Assessing Code Quality and Technical Debt Using Sonar
Assessing Code Quality and Technical Debt Using Sonar. Qube Guy Smith-Ferrier guy@guysmithferrier. com http: //www. guysmithferrier. com
About… • Author of. NET Internationalization o Visit http: //www. dotneti 18 n. com to download the complete source code • Author of NCLDR o http: //www. ncldr. com o An open source. NET implementation of CLDR
Agenda • • Introduction to Sonar. Qube Demo: Installing Sonar. Qube Demo: C# Analysis using Sonar. Qube Rule Repositories o Sonar. Qube, Style. Cop, Fx. Cop, Refactoring Essentials, Code Cracker, Re. Sharper, NDepend, Wintellect • • Duplicate Rules Holy Wars Analyzing Unit Test Projects Code Quality Erosion
Sonar. Qube • An open source project since 2006 • Sonar. Source formed in 2008 o Based on Switzerland o 60+ employees (2017) o First commercial plugin in 2009 • 700, 000 downloads, 140, 000 downloads in 2016 • 80, 000 organisations use Sonar. Qube o 800+ customers o 7 customers in Fortune 10 o 47 customers in Fortune 100 • 60+ open source plugins
Sonar. Qube Language Support • Actively developed o Java, C#, Java. Script, COBOL, C/C++ • Developed according to demand o PL/SQL, PHP, ABAP, VB. NET, Python, RPG, Flex, Objective-C, Swift, Web, CSS, Erlang, Groovy, Lua, Puppet • Planned for 2017? o Type. Script, T-SQL • Third Party o Clojure, F#, Perl, Ruby
Demo
Suppressing Rules • 1. Suppress. Message attribute o Works in Visual Studio and on the Build Server o Includes an ‘optional’ Justification parameter • 2. #pragma o Works in Visual Studio and on the Build Server o No Justification parameter o Not easily trackable • 3. Sonar. Qube suppressions o Has no effect in Visual Studio • 4. Re. Sharper “disable” comments o Only affect Re. Sharper
Sonar. Qube C# Rules • • 238 rules Implemented in Roslyn Rule Help is excellent 6 ‘common’ (server-side only) rules
(Roslyn) Style. Cop • 187 rules • Implemented in Roslyn • Rule Help is excellent
‘Classic’ Fx. Cop • 233 rules • Implemented in Code Analysis in Visual Studio o Errors/warnings appear in Visual Studio’s Error List window o Rules only show in a clean build o Sonar. Lint deletes all non-Roslyn rules from rulesets • Implemented in Fx. Cop. Cmd. exe on the Build Server o Requires Visual Studio to be installed on the server • Fx. Cop does not always respect Suppress. Messages that include a scope • High degree of overlap with Sonar. Qube ruleset
Roslyn Fx. Cop • 140 rules o Not all rules ported (e. g. CAS) • Implemented in Roslyn o Match the version of the analyser to the version of Microsoft. Code. Analysis supported by Visual Studio • Visual Studio 2013: Not supported • Visual Studio 2015: Microsoft. Code. Analysis 1. 2 • Visual Studio 2017: Microsoft. Code. Analysis 2. 2 • Spread over 6 Nu. Get packages
Refactoring Essentials • 168 rules • Implemented in Roslyn • Rule Help is poor
Code Cracker • 76 rules • Implemented in Roslyn • Rule Help is poor
Re. Sharper • 675 rules • Implemented in Re. Sharper o Errors / warnings appear in Re. Sharper’s dedicated window • Implemented in Inspect. Code. exe on the Build Server o A free download (see Re. Sharper Command Line Tools) • Rule Help is good • The Sonar. Source Plugin is no longer available o Download Greg Bartlett’s replacement from: o https: //github. com/Greg. Bartlett/sonar-resharper
Wintellect Analyzers • • 14 rules Implemented in Roslyn Rule Help is good Some rules are counted as errors o The build breaks (even if these rules are disabled)
NDepend • 145 rules • Implemented in NDepend o Errors / warnings appear in NDepend’s dedicated window • Implemented in NDepend’s runner on the Build Server o Requires a separate NDepend “Build Server” licence • Rule Help is available through the NDepend project file • Rules cannot be suppressed (yet)
Duplicate Rules Sonar. Qube Fx. Cop Style. Cop Re. Sharper NDepend
. NET Ruleset Inspector • https: //github. com/Guy. Smith. Ferrier/Ruleset. Inspector
My Favourite Holy Wars • • • 1. var vs. Explicit Types 2. this vs. not this 3. Tabs vs. spaces 4. XML code comments 5. Ketchup: in the cupboard or in the fridge?
Analyzing Unit Test Projects • To analyse or not to analyse? o It’s not production code o It *is* an asset of the company • Analyse but use a reduced ruleset o via a standard set of suppressions o by disabling rules according to their file path
Code Quality Erosion Rule Count Bad Time
Code Quality Erosion Rule Count Good Time
Information Sources • Twitter o @Sonar. Source, @Sonar. Qube, @Sonar. Lint • Newsletters o http: //www. sonarsource. com/resources/product-news o http: //www. sonarsource. com/resources/newsletter • Support o Sonar. Qube Google Groups • Bug Tracking and Development o http: //jira. sonarsource. com
Summary • Sonar. Qube analyses Code Quality and assesses Technical Debt • Sonar. Qube exposes statistical data to all stakeholders (not just developers) • Sonar. Qube tracks metrics over time • At least half of the effort spent on Sonar. Qube Administration centres on the socialisation of Code Quality
It’s More Readable • There is no such thing as empirically “more readable” • “More readable” only applies to individuals • Code is “more readable” if it looks like what you are used to reading
- Slides: 25
