What is SonarQube used for ?
SonarQube is one of the most popular static code analysis tool which is used to identify and report issues in software code. It can be integrated with ci cd tools like Jenkins to automatically check the code during integration and build process.
Here are some of the 7 types of code issues that SonarQube can check:
SonarQube can analyze code quality based on various metrics such as code complexity, maintainability, and readability. It can identify issues like code duplication, long methods, and high cyclomatic complexity.
SonarQube can detect common security vulnerabilities such as SQL injection, cross-site scripting (XSS) and buffer overflow errors.
SonarQube can check the percentage of code that is covered by automated tests and highlight areas of code that are not being tested adequately.
SonarQube can analyze code against coding standards such as the MISRA C/C++ guidelines or the CERT coding standard and report on any violations.
SonarQube can detect potential bugs such as null pointer exceptions, unused variables and uninitialized variables.
SonarQube can check for the presence and quality of code documentation such as Javadoc comments.
Architecture and design
SonarQube can analyze code for adherence to architectural and design principles such as SOLID principles and the Law of Demeter.