How to make it all work together?
From coding to the promotion of your build, SonarSource products will support the entire software development life cycle to manage code quality, reduce risk and ultimately deliver better software.
Fix issues before they exist.
The best way to not have to deal with quality issues is to not inject them in the first place. This is SonarLint’s primary mission. Available as an extension to IDEs, it provides on-the-fly feedback to developers on new bugs and quality issues.
Combine automatic and manual code reviews on pull requests to enable an educated merge.
Pull requests are the best place to do code review, because they are created when a feature is complete but not yet merged into the master branch. The Pull Request Analyzer will run an automated code analysis and provide the results directly in the pull request along with any other reviews, that occured, allowing the person in charge of merging to make the most educated decision.
SonarQube is the toll-gate for code promotion to test and production environments.
The Quality Gate is a major, out-of-the box feature of SonarQube. It provides the ability to know at every analysis whether an application passes or fails the release criteria. In other words it tells you at every analysis whether an application is ready for production “quality-wise”. This will therefore be used by devOps as the gate keeper before promoting artifacts.
SonarQube acts as a radiator on risks for maintainability, reliability and security.
Organizations’ senior management must be able to assess risks associated with their applications. This ability comes with the governance product in the enterprise package along with the consolidation of projects into a structured portfolio of applications.