Most of you might have heard about Sonar or SonarQube as an automated code review tool. That’s right! However, SonarQube is not limited to only performing automated code review and providing a list of findings. As the documentation aptly says, it is an open source quality management platform which helps in continuous analysis and measurement of technical quality of source code. It gives high level snapshot of code quality measured against configured coding standards/ best practices. There is ample documentation available on SonarQube website. This blog will help you to filter out the key information and provide a quick introduction of SonarQube and how it works.
6.2. How does it work?
SonarQube takes project code as the input, analyses it using pre-defined coding rules and publishes web-based results giving overview of technical quality of code. Results summarize the status on project level which can be informative to management and is also possible to go on the issue level to see specific line of code causing the rule violation. This feature makes it very useful to developers to take quick action. · Project code as input: SonarQube can analyse source code in 20+ different languages. Input can be the project source code or compiled code depending on the language. Below table summarizes the available options:
Rules: Analysis is carried out using pre-defined rules based on industry coding standards /best practices. Rules for a particular language are available as plug-in for most of the languages.