sonar overview
TRANSCRIPT
Do Great Code!
Samuel Langlois, 17-Jan-2013
Sonar
• A platform to manage code quality• Free, open source, LGPL, web-based
portal• Backed by• Aggregates well-known tools– Static analysis (PMD, findbugs, Checkstyle)– Duplicate code (Squid, CPD)– Code coverage (Cobertura, JaCoCo)
(name change soon?)
Sonar @ Alfresco
• http://sonar.alfresco.com• Open access, LDAP authentication
coming
• Contains the following projects:– Enterprise HEAD (Maven build)– CLOUD1 (Maven build)– Benchmark– Android SDK and App– …
Sonar portal
Sonar – Basic statistics
Drilling down
• Whole project– Project/module
• Java package– Java class
Sonar – Duplications
Sonar – Package tangle
Sonar - Coverage
Clouds
Sonar - Violations
Violation examples
• Impossible cast
Violation examples
• Dead store
Violation examples
• Dead store
Violation examples
• Redundant nullcheck
Violation examples
• Empty if statement
Managing violations
• For each violation you can– Comment– Change its severity– Declare it as a false-positive– Assign it to someone– Assign it to an action plan
Time machine
Technical debt
• Term coined by Ward Cunningham in 1992
• Work that needs done before a job is complete
• Unwritten tests• Bad design and architecture• Duplicated code• …
• The higher you wait to fix, the more expensive it becomes
SQALE
• Based on ISO 9126 Quality Model• Computes a Technical Debt, measured in
days
Code quality
“A well-written program is a program where the cost of implementing a feature is constant throughout the program's lifetime.”
What now?• What to start with?– Improving test coverage?– Removing duplicate code?– Checking violations?– …
• Where to start?– Most critical projects?– Most « buggy » projects?– Voluntary teams?– …
Try it and tell me!