The platform Sonar allows static code analyses of
different projects and presents the results in a standardised form. Sonar
applies some own rules enhanced by the rules of integrated tools as e.g.
FindBugs, Checkstyle or PMD (for the Java world).
The experiences with Sonar used in a huge portfolio of
applications are good. For Java there are more than 800 rules available, which
are well described, can be activated and deactivated and can be configured
regarding the severity of violations (e.g. Blocker, Critical, etc.) or
parameters. Experience has shown that it is better not to use the standard
configuration but to discus an own configuration with the most experienced
developers and to rate less rather than more rules as blockers. Further it is
important that the process model respectively the quality gates clearly define
that e.g. it is forbidden to use a release as long as there are blockers, which
at least are potential production defects.
 |
| Sonar Dashboard showing the results of a Code Analysis (Sample) |
Best practise is to integrate the Sonar code analysis
in the build processes of the different applications. Then, after each new
build, i.e. each night or continuously - according to the configuration, a new
analysis result is available.
The Sonar web client presents the analysis results in
dashboards and even in case of a huge portfolio of applications clearly
structured. There are tools for e.g. the analysis of time courses or hotspots.
The authorized user can drill-down for each violation into the code and, if
required, declare it as false-positive.
The experience is that only with a tool such as Sonar
the definition of a coding styleguide is really worthwhile, because the
compliance can be checked without extensive time and in short intervals.
Information about Sonar can be found at http://www.sonarqube.org/features/.
No comments:
Post a Comment