Table of Contents

Copyright

Brief Table of Contents

Table of Contents

Foreword

Preface

Acknowledgments

About this Book

About the Cover Illustration

1. What the numbers are telling you

Chapter 1. An introduction to SonarQube

1.1. Why SonarQube

1.1.1. Proven technologies

1.1.2. Multilingual: SonarQube speaks your language

1.2. Running your first analysis

1.2.1. Installation considerations

1.2.2. Analyzing with SonarQube Runner

1.2.3. Analyzing multilanguage projects

1.2.4. Seeing the output: SonarQube’s front page

1.2.5. Drilling in: the dashboard

1.3. Seven Axes of Quality

1.3.1. Potential bugs and coding rules

1.3.2. Tests

1.3.3. Comments and duplications

1.3.4. Architecture and design

1.3.5. Complexity

1.4. The languages SonarQube covers

1.5. Interface conventions

1.5.1. Hierarchy: packages and classes in a metric drilldown

1.5.2. File details

1.5.3. Trend arrows

1.6. Related plugins

1.6.1. Technical debt

1.6.2. Views

1.7. Summary

Chapter 2. Issues and coding standards

2.1. Looking at your issues

2.2. What issues mean, and why they’re potential problems

2.2.1. Bugs

2.2.2. Potential bugs

2.2.3. Indications of (potential) programmer error

2.2.4. Things that may lead to future programmer error

2.2.5. Inefficiencies

2.2.6. Style inconsistencies (future productivity obstacles)

2.3. Where do issues come from?

2.3.1. Picking a rule profile

2.3.2. Viewing profiles and changing the default

2.4. Related plugins

2.4.1. SCM Activity

2.5. Summary

Chapter 3. Ensuring that your code is doing things right

3.1. Knowing how much of your code is doing things right

3.1.1. Understanding unit-test metrics

3.1.2. Getting reports on unit-test coverage metrics

3.2. Explaining metrics on a file level

3.2.1. Hunting source code lines with low coverage

3.2.2. Finding problems in your unit tests

3.3. Configuring your favorite code-coverage tool

3.3.1. Changing the default selection

3.4. Integration testing

3.4.1. Displaying integration testing coverage on the dashboard

3.4.2. Getting IT information in the source code Coverage tab

3.5. Related plugins

3.6. Summary

Chapter 4. Working with duplicate code

4.1. The hidden cost of duplicate code

4.2. Identifying duplications

4.2.1. Finding your first duplication

4.2.2. Finding duplications on a larger scale

4.2.3. SonarQube’s duplication metrics

4.2.4. Drilling in: from the duplications widget to the Duplications tab

4.3. Realizing the impact of code duplication

4.3.1. The DRY principle: minimizing and eliminating duplications

4.3.2. Duplications vs. size and complexity

4.4. Finding duplications across multiple projects

4.4.1. Turning on cross-project duplication detection

4.4.2. Cross-project duplications in source code tab

4.5. Cleaning up your duplications

4.5.1. Introduction to refactoring patterns

4.5.2. Applying patterns to remove code duplication

4.5.3. Time for a new commons library?

4.6. Related plugins

4.7. Summary

Chapter 5. Optimizing source code documentation

5.1. To document or not?

5.2. Even commenting has its own metrics

5.2.1. How SonarQube calculates metrics

5.2.2. What the numbers are telling you

5.3. Identifying undocumented code

5.3.1. Finding files to improve documentation

5.3.2. Viewing the generic tab in the source code viewer

5.4. Simplifying your documentation strategy

5.4.1. Picking a documentation tool

5.4.2. Defining a straightforward process

5.5. Related plugins

5.5.1. Widget Lab

5.5.2. Doxygen

5.6. Summary

Chapter 6. Keeping your source code files elegant

6.1. Keeping complexity low

6.1.1. Hunting those huge files

6.1.2. Complexity: what it looks like and how to fix it

6.2. Lack of Cohesion of Methods: files that do too much

6.2.1. Getting reports about the LCOM metric

