-
Coding Continuous Delivery
Static code analysis with SonarQube and deployment on Kubernetes et AL. with the Jenkins pipeline plugin.
-
Smart, Metrics-Based Release Management
See how SonarQube quality gate metrics in JFrog Artifactory help you make smart decisions for build and release management giving you more control over your CI/CD pipeline.
-
Technical debt: A practical approach
The term technical debt is not something that started appearing in the web recently,it's the result of any decision that you make in software development that has a visible result and a secondary not-so-visible effect.
-
Bitbucket Cloud Dev Week wrap up
A look inside the Bitbucket Cloud Dev Week in which some of our developers were invited to work on the integration between Bitbucket Cloud and SonarCloud.
-
SonarQube scanning in 15 Minutes
Because it's been a minute since a SonarQube tutorial was posted, check out this updated rundown on how to scan in about 15 minutes.
-
SonarSource Releases Full Integration of SonarCloud and VSTS
We are proud to announce our new SonarCloud extension for VSTS, which provides the full integration of SonarCloud, including automatic analysis and decoration of pull requests, keeping problems out of your source code before they get merged.
-
Why SonarQube is important for IT projects?
Software delivery is so important for us and we should deliver the software with clean code, without code duplication, less code complexity and without any potential bugs.
-
Getting started with SonarQube and SonarLint
Over the years, software has grown in size and complexity. As the number of lines in our code grows, the quality of the code being written usually suffers.
-
DevOps with container-based delivery Pipelines
A real-world pipeline for automating delivery of a containerized Java EE app to the cloud with a Jenkins-based toolchain
-
How to analyze your open source project with SonarCloud and VSTS
Among the code analysis tools, there is SonarQube which I think no longer needs introductions and which has very good tools to integrate in your DevOps pipelines.
-
Setting up SonarCloud
In the episode, we will setup SonarCloud. SonarCloud is a quality analyzer tool that I use to ensure that my code is the best I can make it.
-
Continuous Integration in Pipeline
Here we discuss the setup for a Continuous integration pipeline. This is for mavenized Spring boot build with JaCoCo coverage reports and SonarQube metrics.
-
Unifying multi-platform DevOps
Compuware and SonarSource today released new integrations that empower enterprise DevOps teams to accurately track and validate code coverage of COBOL application testing—with the same ease and employing the same processes—as they do with Java and other more mainstream code.
-
New price plans for SonarQube and SonarCloud
This month SonarSource has quietly introduced new price plans and it’s actually a good thing. Beginning with SonarQube, the free edition remains the same, but the teams (prof) edition and enterprise grade edition are replaced by a new pricing model.
-
Forrester Wave Static Application Security Testing
SonarSource has been listed as one of the main players in the Forrester Wave for Static Application Security Testing 2017.
-
SonarLint Visual Studio Extension / C# Linter
I try to improve the code as I work, a careful balancing act where I do my best not to impact productivity by spending too much time on refactoring and reformatting.
-
Rejecting code check-in when Quality Gates aren't met
The earlier we identify issues, the easier and cheaper it is to address them. By leveraging the power of Static Code Analysis, developers can get an early feedback for their code changes.
-
Scout out code problems with SonarQube
By continually analyzing code for potential quality concerns, the open source SonarQube project supports a DevOps "release early and release often" mindset.
-
Code Analysis as a Service with SonarCloud
Measuring code quality (and of course acting on it!) is a vital part of software development that helps you to keep Technical Debt low and the ability to make changes quickly and with quality high.
-
SonarLint integration with Developer for z Systems
Starting with v14.0.0.5, IBM Developer for z Systems (IDz) supports SonarLint v3.2.0 and above on-the-fly feedback to developers regarding bugs and quality issues in their host COBOL and PLI code.
-
How to improve your workflow with SonarQube?
It is likely that you also have faced this kind of situation. So wouldn’t be great to have a tool that helps you to detect them at an earlier stage? SonarQube makes this possible. In this post, you’ll learn how it helps you in clean your code and prevent future issues.
-
SonarQube and ReactJS, the right way
This article is showing you how to use SonarQube with ReactJS and its JSX files. I will use both SonarQube JavaScript plugin and the additional plugin Sonar EsLint plugin.
