For example, you can use the CodeAnalyzer plugin to measure cyclomatic complexity. SonarQube can also be extended by using plugins. Since SonarQube is open source, it can easily be integrated right into your CI/CD process, which will enable continuous inspection of code for bugs, vulnerabilities, and smells, and can be extended. SonarQube is a big step toward automating development operations (DevOps) as it enables continuous code inspection that will improve code quality and ensures clean code. SonarQube is a service that can scan code in 25+ languages and identify smells, vulnerabilities, and bugs. Imagine a tool that can help you define custom rules, in addition to the common code smell patterns, externalize these rules and have the flexibility to apply them to the code at the project level, department level, or at the enterprise level…Meet: SonarQube. Though, it can be daunting to manually find code smells in every code review.
When conducting a code review, a big part of what you’re doing is identifying smells.Ĭode smells are common knowledge these days and there are many resources available to identify code smells. To avoid this, code reviews should be conducted, but be aware that reviews are also subjective and bugs can slip through the cracks. If you have tests that don’t cover critical pieces of code, then you may end up with many false positives leading to compromised code quality. As the ultimate value of CI/CD will depend on code quality, and having continuously good code quality.
However, the effectiveness of CI/CD will largely depend on how well tests are written, how extensive they are, and how subjective they are. Of course for this strategy to work, test driven development (TDD) has to be practiced and automated tests have to be written religiously for every piece of code.
But if we fortify the code with tests to ensure every piece of code is covered by these tests, then we can be reasonably confident that the code the developer checks in does not break the larger code. The idea that code is deployed continuously even before it is QA’ed, seems like a significant risk to some. As CI/CD catches problems as soon as the source code is checked in, this puts the onus on developers to write code that is efficient and bug-free, thus making them accountable for their code. The reason that CI/CD works is that code is built, tests are run and code is deployed as soon as the code is checked in. Organizations that embrace continuous integration and continuous delivery (CI/CD) reap enormous benefits when rolling out their products - if you’re new to the subject, you can read more about CI/CD here. NET Core Code Quality with Coverlet and SonarQube