Static Code Analysis:
Static code analysis is a method of analyzing or examining the computer programming code against code and compliance standards without executing the code. The purpose of Static code analysis is to improve the code quality by finding the weaknesses, duplication, bugs and vulnerabilities.
It helps the developers to improve their coding standards by avoiding bad code or common mistakes or code smells. Static code analysis is carried out at development phase of the application, so that it helps developers to deliver the code with more quality with in reduction in total number of defects.
There are many static code analysis tools like SonarQube, Findbugs, Code Compare, VeraCode and etc.
SonarQube:
SonarQube is popular open source static analysis tool that supports 20+ programming languages. SonarQube provides report metrics and evaluation graphs. This tool supports integration with all major CI/CD tools like Maven, Ant, Gradle and Jenkins, Hudson Bamboo.
SonarQube allows us to scan different code bases, different programming codes by creating the profiles. User can add own rules as well for scan the code bases.
Installation:
Step 1: Download SonarQube - 6.7.X community edition (LTS) from here
Step 2: Download SonarQube Scanner -3.3 from here
Step 3: Add SonarQube Scanner path "D:\Sonarqube\sonar-scanner-3.3.0\bin" in system path variable.
Step 4: Now we have to specify project key, project name, project version and path of the source files to be scanned in the sonar-scanner.properties file in the sonar-scanner --> conf folder
The after adding the project details the properties file would look like below
Step 5: Start SonarQube, Open command prompt navigate to SonarQube-7.6 --> bin--> Window 64 (as per system OS)-->StartSonar.bat press Enter.
This will take couple of minutes once the SonarQube started, we will is "SonarQube up" message in command prompt.
Step 6: As specified in the sonar-scanner.properties file, open the url "http://localhost:9000/about" in any browser to launch SonarQube. Then we should see SonarQube home as shown in the below screenshot
Static code analysis is a method of analyzing or examining the computer programming code against code and compliance standards without executing the code. The purpose of Static code analysis is to improve the code quality by finding the weaknesses, duplication, bugs and vulnerabilities.
It helps the developers to improve their coding standards by avoiding bad code or common mistakes or code smells. Static code analysis is carried out at development phase of the application, so that it helps developers to deliver the code with more quality with in reduction in total number of defects.
There are many static code analysis tools like SonarQube, Findbugs, Code Compare, VeraCode and etc.
SonarQube:
SonarQube is popular open source static analysis tool that supports 20+ programming languages. SonarQube provides report metrics and evaluation graphs. This tool supports integration with all major CI/CD tools like Maven, Ant, Gradle and Jenkins, Hudson Bamboo.
SonarQube allows us to scan different code bases, different programming codes by creating the profiles. User can add own rules as well for scan the code bases.
Installation:
Step 1: Download SonarQube - 6.7.X community edition (LTS) from here
Step 2: Download SonarQube Scanner -3.3 from here
Step 3: Add SonarQube Scanner path "D:\Sonarqube\sonar-scanner-3.3.0\bin" in system path variable.
Step 4: Now we have to specify project key, project name, project version and path of the source files to be scanned in the sonar-scanner.properties file in the sonar-scanner --> conf folder
The after adding the project details the properties file would look like below
Step 5: Start SonarQube, Open command prompt navigate to SonarQube-7.6 --> bin--> Window 64 (as per system OS)-->StartSonar.bat press Enter.
This will take couple of minutes once the SonarQube started, we will is "SonarQube up" message in command prompt.
Step 6: As specified in the sonar-scanner.properties file, open the url "http://localhost:9000/about" in any browser to launch SonarQube. Then we should see SonarQube home as shown in the below screenshot
This how we we install SonaeQube on a windows machine. In the next post we will see how to scan the source files.
#HappyLearning #HappyTesting #HappyCoding
No comments:
Post a Comment