Embarking on a SonarCloud trial is the first step towards ensuring your codebase is of the highest quality. But to maximize the benefits, it's essential to approach the trial with a clear plan. In this blog, we'll guide you on how to make the most of your SonarCloud trial period.
Lucky for you, you can start a 14-day trial for your private projects and repositories completely free (public projects are always free). A SonarCloud trial gets you all the features of the application that you can get as a paid subscription. If you’d like to test out SonarCloud before committing to purchase, it’s important that you make the most out of your limited time to get comfortable with the tool and understand if it fits your needs.
Getting started with SonarCloud is easy. You don’t need to speak with a sales rep or request a license key. Just follow these simple steps to maximize the usage of your SonarCloud trial:
Visit the SonarCloud Sign Up page to create your free SonarCloud account through your preferred DevOps development environment. Connect it with your preferred platform, be it GitHub, Bitbucket, GitLab, or Azure DevOps.
This will enable real-time feedback, making it easier to catch and rectify code issues as they arise. Your SonarCloud signup account is created and bound to your account on the DevOps platform that you choose. In this blog, we will use GitHub as an example, but you can choose a different provider based on your preference. As a new user, SonarCloud will prompt you to connect your GitHub organization with SonarCloud.
You can choose one of your existing organizations, join an organization, or create a new organization. An organization is a space where a team or a whole company can collaborate across many projects. On import, a corresponding organization is created in SonarCloud based on the information you provide. All members from your GitHub organization will be added to your SonarCloud organization. As they connect to SonarCloud with their GitHub account, members will automatically have access to your organization.
Next, it’s time to choose your SonarCloud plan. You can start a no-commitment, 14-day trial of SonarCloud for your private repositories completely free by choosing the Paid Plan option. A credit card is required to start your trial. However, please remember that your credit card will not be charged until after your trial has ended and you can analyze private projects for free during your trial period. You will receive an email reminder 3 days before this happens and can cancel your trial at any time! The pricing is based on Lines of Code (LOC) analyzed in private projects.
GitHub projects are grouped into GitHub organizations or personal accounts. The next step is to import the projects (that is, individual Git repositories) that you want to analyze from your GitHub organization into your newly created SonarCloud organization. A corresponding, one-to-one SonarCloud project will be created for each imported repository. SonarCloud will present a list of the repositories in your GitHub organization; choose the projects you want to import and select Set Up to get started. Each imported repository becomes a SonarCloud project. Once you import a project, it appears in your Projects list and is ready to be analyzed.
The next step is to set the new code definition (NCD) for your project(s). The NCD is a mandatory step and it defines which part of your code is considered new code. When you do an analysis on your main branch (or other long-lived branches), SonarCloud uses the new code definition to determine which issues you should focus on fixing and highlights these as issues in new code. This helps you to focus your attention on the most recent changes to your code and allows you to follow the Clean as You Code (CaYC) methodology. The guidance to pick the right NCD is provided in the docs.
For GitHub repositories, there are two analysis methods available: Automatic analysis and CI-based analysis. Automatic analysis will be triggered instantly for most languages. You can also set up the analysis on your CI/CD tool in just a few minutes. From now on, all new pull requests and your main branch will be automatically analyzed. It’s that easy! For more information, we encourage you to check out this additional interactive demo which offers a step-by-step walkthrough of automatic analysis of C and C++ projects! Note that SonarCloud supports all the popular programming languages to ensure that all of your needs are covered.
During the next 14 days, you will have access to SonarCloud’s full features and functionalities. We recommend trying out the the next four steps to learn more and getting familiar with SonarCloud.
Now that you have completed the first analysis, it is time to explore the SonarCloud user interface and dashboard. The SonarCloud dashboard offers a wealth of information. Spend time understanding metrics like Bugs, Vulnerabilities, and Code Smells that help reduce Technical Debt. By familiarizing yourself with these, you can prioritize the issues that need immediate attention.
Quality profiles in SonarCloud are a crucial part of your configuration, as they specify the rules applied during code analysis. Each project can support multiple languages, and SonarCloud automatically selects the appropriate quality profile for each language in that project. To view the defined profiles organized by language, navigate to your organization's Quality Profiles section.
By default, SonarCloud includes a built-in quality profile for each supported language, referred to as the Sonar way profile (indicated with the "BUILT-IN" tag). This profile activates a set of rules suitable for most projects. Quality Gates are another powerful feature in SonarCloud, allowing you to define criteria that your code must meet before it's merged or released. During your trial, set up a Quality Gate and adjust its criteria to match your objectives. In SonarCloud, code quality and security standards are enforced through quality gates.
After analysis, the quality gate takes the resulting metrics and compares them to its defined thresholds to determine if the code meets the requirements for release or merge. Every organization has the built-in Sonar way Quality Gate set as the default that is suitable for most projects. If there are cases where you may want to make adjustments, you can create a new quality gate definition and make it available to projects in the organization or set it as the default for all new projects. To create a new quality gate definition in an organization, you must be an administrator of that organization.
While running an analysis, SonarCloud raises an issue every time a section of code breaks a coding rule. The set of coding rules is defined through the associated quality profile for each language in the project. Instead of just skimming through the reported issues, dive deep. Understand why a particular piece of code is flagged, learn from the explanations provided, and apply the recommendations. It's an educational journey that will improve your coding skills. To see an example of how Learn as You Code is implemented within SonarCloud, check out our interactive demo.
One of SonarCloud's standout features is Pull Request (PR) analysis. Test this feature by creating a PR in your repository. This ensures that every piece of code introduced is analyzed before merging, making your main branch more resilient. SonarCloud decorates the pull request interface of the repository service (GitHub and others), providing the results of its code analysis on the PR branch right in the interface and granting or denying approval of the pull request depending on quality gate criteria. In effect, this augments human code review with automatic code review.
Here are some of our recommendations to ensure that you are taking advantage of SonarCloud has to offer these next two weeks:
This doesn’t have to be a party for one! With SonarCloud, you can add an unlimited number of users to your private organization, even during your trial period. Membership of an organization is managed on the Members page. This is a great way to test SonarCloud for its team benefits.
SonarCloud offers tutorials covering many of the tool’s core concepts - Clean as You Code, New vs Overall Code, Quality Gates, and Pull Requests. These lessons will help you understand the core concepts behind SonarCloud, enabling you to get the most out of the product. To start these tutorials, click on the question mark in the navigation and click on “Core Concepts.”
Add the SonarLint extension to your favorite IDE and find code issues on the fly. SonarCloud rules and analysis settings synchronize to SonarLint, aligning teams around a single standard of Clean Code.
To recap, at a high level, during your SonarCloud trial, you can expect the following:
- The ability to analyze both public and private projects. If you only want to analyze public projects, you do not need to start a trial, as this is always free
- The ability to add unlimited members to your free or private organizations
- Access to all SonarCloud features and functionalities
- In-product tutorials and notifications that cover key concepts
- Coverage for all the popular programming languages
- Email notifications for when your credit card will be charged so that you can cancel at any time
- SonarLint IDE integration
- Community Support
- And more!
What are you waiting for? SonarCloud helps you consistently deliver cleaner, safer software that future developers will appreciate and your users will love, and getting started with your private and public projects couldn’t be easier! Visit the SonarCloud Sign Up page to create your free SonarCloud account through your preferred DevOps platform and start your 14-day trial. In no time, you’ll be writing clean, issue-free code that’s ready for production!