6.2.2. Counting responsibilities

6.2.3. Refactoring for fewer responsibilities

6.3. RFC and couplings: classes with too many friends

6.3.1. Response for Class

6.3.2. Couplings

6.4. Summary

Chapter 7. Improving your application design

7.1. Layering your code

7.1.1. Looking at dashboard widgets

7.1.2. Understanding cycles and unwanted dependencies

7.1.3. Moving from project to package level

7.2. Discovering dependencies and eliminating cycles

7.2.1. Navigating the Dependency Structure Matrix

7.2.2. How the DSM works

7.2.3. Identifying cycles

7.2.4. Library management for Mavenites

7.2.5. Browsing the library-dependency tree

7.2.6. Who uses this library

7.3. Defining your architectural rule set

7.4. Summary

2. Settling in with SonarQube

Chapter 8. Planning a strategy and expanding your insight

8.1. Planning your strategy

8.1.1. Picking a metric

8.1.2. Holding your ground

8.1.3. Moving the goal posts

8.1.4. Boy Scout approach: leave the class better than you found it

8.1.5. SonarQube time: worst first

8.1.6. Re-architect

8.1.7. The end game

8.2. History and trending

8.2.1. Time Machine

8.2.2. Events and database cleanup

8.3. Everything’s a component

8.3.1. Project component view

8.3.2. No package history

8.4. Related plugins

8.4.1. Tab Metrics

8.4.2. Widget Lab

8.5. Summary

Chapter 9. Continuous Inspection with SonarQube

9.1. Introducing Continuous Inspection

9.1.1. What and how?

9.1.2. Life before and after Continuous Inspection

9.1.3. The big picture

9.2. Triggering your analysis with CI

9.2.1. Jenkins setup

9.2.2. Other CI systems

9.2.3. Best practices

9.3. Monitoring quality evolution

9.3.1. Exploring differential views in the project dashboard

9.3.2. Differential views in the issues drilldown

9.3.3. Differential views in the source code viewer

9.3.4. Choosing differential periods

9.3.5. The Compare service

9.4. Related plugins

9.4.1. Cutoff

9.4.2. Build Breaker

9.5. Summary

Chapter 10. Letting SonarQube drive code reviews

10.1. Reviewing code in SonarQube

10.1.1. Issues: a starting point

10.1.2. Confirm, comment, and assign: the simplest workflow options

10.1.3. False positives: sometimes SonarQube gets it wrong

10.1.4. Changing severity: not every issue is that bad

10.1.5. Altering the code to make SonarQube turn a blind eye

10.1.6. Viewing the audit trail

10.2. Creating manual issues: when the rules aren’t enough

10.2.1. Why you would want extra issues

10.2.2. Making manual issues

10.3. Tracking issues

10.3.1. Life cycle of an issue

10.3.2. Tracking squashed issues

10.3.3. Searching issues

10.4. Planning your work with SonarQube’s action plans

10.4.1. Why bother with action plans?

10.4.2. Managing action plans

10.4.3. Using action plans

10.4.4. Tracking action plans

10.5. Structuring a code review

10.5.1. Why: talking about code

10.5.2. Who

10.5.3. When

10.5.4. Where

10.5.5. How

10.6. Related plugins

10.6.1. JIRA

10.6.2. Taglist

10.6.3. Widget Lab

10.7. Summary

Chapter 11. IDE integration

11.1. What’s supported

11.1.1. Generic support

11.1.2. Eclipse support

11.2. Setting up Eclipse integration

11.2.1. Installing the plugin

11.2.2. Configuring the server

11.2.3. Project association

11.3. Working your assigned issues

11.3.1. Finding your assigned issues

11.3.2. Finding and fixing the code

11.4. Running a local analysis

11.5. Related plugins

11.5.1. Issues Report

11.6. Summary

3. Administering and extending

Chapter 12. Security: users, groups, and roles

12.1. Creating users and groups

12.1.1. Managing users

12.1.2. Personalization: what users can manage for themselves

12.1.3. Managing groups

12.2. Roles: who can do what

12.2.1. Project Administrator role

12.2.2. User role

12.2.3. Code Viewer role

