SonarQube

SonarQube is an open source platform for static code analysis, used to verify the technical quality of the source code. The development is managed by sonarsource (Tool website: sonarqube.org). The tool was released in 2007 and was called “Sonar” until the name was changed in 2013.

Features of SonarQube

SonarQube assists developers in assuring the quality of their code by way of analyzing the source code based on defined rules. The analysis is conducted on two levels.

  • Among other things, rules can be defined based on the degree of complexity of the code, potential errors, compliance with code guidelines, test coverage, code duplication and comments. Quality profiles are compiled based on the rules available.
  • Quality gates can be used to establish maximum and minimum threshold values for key figures, such as “code coverage > 80%” or “Security rating no worse than A”.
Individual quality profiles and quality gates can be specified for each project.

The results of the analyses are stored on a database and can be accessed via a web interface. Integrating SonarQube into CI/CD pipelines can help to support the development process in an automated way.

SonarQube provides supports for up to 27 programming languages in code analysis. Thanks to its modular structure, the analysis tool can be extended very easily using plugins.

SonarQube in the Cloudogu EcoSystem

As part of the toolchain, SonarQube supports code quality in the Cloudogu EcoSystem. The results of the test can be easily accessed via the SonarQube web interface, or a clear overview of the results can be seen in the dashboard, e.g. in the cockpit. There are two options for integrating the analysis into a Jenkins build pipeline if a quality gate cannot be passed or an error occurs:

  • Termination of the build with an error.
  • Continuation of the build with a warning.
The EcoSystem comes with SonarQube’s default quality checks. Even though these default checks can help to improve the quality of the code, we believe that each team and each project requires its own quality criteria, which you should decide for yourself. If you would like some support when setting up quality profiles, our consultants would be happy to help. Test our Cloudogu EcoSystem for free and try out the integrated toolchain for yourself!

Cloudogu EcoSystem Download

Download Cloudogu EcoSystem

Would you like to set up the CES independently? No problem, we provide you with a free download for the Community Edition.

Download CES