Nov 11, 2020 | 2 min read

An Introduction to Continuous Code Quality Reviews Using SonarQube

By: Sean Sullivan

An Introduction to Continuous Code Quality Reviews Using SonarQube

SonarQube is an open-source tool for continuous code inspection. It collects and analyzes source code and provides reports on the code quality of your projects. With regular use, SonarQube guarantees a universal standard of coding within your organization while ensuring application sustainability. Here’s a quick overview of how SonarQube works, why we use it, and how to get started.

How SonarQube Works

SonarQube evaluates your code against a set of rules called quality profiles. The profiles can be set to global defaults or can be uniquely configured for a specific language or project. Severity levels show you how significant the rule you broke is, and fixes are provided for each issue.

SonarQube also grades your code by a set of criteria called quality gates. These metrics can be configured based on your quality profile, by project, or set to global defaults. The global defaults include maintainability, reliability, security, code coverage, and duplicated lines.

Additionally, SonarQube translates these non-descript metrics and statistics about your code into real business values, such as risk and technical debt, making SonarQube stand out amongst similar code inspection tools.

Benefits

The main reason we use SonarQube is to ensure we’re writing quality code. It helps put forth a common standard for coding within your organization, removing the typical ambiguity associated with “coding best practices.”

Other benefits for developers, product owners, and leaders alike include:

  • Improving code sustainability: reduces complexities, duplications, and potential bugs in the code, increasing the lifetime of the application.
  • Reducing technical debt: keeps code clean and maintainable, increasing development velocity without impeding progress.
  • Enabling continuous learning: improves general knowledge and coding skills by recommending resolutions for issues found.
  • Improved Continuous Integration (CI) process: reduces the feedback loop from code creation through production. This process allows you to deliver value to customers faster and address issues before they are too big to resolve.

Getting Started

Several versions of SonarQube are available, including their free community version and their cloud-hosted version, SonarCloud. Once you have your SonarQube platform set up, it’s easy to create projects and begin analyzing them.

SonarQube offers support for many popular CI platforms, with plenty of documentation to get you started. After setting up your new project, begin adding build steps to your CI setup. When you start scanning your code, you can fine-tune the quality profile used to evaluate your code, allowing you to codify your code quality standards to start improving your code, commit by commit.

Overall, continuous code quality reviews will improve your product, and platforms like SonarQube should be seen as a tool rather than a hindrance. If you need help getting started, visit our DevOps Services page, or contact DragonSpears.

About Sean Sullivan

Sean graduated from the University of Toledo in Toledo, Ohio, with a B.S. in Computer Science and Engineering Technology. He's a Microsoft Certified Solutions Associate, Certified Scrum Master, AND has his CompTIA Security Plus Certification. Sean is truly a DevOps expert and has been working in various technology roles for 14 years.