Code Quality ToolsPowered by

Infaum Educational TechnologyAnju ML

Code Quality Tools

Here we are discussing about two important code quality tools. SonarQube FindBugs

SonarQube

NOTE: Sonar Logo is taken from its official site

SonarQube• Sonar is an open source platform for continuous

inspection of code quality. • Static code Analysis- Java.• It is developed with a main objective in mind: make

code quality management accessible to everyone with minimal effort.

• Sonar provides code analyzers, reporting tools, defects hunting modules and TimeMachine as core functionality.

Sonar- All in one….

NOTE: DRY—Don't Repeat YourselfDon't Repeat Yourself is a programming principle aimed at reducing repetition of code.

NOTE: Above image is taken from its official site

Design and architecture—minimize dependencies

Duplications—isolates and refines duplications, Don't Repeat Yourself

Unit tests—writes unit tests, especially for complex parts of the software

Complexity—equalizes disproportionate distributed complexity among components; eliminates complexity if possible

Potential bugs—eliminate code violations to prevent vulnerabilities

Coding standards—respect coding standards and follow best practices

Documentation and comments—provide documentation especially for the Public API, the source code

How does Sonar work?

Sonar is made of simple and flexible architecture that consists of three components:

A set of source code analyzers analyzers that are grouped in a maven plugin and are triggered on demand. The analyzers use configuration which is stored in the database.

A database to not only store the results of analysis, projects and global configuration but also to keep historical analysis for Time Machine

A web reporting tool is used to display code quality dashboards on projects, hunt for defects, and check TimeMachine and to configure analysis.

What Sonar provides?• Quality profiles• Dashboards

o A consolidated view that shows all projectso Project dashboard is also available at modules and

packages level• Hunting Tools• TimeMachine

o TimeMachine is used to watch the evolution, replay the past, especially as it records versions of the project.

FindBugs

NOTE: FindBugs Logo is taken from its official site

FindBugs

• FindBugs is a program to find bugs in Java programs.• FindBugs is platform independent, and is known to run

on GNU/Linux, Windows, and MacOS X platforms.• It uses static analysis on java code.– Static analysis is a way to inspect code without executing the

program.• Works on byte code rather than source code.

• This tool inspects Java byte code which is saved in the form of complied class files, to detect occurrences of bug patterns.

Bug patterns• Bug patterns are checklist items for possible

problems in the Java source.

• Malicious code vulnerability – code that can be maliciously altered by other code.

• Dodgy – code that can lead to errors.• Bad practice – code that violates the recommended

coding practices.• Correctness – code that might give different results

than the developer intended.• Internationalization – code that can inhibit the use of

international characters.

The patterns are categorized by the list below:

• Performance – code that could be written differently to improve performance.

• Security – code that can cause possible security problems.

• Multithreaded correctness – code that could cause problems in multi-threaded environment.

• Experimental – code that could miss clean up of steams, database objects, or other objects that require cleanup operation.

FindBugs Results

Warning reported by FindBugs are categorized into:

• Relevant positive – a bug that the developers must fix or should fix.

• Irrelevant positive –a bug but it is irrelevant to the program and does not need to be fixed.

• False positive – Not a bug.

• My conclusion from this is that using FindBugs is definitely worthwhile. I plan to roll it out to all my Java projects and integrate it into the automated builds so that the FindBugs results are also available from the continuous integration server.