12.2.4. Best practices for roles

12.3. System administrators

12.4. Related plugins

12.4.1. LDAP

12.4.2. OpenID

12.4.3. Crowd

12.4.4. PAM

12.5. Summary

Chapter 13. Rule profile administration

13.1. Making your own profile: copy and modify

13.1.1. Copy or start from scratch?

13.1.2. Your first profile edits and their quality implications

13.1.3. Adding rules: how to find them and why you’d want to

13.2. Profile inheritance

13.2.1. Establishing inheritance

13.2.2. Managing the relationship

13.3. Rule editing

13.3.1. Customizing individual rules: editing rule parameters

13.3.2. Cookie-cutter rules: the ones you can duplicate

13.3.3. Extend Description: the rest of the story

13.3.4. Notes: profile-specific records on individual rules

13.4. Alerts: knowing when your metrics have crossed the line

13.5. How to track profile changes

13.5.1. Changelog: who did what, when

13.5.2. Profile versions: when changes go into production

13.5.3. Profile comparison

13.6. Administrative miscellany

13.6.1. Project assignment: which project uses which profile

13.6.2. Profile backup and restoration

13.6.3. Permalinks

13.7. Plugins

13.7.1. Switch Off Violations

13.7.2. Widget Lab

13.8. Summary

Chapter 14. Making SonarQube fit your needs

14.1. Exploring filters

14.1.1. Adding a new filter

14.1.2. Customizing the filter view

14.1.3. Advanced filtering

14.1.4. SonarQube’s default filters

14.2. One size doesn’t fit all: managing global dashboards

14.2.1. Creating your first global dashboard

14.2.2. Customizing your dashboards

14.2.3. Defining default global dashboards

14.3. Getting notified by SonarQube

14.3.1. Activating the notification mechanism

14.3.2. Subscribing to event types

14.4. Adjusting global settings

14.4.1. Database cleaner

14.4.2. General

14.4.3. Localization

14.4.4. Server ID

14.5. Housekeeping

14.5.1. Backing up your SonarQube configuration

14.5.2. Working with the update center

14.6. Summary

Chapter 15. Managing your projects

15.1. Working with project dashboards

15.2. Adopting Continuous Inspection more quickly

15.2.1. Assigning quality profiles

15.2.2. Defining your own metrics

15.2.3. Excluding source code from analysis

15.2.4. Understanding versions, snapshots, and events

15.3. Exploring the rest of the project configuration

15.3.1. Changing permissions

15.3.2. Setting project links

15.3.3. Modifying the project key

15.3.4. Deleting projects

15.3.5. Miscellaneous settings

15.4. Summary

Chapter 16. Writing your own plugin

16.1. Understanding SonarQube’s architecture

16.2. Implementing the Redmine plugin

16.2.1. Creating the plugin Maven project

16.2.2. Defining the plugin’s available configuration

16.2.3. Describing the metrics: what you’ll calculate and store

16.2.4. Implementing your analyzer with a sensor

16.2.5. Creating your first widget

16.2.6. Supporting internationalization

16.2.7. A decorator example

16.3. Adding support for new programming languages

16.4. Summary

Appendix A. Installation and setup

A.1. Preparing for installation

A.1.1. Verifying Java

A.1.2. Database setup

A.2. Installing SonarQube

A.2.1. Ubuntu

A.2.2. Windows 7

A.2.3. Configuring SonarQube: Windows 7 and Ubuntu

A.2.4. Turning it on

A.2.5. Default admin account

A.3. Upgrading

A.3.1. Ubuntu

A.3.2. Windows 7

Appendix B. Analysis

B.1. Analyzing with SonarQube Runner

B.1.1. Install: Windows 7

B.1.2. Install: Ubuntu

B.1.3. Verify and configure : Ubuntu and Windows 7

B.1.4. Analyze

B.1.5. Multi-module projects

B.2. Analyzing with Maven

B.2.1. Setup

B.2.2. First analysis

B.2.3. Multi-module

B.3. Analyzing with Ant

B.4. Analysis properties

Index

List of Figures

List of Tables

List of Listings

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.123.34