-
SonarLint a free static analysis tool for C#, VB.Net, Java, JS, php and Python
It’s great to see the things that people are building now that the C# compiler is open source. SonarLint is not intrusive and there's also some slight humour in the way it reports code related issues.
-
SonarQube Hidden Gem
SonarQube is an open source quality management software that analyzes and measures the technical quality of project portfolio to a method which essentially means that it helps analyze the quality of our source code.
-
Delivery pipelines, with Jenkins 2, SonarQube, and Artifactory
Continuous Delivery and DevOps are well known and widely spread practices nowadays. DevOps enabler tools covered in this article are Jenkins, SonarQube, and Artifactory.
-
Continuous delivery, Gradle with Artifactory and SonarQube integration
When playing around with the concepts of Continuous Integration/Delivery/Deployment I struggled over Gradle builds and how to integrate them in these concepts.
-
Buy in SonarQube as a quality gate for test automation
SonarQube is widely used as code quality management tool for various projects, providing the functionality to track and improve the quality of the source code. Such functions can also be employed in Test Automation.
-
Continuous Code Quality Inspection with SonarQube
There are many ways that static code analysis can help to speed software delivery. Vishwas Parameshwarappa introduces a popular Code-quality inspection tool, SonarQube, and takes you through the basics of using it with C# and Java.
-
$45 Million USD to accelerate growth
Today it was confirmed that Insight Venture Partners, the leading global private equity firm, has invested $45m in SonarSource for a minority equity position.
-
The DevOps Platform
The DevOps Platform (aka ADOP) is an integration of open source tools that is designed to provide the capability to perform continuous delivery.
-
Benefits of using SonarQube
Kokab Sami from Vizteck Solutions describes SonarQube’s part in their continuous integration process as well as the benefits they get out of tool for managing code reviews.
-
Oracle SOA Suite Code Quality
Maarten Smeets, a Senior Oracle Integration Consultant and an ACE associate describes a minimal effort setup for performing code quality checks in SOA Suite, using Jenkins 2.9, SonarQube 5.6 and the SonarQube XML Plugin 1.4.1.
-
Streamlining eero’s Android Build Process
How we catch bugs early and improve team communication! Jordan Jozwiak from eero describes their automated build process and SonarQube is a big part of it!
-
SonarSource City Tour London 2016
Our City Tour 2016 kicked off on May 25 in London and the first blog reviews are already out! Dan Cutting from Livedrive and the Bald Keyboardist Vassilis share their impressions and feedback.
-
Use SonarQube as an automatic pull request reviewer
Viktor Sadovnikov describes the process of updating code and the whole continuous integration environment at Container Solutions, referring to it as an ideal world. In their setup, SonarQube just happens to be part of that ideal world.
-
Ansible role for SonarQube upgrades
Priit Liivak, Partner and Head of Engineering at Nortal, found that it took too long to upgrade SonarQube, so he decided to automate the process. Read all about it in the Nortal Tech Blog.
-
How to build quality into your software development workflow
Sandeep Chouksey, VP of Engineering at Shutterstock shares their journey towards high quality software releases, emphasizing the need for quality in every step of the development process.
-
Integrating SonarQube with Bitbucket and Bamboo
Siddhant Gogri’s article on Addteq’s blog describes how to set up SonarQube, Bitbucket and Bamboo in order to get automated feedback on code quality issues.
-
Are you buying quality software?
This article by Jérôme Loisel, CEO & Founder of Octoperf.com, discusses the importance of writing clean code and exposes their internal SonarQube metrics.
-
Open sourcing the Accenture DevOps Platform
This article by Martin Croker, resposible for Accenture's DevOps capability, discusses how they open-sourced the Accenture DevOps Platform (ADOP) that had proven to be a great catalyst for its DevOps transformation.
-
Continuous Code Reviews & Quality Releases
KonyLabs’ Aravind Kashyap shares his thoughts on how to create a continuous code review process using different tools, including SonarQube.
-
Enable Agile Delivery of Quality COBOL Code
We are happy to team up with Compuware, integrating SonarLint® into Compuware Topaz® Workbench to together help large enterprises protect and increase the long-term value of their mainframe applications.
-
Android Developers Code Review with SonarQube
François-Xavier Beuvry provides a detailed tutorial for analyzing Android applications with SonarQube and the Android Lint plugin.
