Sonar Qube and Sonatype Nexus IQ Server What
Sonar. Qube and Sonatype Nexus IQ Server What is it and how does it relate to us?
What is Sonar. Qube? • An open source tool to measure and analyze to quality of source code • Supports over 20 different languages • Ability to analyze within your CI Engine or locally on your IDE • Architecture & Design, Complexity, Duplications, Coding Rules, Potential Bugs, Unit Test & Comments (from APIs) • Creates a homogenized and centralized report displayed on an easy-to-read dashboard of metrics defined by the user/team • Lots of plugins with other ALM tools to ensure quality code is written before put into production
Why Sonar. Qube? • Utilizes static and dynamic analysis tools • Focused on the 7 axes of code quality rather than just bugs and code complexity • Can be used as a plugin alongside CI servers so centralizes the build and code analysis
Sonar. Qube Architecture
However, this only checks the built code from developers. . What happens before and after that?
What is Sonatype Nexus IQ Server? • Consists of three separate parts that work together • Auditor • Firewall • Lifecycle
Why Sonatype Nexus IQ Server? • Provides governance and oversight of the entire software supply chain through monitoring all components and artifacts • Integrates with many other Dev. Ops related and existing tools used within HSBC
Supply Chain Flow
- Slides: 8