Skip to main content

SonarQube LTS comprehensive study and 6.7 evaluation

https://www.sonarqube.org

The elegant and comprehensive static code quality analysis tool's latest LTS - 6.7 was out by end of 2017. From LTS stand point of view every version shows significant improvement from the predecessor, in case of SonarQube there have been three LTS so far, 4.5; 5.6; 6.7. Sonar, as it was called when it was started had a very humble yet powerful thought of analyzing java code with existing static code analysis tools like pmd and findbugs and persisting the report in database. This opened new opportunities for PMO and people concerned with productivity as it preserves history of project.

But Sonar was still only helpful for java developers and was almost exclusive for maven. By becoming a part of Codehaus projects it became more popular among maven community, around the same time they were recognized with Jolt award. Sonar started getting more attention, and they indeed lived up to it. Sonar soon incorporated other languages analyses into their arsenal. An interesting decision was made at this point, they ditched their approach of being aggregator of static code analysis tools to becoming an independent one. This move was in-fact essential and important for being one stop static analysis solution for all programming languages.

SonarQube 4.5 LTS is the first version that broke out of "java as first citizen" cocoon to give multi language support under single project and implemented SQALE methodology for calculation of technical debt. The version also marked the step towards establishing themselves as for profit organization, as they started offering commercial plugins for language analysis and PMOs (governing and report generation). Writing custom rules for SonarQube became elegant as they started using their own AST instead of using Pmd's AST, I have written about 50 on my own and it would have sucked big time if I had to use Pmd of XPath of Pmd! AST or Abstract Syntax Tree is how a code traversals through another code, its very intriguing to think of something like that ain't it. The Enterprise offering demanded availability and SonarSource came up with first Active Passive clustering guide. IDE plugin initiative helped them move away from the label of blamer, as developers can perform preview analysis in IDE itself before committing new changes and bugs. As far as architecture is concerned inclusion of Elastic Search improved search.

SonarQube 5.6 LTS made considerable amount of changes from architectural stand point to support changes at different level. Clustering was foremost, as SonarSource started offering cloud solution; even before this they had https://nemo.sonarqube.org/ which was more of SonarQube's demo which was primary used by open source project; I gave it a go when I presented SonarQube for Chennai devops community. The pre-commit analysis was expanded to support comments under source code repository, it was cool both in paper and in action. If you are working in big organization or open source project and kept getting pull request this was a boon for you, as it helps product owner to decide it the new pull request is to be merged with development branch - my trial. Most important change is the decision to split analysis into two phase, one at analyzer - mostly your CI engine and the second inside SonarQube's compute engine. And the UX improvements and re-organization of rules based on categories as one of bug, vulnerability or code smell from previous categorization model based on 5 level severity, also this gave every fresh look and feel.

SonarQube 6.7 LTS marked the arrival of aggressive commercial versions of Open Core SonarQube. The pricing was changed from edition based to LOC based from SonarQube 5.6 itself but that was only going to help small organizations but the new change was made at Compute engine level so as to force organization to move to enterprise version if they have multiple projects continuously analysed. And this is why careful evaluation of your needs and your budget allocation is required before proceeding with SonarQube 6.7 LTS. From Technical stand point SonarQube introduced branch analysis, i.e., you can continuously analyze your regular release made from trunk or master branch and also keep track of feature release being developed in different branch, neat isn't it. Also Sonarlint the plugin for IDE was better integrated with SonarQube or SonarCloud by having improved notification mechanism. Elastic search was upgraded improving the already smooth search experience.

So what is to be evaluated? SonarQube 6.7 sound awesome right? Yes, in-fact now more language has received first class citizen status along with jvm based languages, js and c#; also php, python, flex are all invited to party. So the hitch? compute engine, did not explain on purpose; before compute engine all he analyses and data writing happened outside Sonarqube server. Server essentially was an instructor on how to analyze and where to store, analyzers did all the heavy lifting, SonarQube server concentrated on displaying issue and managing action plans and so on. With Compute engine, SonarQube server became active participant in analysis stage also by taking over the job of persisting data. This control was leveraged in new LTS, from now community version will only support sequential data persist and thus putting a block on number of parallel analysis happening at a given point of time - only one project can be persisted you have to pay more for parallel persistence of analyzed data. On average Compute engine takes 2 seconds to 5 minutes to analyze a project even bigger once if you can tolerate this you can go ahead and upgrade/start using SonarQube 6.7. If you are huge organization and you use SonarQube as a center piece with it analyzing 20 plus projects every hour then consider upgrading to Enterprise version. But before moving to commercial landscape you might want to make yourself familiar with Kiuwan, Checkmarx, Fortify as their offerings puts security along with static code analysis. But when it comes to static code analysis SonarQube is still perfect with report accuracy. 

