SonarQube is an open-source platform for static code analysis, used to verify the technical quality of the source code. The development is managed by sonarsource (Tool website: sonarqube.org). The tool was released in 2007 and was called “Sonar” until the name was changed in 2013.
Features of SonarQube
SonarQube assists developers in assuring the quality of their code by way of analyzing the source code based on defined rules. The analysis is conducted on two levels.
- Among other things, rules can be defined based on the degree of complexity of the code, potential errors, compliance with code guidelines, test coverage, code duplication and comments. Quality profiles are compiled based on the rules available.
- Quality gates can be used to establish maximum and minimum threshold values for key figures, such as “code coverage > 80%” or “Security rating no worse than A”.
The results of the analyses are stored on a database and can be accessed via a web interface. Integrating SonarQube into CI/CD pipelines can help to support the development process in an automated way.
SonarQube provides supports for up to 27 programming languages in code analysis. Thanks to its modular structure, the analysis tool can be extended very easily using plugins.
SonarQube in the Cloudogu EcoSystem
As part of the toolchain, SonarQube supports code quality in the Cloudogu EcoSystem. The results of the test can be easily accessed via the SonarQube web interface, or a clear overview of the results can be seen in the dashboard, e.g. in the cockpit. There are two options for integrating the analysis into a Jenkins build pipeline if a quality gate cannot be passed or an error occurs:
- Termination of the build with an error.
- Continuation of the build with a warning.