Category Archives: Sonar

SonarQube upgrade

Upgrade SonarQubeIt’s been a long time since I updated my SonarQube environment. Six months or more, I’m still in version 4.2, while the latest version is a 4.5.1 LTS (Long Term Support). Therefore a good candidate for installation.

This article Walking the Tightrope: Balancing Agility and Stability on the blog SonarSource describes the aims and objectives of such a version. This 4.5.1 release not only offers corrections but also many changes and new features.

This is not the first post I write about a SonarQube upgrade, you will find them all together under this part SonarQube – Installation on my blog. This article will be more concise, with referrals to these previous and detailed posts, when needed. Continue reading

PL/SQL analysis with SonarQube – Evaluating the quality (3/3)

PLSQL_TechnicalDebtLast post in our series on the analysis of the quality of PL/SQL code with SonarQube.

Assessing the quality of an application is not just doing a code analysis: anyone can do that. The work of a Quality consultant is based on answering the following questions: what, why, how, how much.

  • What: analyze the results. Size, complexity and duplications, this is what we have seen in our previous posts. We examine the overall figures but also the average and the variance, as well as trends over time when there are several versions. Then we look at the main violations of best practices, focusing primarily on Blockers and Criticals.
  • Why these results: investigating the causes of the analyzed measures, searching for the origin of the results.
  • How to remedy: propose a plan of action. In fact, make several proposals. We shall see below that I propose different plans for the short, medium and long term.
  • How much it costs : assessing the cost of each plan. Continue reading

PL/SQL analysis with SonarQube – Evaluating the quality (2/3)

PLSQLEva2Sorry to keep you waiting for the following of this series on PL/SQL code and SonarQube, but I was pretty busy between, work and my laptop who suddenly decided to abandon me, of course invoking the Murphy’s law to justify breaking down at the worst time.

In the previous posts: after configuring an analysis of PL/SQL code with SonarQube, we defined our own Quality Profile by directing Blockers and Criticals rules on robustness, performance and security. What looks like our dashboard now?

Continue reading

PL/SQL analysis with SonarQube – Evaluating the quality (1/3)

PLSQL_EvaluationQualité1A post as a synthesis for this series on the analysis of PL/SQL code with SonarQube.

After configuring our analysis with Jenkins, we launched it and found 17 Blockers but zero critical defects (Criticals) with the default SonarQube Quality Profile. In fact, the 5 existing Critical rules were disabled and some other rules of different criticalities too: 58 out of 132.
Continue reading

PL/SQL analysis with SonarQube – Criticals

PLSQL_CriticalIn the previous post in this series on the analysis of PL/SQL code with SonarQube, we reviewed the existing Blockers rules in our Quality Profile.

We found three violations of PL/SQL programming best practices whose consequences are so significant that no tolerance can be allowed for them. Which therefore justifies their status of blockers.

We also found a total of 18 defects for these 3 rules, so with this rather low number, let’s assume that these rules are known by the project team.

Finally, these defects have resulted in a logical bug in the application an operation that will never be performed because the corresponding condition will never be met or even a possible crash. Continue reading

PL/SQL analysis with SonarQube – Blockers

PLSQL_BlockersCriticalIn the previous post, we have seen how to create our own PL/SQL Quality Profile activating all the 132 existing rules in the SonarQube default profile. Now, we can relaunch the analysis initiated earlier.

This way, I will be able to work with all the rules existing in the PL/SQL profile and select the ones that I want to use in order to create a PL/SQL dashboard for my demo environment. Continue reading

PL/SQL analysis with SonarQube – The PL/SQL Quality Profile

SonarQubePLSQL3After configuring our first PL/SQL analysis from Jenkins, we launched it, so we can now look at the results in the SonarQube dashboard.

This will be an opportunity to discuss and explain, in our next posts, the PL/SQL best practices proposed by SonarQube. But first, let’s have a look at the rules we get with the SonarQube PL/SQL Quality Profile. Continue reading

PL/SQL analysis with SonarQube – Configuration

SonarQubePLSQL2In the first post of this new series about analysis of PL/SQL code with SonarQube, we have seen how I organize my analysis environment, with:

  • a folder C:\SRC\ with all my projects,
  • a sub-directory dedicated to each project,
  • different other sub-directories, including one ‘..\Source’ containing the source code to be analyzed.

In the case of our PL/SQL analysis, this will therefoe be placed in the folder ’C:\SRC\Demo\PLSQL\Source’.

Let’s see no how to create and configure a SonarQube analysis of this code, with Jenkins. Continue reading