Pages

Thursday, August 25, 2016

SonarQube - Static Code Analysis

Testing is one of the important aspects of code to identify various issues that can occur while running the code. At the same time it is necessary to examine the code quality while moving the code to production.

Static analysis also called as static code analysis is a method of debugging that is done by examining the code without executing that. This allows developers a better understanding of the code structure and can help developers to ensure that the code adheres to industry standards. The main advantage of the static analysis is that it reveals errors that do not occur until months and years of application running. It is said that the static analysis is only a first step in a comprehensive software quality-control regime. Sonar is one such tool which provides us the static code analysis.

Sonar is an open source web-based application to manage code quality which covers seven axes of code quality as: Architecture and design, comments, duplications, unit tests, complexity, potential bugs and coding rules. Developed in Java and can cover projects in Java, FlexPHPPL/SQL,  Visual Basic 6. It's very efficient to navigate; offering visual reporting and you can follow metrics evolution of your project and combine them.

In this article we will see how we can install SONAR tool and use that.

1. Download SonarQube from here

2. Extract the tar file to /op/sonarqube.
Once extracted move to the /opt/sonarqube/bin/linux-x86-64.And run the “sonar.sh  start”.

That’s all you need to do in starting the sonarqube. Access the sonarqube console using the “localhost:9000” and we can see the web console as below,

 The default credentials for login are admin and admin. More to come using this tool. Stay learning J

6 comments :

  1. Static code analysis is about analysing source code without executing them to find potential vulnerabilities, bugs and security threats.

    ReplyDelete
  2. Static code checker is very helpful in finding the error and testing completion. the blog consists of precise yet useful information.

    ReplyDelete
  3. Very nice blog... Static code analysis is very helpful in finding the error and testing completion. the blog consists of precise yet useful information.

    ReplyDelete
  4. Nice informative blog. I found very useful information on Static code analyser and analysis. Thanks for sharing.

    ReplyDelete
  5. Nice blog... Static code analysis is important and static code analysis tools are helpful. Secure code analysis is also very important aspect and should not be ignored.

    ReplyDelete
  6. This is really interesting, You're a very skilled blogger.
    I have joined your rss feed and look forward to seeking
    more of your great post. Also, I have shared your website in my social networks!

    ReplyDelete