Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

What is Clean Code?

If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.


But what is Clean Code, and what does it encompass?

Read More
https://assets-eu-01.kc-usercontent.com:443/e2fe37e7-55cd-01b0-b5d2-5ad4e116ce31/ddb995eb-cb89-4435-82fb-1b937cdf11dc/what_is_clean_code_blog_feature.webp
Image shows various elements of code security, languages and bugs
Blog post

Already 158 Checkstyle and PMD rules deprecated by SonarQube Java rules

Already 158 Checkstyle and PMD rules deprecated by SonarQube Java rules

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Everything's a component

Something occurred to me recently that I wanted to share. Sometimes I'm late to the party, so this may have been obvious to you all along, but it didn't jump out at me at first, so I thought it might be worth talking about. It's the fact that the Views plugin turns a project into just another component.

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

Image shows various elements of code security, languages and bugs
Blog post

Differentials: Four ways to see what's changed

After a Sonar analysis, it's easy to see your project's current state - just browse to the project dashboard and it's laid out for you. Want details? Just start clicking. But it's not always enough to know where you are. Sometimes, you need to know where you are in comparison to where you've been.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Customizing Sonar to Fit Your Needs

Sonar is a super-radiator for code quality and as such, you can expect it brings value to all stakeholders in a development group. To achieve this, Sonar must be able to show only relevant information in a certain context and shut off the noise to facilitate investigation and decision making. In this post, I will show how to customize Sonar to fit your needs by:

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Manage Duplicated Code with Sonar

If you use Sonar already, I am sure that you know already the worse of all 7 developer's deadly sins: And if you don't, I would assume you know about duplicated / cloned / similar code when you talk about quality of code and that you have heard of tools such PMD CPD or Simian. But why does copy paste matters from a code quality point of view? How can you benefit from Sonar to improve this? Let’s try to figure this out.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Effective Code Review with Sonar

At SonarSource, we like eating our own dog food as much as possible. This is not always the case in software development, but in our case since we develop software for software companies, we can do it. We therefore have an instance of Sonar that analyses all our products daily.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Running local analysis with Sonar Eclipse 2.0

Have you tried Sonar Eclipse? If you're a fan of Sonar and you monitor the quality of your code daily, you probably already have installed this set of plugins that brings the power of Sonar right into your IDE. As a developer, I personally find it really useful to fix the violations directly in the code editor - while you can not do much about it when you're browsing the web resource viewer of Sonar.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

SQALE, the ultimate Quality Model to assess Technical Debt

Six months ago, we would never have believed that one day we would be happy and excited to write about the implementation of a Quality Model in Sonar. Indeed the Quality Models that we knew at the time (most of them are based on ISO 9126 standard) are complex, expensive to implement, can be understood only by an elite of quality experts and are not fun at all.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Detect Dead Code and Calls to Deprecated Methods with Sonar Squid

Up to version 2.1, Sonar was relying only on external coding rules engines such as Checkstyle, PMD and Findbugs to report violations on Java applications. But since version 2.1, Sonar also provides its own rules engine to work on Java dependencies. This rules engine is based on Squid and three rules are currently available :

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Securing access to projects in Sonar

When used out-of-the-box, Sonar is a code quality radiator accessible by everyone at anytime. Like for JIRA, Hudson, a post-it dashboard or any other piece of the development toolset transparency is a key success factor for adoption. So, by default in Sonar, anyone can access any project under continuous inspection and navigate through it.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Sonar to identify security vulnerabilities

During the last few months, Sonar has definitely become the leading Open Source Platform to manage Java code quality. The objective to democratize access to code quality is becoming concrete. However when analyzing source code, quality is only one aspect of things...

Read Blog post >