-
Visual Studio 2015, Team Foundation Server 2015 Updated
Microsoft announces RC 1 update to TFS 2015 and VSO 2015 and improved SonarQube integration is one of the highlights!
-
An Intro to CSS Testing with SonarQube
David Racodon provides an overview of how SonarQube checks for code quality for CSS among other languages. The article includes links to the demo as well as the free download.
-
Automatic Code Review-PartII
SCM-Manager Universe team looks at configuration and implementation of automated code review systems that you can set up to check your code for compliance with metrics and rules.
-
Automatic Code Review-PartI
SCM-Manager Universe team looks at configuration and implementation of automated code review systems that you can set up to check your code for compliance with metrics and rules.
-
The Maven build task now simplifies SonarQube analysis
Jean-Marc Prieur from Microsoft announces and demonstrates an updated Maven task that triggers a SonarQube analysis in Visual Studio Online (VSO) and soon in Team Foundation Server (TFS) 2015.
-
.NET Analyzer Package Round-up
The keynote video from the VS 2015 Final Release event, titled ‘Any app, Any developer’ provides a demo-packed overview to get you started with Visual Studio 2015, .NET 4.6 and Visual Studio Online. Brian Harry also touches on how to tackle technical debt with SonarQube, which is now getting deeply integrated with TFS and VS Online.
-
Important changes to Gradle SonarQube support
This forum post shares details on the latest Gradle release as well as the new plugin developed by the SonarSource team to help Gradle users leverage the SonarQube platform.
-
Integrating SonarQube and Reporting Services
A practical guide by Vinicius Moura for integrating the SonarQube platform with the Reporting Services installed on TFS 2013. It outlines the steps to merge Sonar’s Code Quality metrics and TFS’s Work Item metrics resulting in a single report which incorporates all relevant information.
-
Unit And Integration Test Reports For Maven Projects In SonarQube
This blog by Sandra Parsick describes how to generate test reports for for unit and integration testing during a Maven build for the SonarQube server with the help of Jacoco Maven plugin.
-
Announcing SonarQube integration with MSBuild and Team Build
In his blog about technical debt management, Microsoft’s Stuart Kent shares the details about the SonarQube / Microsoft build technologies integration. The blog includes a link to the SonarQube Installation Guide for Existing TFS Environment.
-
Reducing Technical Debt with SonarQube and Visual Studio
A post about the presentation for the SonarQube / Microsoft integration at the Microsoft Build last week concentrating on reducing technical debt.
-
Visual Studio and Team Foundation Server at Build 2015
Brian Harry discusses VS and TFS updates and releases as well as new features, dedicating a section of his blog to TFS/SonarQube integration.
-
Managing Technical Debt with SonarQube (video)
In this video talk from last year’s JEEConf in Kiev, speaker Patroklos Papapetrou shows how to manage technical debt with SonarQube. The talk discusses code quality factors, SonarQube’s core ideas and main features.
-
An Introduction to SonarQube
This blog gives an overview of SonarQube as a software quality tool and provides the link to the setup documentation as well as tips on how to use it to assess all the seven axes of code quality.
-
Setting up SonarQube for a Grails project
This blog post by Hussain Fakhruddin, Head of Engineering at Safarna / Cobone, guides you through the process of configuring SonarQube for analyzing your Grails project.
-
Managing JavaScript Test Coverage with SonarQube
Akquinet, a German company specialized in business process optimization, demonstrates in this blog post how you can bring code quality analysis to your JavaScript code with SonarQube, Maven, Karma and gulp.
-
Refactoring with the SQALE plugin (Part II)
Author Jean-Pierre Fayolle uses the out of the box functionality of the SonarQube Quality Profile and the SQALE plugin to estimate the cost of refactoring a Legacy application.
-
Refactoring with the SQALE plugin (Part I)
Author Jean-Pierre Fayolle uses the out of the box functionality of the SonarQube Quality Profile and the SQALE plugin to estimate the cost of refactoring a Legacy application.
-
Sniff out code smells in Android
William J. Francis, specialized in embedded and mobile platforms, provides a tutorial on using SonarQube to find code smells and implement coding best practices for developers.
-
Integrating SonarQube Metrics into a TFS build
Andy-B-Dev, a developer from Leeds UK provides his approach and a detailed overview of the required steps to integrate SonarQube metrics into a TFS build.
