Centralized Management of Code Quality

Our vision for Agile ALM Connect is to bring together the leaders of different tools that are being used across the application lifecycle.   Therefore, I was very happy that Olivier Gaudin, co-founder of the Sonar open source project,  agreed to speak at Agile ALM Connect about how continuous inspection of code is an important aspect of continuous delivery.

Olivier also agreed to answer some of my questions about Sonar and how Eclipse developers can use it.

1. Sonar is an open source platform to manage code quality.   How does Sonar work?

Sonar is a centralized way of managing code quality. This enables teams / departments / organizations to define a shared set of quality requirements and manage it collectively. Sonar provides automatic code review through static analysis and to a certain extend dynamic analysis. It also provides manual review capabilities for quality defects that can only be detected by human-being (accuracy of a comment, expressivity of the name of a method…)

Sonar is based on a 3-tiers architecture :

• a database to store the results of analysis. Sonar today supports Oracle, MS SQL server, MySQL, PostgreSQL and Derby.
• a web server to report the results of quality analysis
• a set of analysers that can be triggered as a simple batch or through ANT, Graddle or Maven to integrate the project build mechanism

Sonar support today 14 programming languages (Java, C#, Cobol, PL/SQL…)

2. How would you suggest people use Sonar with Eclipse?

Our vision has always been that code quality should be managed in a centralized manner but this is clearly not sufficient for code quality management practice to becomes part of the developer’s daily job. This is the reason we have built a plugin for Sonar in Eclipse to extend the quality management. This plugin shows quality defects to the developer as he reads or changes code. This provides him a very good opportunity to improve this code at a small cost and to make a quality check prior to committing changes to the SCM. On top of this, a Sonar Mylyn connector allows to track all open reviews assigned to the current user.

3. What do you recommend for people who want to get started using Sonar?

My recommendation is to give it a try, to find out by yourself the value to get out of the tool. There is a two minutes installation guide and even a one minute if you are on linux. Sonar will provide you a lot of information about your project, but most importantly it will provide hotspots, risky areas in your projects and items that could be fixed immediately.

Once you are convinced Sonar should be part of your software factory, you should start making analysis part of your builds: daily analysis is what we recommend. Then you need to spend some time deciding about the quality requirements, i.e. what quality defects are not acceptable in your organization. You are all set to start fighting you technical debt: this is what we call Continuous Inspection. When you are comfortable with the platform, you can start adding plug-ins to extend functionality and fit your needs.

From http://ianskerrett.wordpress.com/2012/02/21/centralized-management-of-code-quality/