard outputs should not be used directly to log anything (java:S106) CODE_SMELLCode smellMAJORMajor When logging a message there are several important requirements which must be fulfilled: • The user must be able to easily retrieve the logs • The format of all logged message must be uniform to allow the user to easily read the log • Logged data must actually be recorded • Sensitive data must only be logged securely If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended. Noncompliant Code Example System.out.println("My Message");  // Noncompliant Complia...
Post a Comment
Read more

Xpath toughest

1. //span[contains(text(),'Please enter the comments!')]//following-sibling::div//input//following-sibling::textarea Some of the other Xpaths are 1. search RBGA //clicking on the new request //a[@title='Request a new workflow for RB General Approval Form']         @FindBy(xpath="//body[contains(@class,'ext-safari')]/form[contains(@name,'workOnIssueForm')]/table[contains(@class,'jiraform maxWidth')]/tbody/tr/td[contains(@class,'rb_formArea')]/fieldset[contains(@class,'rb_WorkON_FieldSet')]/table/tbody/tr/td/div[contains(@class,'rb_WorkON_FieldContainer')]/div[contains(@class,'rb_WorkON_FieldValueArea rb_WorkON_FieldValueArea_create rb_WorkON_ValueArea_Wide')]/table[contains(@class,'workonstdtable')]/tbody/tr/td/input[1]")     public WebElement tickMark;         @FindBy(xpath="//body[contains(@class,'ext-safari')]/form[contains(@name,'workOnIssueForm')]/table[contains(@class,...
Post a Comment
Read more