-
SonarQube As An Education Platform
Patroklos Papapetrou, co-Author of the “SonarQube in Action” book, talks about educating developers leveraging SonarQube’s coding rules and the easy-to-use coding review mechanism.
-
Code Coverage of Individual Tests with JaCoCo
This post by Jorge Hildago explains how to enable SonarQube to gather test code coverage metrics of individual tests.
-
Developer’s Guide to Static Code Analysis
This wise developer’s guide to static code analysis is presented by RebelLabs and features SonarQube amongst other tools.
-
PL/SQL Analysis with SonarQube
A series of posts from configuring a PL/SQL analysis to activating the right set of coding rules.
-
Creating SonarQube Projects
SonarQube (nee Sonar) is da bomb. It’s not something you have to check daily but if you’re serious about quality you’ll check it during sprint planning if not weekly.
-
Checking your Code in Eclipse (Part II)
Here are two blog posts to guide you through the whole SonarQube process installation and configuration of the platform, analysis of your source code and integration in Eclipse.
-
Checking your Code in Eclipse (Part I)
Here are two blog posts to guide you through the whole SonarQube process- installation and configuration of the platform, analysis of your source code and integration in Eclipse.
-
Why SonarQube, from Mohammad Nadeem
What makes Sonar really stand out is that it not only provides metrics and statistics about your code but translates these nondescript values to real business values such as risk and technical debt. Sonar not only addresses to core developers and programmers but to project managers and even higher managerial levels as well, due to the management aspect it offers.
-
Tracking and Improving Software Quality
Watch Patroklos Papapetrou discussing Tracking and Improving Software Quality with Sonar at Øredev 2013.
-
Switch Off Legacy Code Violations in SonarQube
While I don’t believe in putting numbers on source code quality, SonarQube (formerly known as Sonar) can be a really useful tool during development. It enforces a consistent style across your team, has discovered several possible bugs for me and is a great tool to learn You can browse the violations and see why a certain expression or code block can be a problem.
-
Maven, failsafe, sonar and jacoco are in a boat
Yesterday I wanted to setup the code coverage in our sonar instance for integration tests launched using the failsafe plugin of Apache Maven. The awaited result in sonar is something like this.
-
5 tools to help you write better Java Code
In this article we will be taking a look at the 5 most used tools that we use at IDR Solutions and how it can help Java Developers write better code.
-
Integrate SonarQube into a DevOps environment
Learn how to integrate a static code analysis tool using the IBM SmartCloud Continuous Delivery Solution. This article also shows how to integrate SonarQube into a DevOps environment to obtain the feedback from the static analysis tool. Code quality is improved and your project is managed better.
-
On Software Entropy by KIXEYE
Entropy is defined as a measure of the number of specific ways in which a system may be arranged. The higher the entropy, the greater the disorder. As stated by the second law of thermodynamics, the entropy of a closed system never decreases, it can only remain unchanged or increase. Locally, this entropy can be lowered by external action. Life is a great example of this.
-
Java Tech Journal Interview of Olivier Gaudin
Continuous Inspection is the ability to continuously manage the technical debt of an application, to maximize its level of maintainability. Doing Continuous Inspection will support the resolution of issues such as ‘any change or addition to source code should be covered by unit tests’, ‘code should not be duplicated’ or ‘no new cycle dependencies should be introduced’.
-
Natixis Minimizes its Technical Debt
There is no recognized standard for software quality metrics. SQALE is a method to optimize the quality of the information system. Natixis relied on SQALE code analysis by free software Sonar. Even if we use Cast when appropriate, the cost of this product is not compatible with a generalization of the method in the company while Sonar is enough in general, says Bernard Nailly.
-
Thoughtworks Technology Radar
Measuring software internal quality is still a mystery, even though many source code metrics have been around for years. The problem with those metrics is they usually only capture one aspect of quality. Sonar is an integrated tool for checking, tracking and visualizing those metrics. It not only combines metrics together, but also mixes them with historical measures, giving us a better insight into the internal quality of the codebase.
-
Methods & Tools using Sonar
This article explains the concepts behind Sonar and how to use it, written by the SonarSource co-founders Olivier Gaudin and Freddy Mallet.
- Why Us
- Products
- Plans and Pricing
- Customers
- Resources
- Company
- Blog
