1. SonarQube
Taking control of the code quality
www.geant.org
Omar Qouqas, Stefan Kelm, Michael Baierlein
WP9 T2
Webinar, December 4th 2019
Public / Confidential / Restricted
2. 2 www.geant.org
Ever thought about?
• Software Engineer
“Is the code still easy to maintain after my latest
enhancements?”
• Software Tester
“Is there an intelligent way to prove that the new code
won’t harm the complete system?”
3. 3 www.geant.org
Does it ring a bell?
• Scrum Master
“How much time is wasted to get a new developer on
board”
• Project Manager
“Is my service secure enough to pass the PLM quality
gate?”
4. 4 www.geant.org
Goals
• Is there an easy way to check and track the quality of my
software?
• How can SonarQube help me?
• Is it easy to apply?
• Is there somebody who can support me?
5. 5 www.geant.org
SonarQube at a glance
• Web-based tool to measure and analyze the quality of
source code
• Usable for any GN4-3 participant
• Many integration options
• Quality Gate
• Measures
• Reliability, Security, Maintainability (with simple “A” to “E” rating)
• Test Coverage, Duplications
• Size, Complexity
• Quality Profiles
6. 6 www.geant.org
4 simple steps...
• Add your project to SonarQube
• Prepare SonarQube scanner
• Let SonarQube assess your project
• Analyze the results
9. 9 www.geant.org
SonarQube setup Summary report Detailed report Quality gate
SonarQube setup assistance x
Standard SonarQube review x x x
SonarQube-based expert review x x x x
Extended review x x Optional
WP9 T2 review services
10. 10 www.geant.org
What we have learned
• GÉANT provides a great tool for its development
community
• SonarQube checks and tracks the quality of my software
• 4 simple steps
• WP9T2 offers a variety of assessment services
11. 11 www.geant.org
Resources
• Links
• WP9 T2 information about SonarQube
• SonarQube - official user documentation
• Software Review Requests
• Contacts
• Marcin Wolski
• Michael Baierlein
• Slack: sonarqube-code-review
GEANT currently provides a range of services and tools to support software
development. These tools are now accessible to the whole GEANT community
through federated authentication and authorization
Together the tools form a technology stack which supports the full devel-
opment life-cycle
- from requirements management via issue/task management (Jira, GitLab)
to source code repository (BitBucket),
through continuous integration and deployment service (Bamboo) to continous quality inspection.
There is an ongoing work aimed to deploy and adopt a new tool, named whitesource, to facilitate the software IPR management in GEANT.