Sonar is an open source platform to manage source code quality:
"You Can't Manage What You Don't Measure" and you need to see and manage your measurements - and this is what Sonar does.
Sonar collects and analyzes source code, measuring quality and providing reports for your projects. It combines static and dynamic analysis tools and enables quality to be measured continuously over time. Everything that affects our code base, from minor styling details to critical design errors, is inspected and evaluated by SonarQube, thereby enabling developers to access and track code analysis data ranging from styling errors, potential bugs, and code defects to design inefficiencies, code duplication, lack of test coverage, and excess complexity.
Sonar is a continuous inspection dashboard tool that measures source code quality across 7 axes
Its biggest value is the dashboard view of source code quality - pulling data from existing tools like CPPcheck, coverity, unit test reports: code coverage and number of passed/failed/run tests, CVE vulnerability reports.
Sonar makes source code quality management accessible to everyone with minimal effort - both developer, project managers, and management. It not only provides metrics and statistics about your code but translates these nondescript values to real business values such as risk and technical debt.
It supports many programming languages natively - and via plugins.
WIBNI (wouldn't it be nice if) we had a dashboard that showed source code quality in one place:
This comment from a review captures this well: "SonarQube is not valuable because of the information it gives it. We can gather that same information from several other tools as well. It is the way the information is presented that makes it so powerful. It provides a holistic picture of all quality issues in a software project. With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas"
Sonar allows us to define Quality Gates: the set of conditions the project must meet before it can be released into production e.g. defects, coverage, documented APIs etc...
Sonar reports can give a reliable predictor of software issues in test or with the customer.
Anyone who's written software can tell you that the more complex or more defects are in the source code, the more likely the software is going to have issues in test or with the customer.
The tools support showing various measurements over time to indicate trends
One of the 7 code quality axes that Sonar measures is "Design and architecture—minimize dependencies"
Sonar supports many of these metrics out of the box - and the others via plugins (Architect, Explorer).
For background on these metrics, see https://www.infoq.com/articles/measuring-architecture-sustainability is a good article that shows how architecture sustainability can me measured. Software Quality Basics part 1 and part 2 gives a good description of metrics related to component coupling e.g. Average/Cumulative/Normalized Component Dependency (CCD)
Sonor produces various reports starting at a top level overview, and then allowing to click down to source code file level.
Sonar perspectives can be used to prioritize what software issues to address based on risk and constraints.
|Sonar Code Quality Testing Essentials|