Comments

Popular this month

Puththu kovilum Putho tilesum, as they are built

Its the grand Aadi season here in Tamil Nadu wherever you go you'd be followed by awful noise from no mercy speakers masqueraded as a devotional song. Yes, this is the first post dedicated to it. Hindu is not a religion but it's idealism, a way to unite people, that's perfectly constructed by assuming separate task to every God, no single God worship. Hindus moved from nature worship to idol worship, but that doesn't mean that we don't have nature worship we have created an idol for them and continued to worship them in a different form. Snake is a beautiful reptile, I have made friend with few too... Our ancestor found the natural law, 'every living creature on earth is important for the ecosystem to be balanced'. Maybe to make sure snakes are not killed fearing their venom they made them as God too! Not just idol snakes, they are worshipped as they are at their  conquered (from rats and termite)   nest or  puthu . Puthu...

Up and Close with Sudalai Madan: The Encounter

Night of 13th April all the preparations for the rituals were done in the temple, Sudalaimadan swamy was decorated with flowers, fruits and coconuts; the dedications reached above his chest. My cousin Sudalai Muthu, senior priest of the shrine reached home by late-night got blessings of his father Late Shanmugam Sundaram also previous head priest and blessed the family members in room dedicated for God, then started towards the temple. People have already gathered in huge numbers and were waiting for the Sudalaimada Swamy's arrival at Temple. Different rituals were offered by people to the Lord in order to get the blessings. As it is believed Sudaimada Swamy, the son of Lord Siva used to consume meat in Kailash for this reason he is sent to earth, where he can satisfy his earthy hunger thereby not polluting Kailash. Sree Aaladi Padmanabha Sudalaimada Swamy Temple, Kumarapuram Offering meat to Sudalaimadan is the most important and watchful event of the festival. Many devotees off...

Three language educational policy will only benefit Hindi

The three language education policy even if not enforcing Hindi, will end up enabling and propagating only Hindi! Since I'm from Tamilnadu, I'll restrict my views to it; but you can pick this template and apply to any state/UT of India. Students cannot learn on their own, this would mean hiring new teachers. But Schools cannot afford to hire many teachers due to budget, that cascades to lean number of choices available for student. German/French/Japan or any such international language teachers will be highly sought after by lavish private schools which translates to high salary for them, naturally schools catering to middle class will not be able to afford them. Thus school administration will end up hiring Hindi teachers readily available from Dhakshina Bharat Hindi Prachar Sabha. Maybe some schools present in borders towns like Vellor, Hosur, Nagapattinam will choose Telugu, Kannadam, Malayalam and so on. Baring them I can only see Hindi flourishing in future. I...

Shame of Sabarimala : Annadhanam under TDB

Annadhana Prabhuve, Saranam Ayyappa It means "The noble who donates food, Ayyappa save us". The legend is not clear about how or why Lord Ayyappa is called so, coincidentally the third step of the Pathinetu padi stands for Annapoorna (the God of food) by crossing this step Ayyappamar assure that they have followed Ayyappa by donating food to peers and made sure any Ayyappamar coming to Sabarimala for Punya Dharishanam is not hungry. I'm sure this year many Ayyappamar did not fullfil this deed to proudly step on it, they neither received nor gave; they were curbed. Though it was ABASS*   who started it all many sangam took up the responsibility to feed the hungry Ayyappamar, people have crossed the toughest times by taking supplies to impossible mountain peak like Karimala, Azhutha; now with roads easing pain kerela government and travancore devaswom board(tdb) is pulling the rug on Seva Sangams. Image edited from The Hindu Double standard of kl govt and tbd ...

Unmaking of tortilla with corn flour

I'm on my cooking spree, it has been bread & jam or noodles for too long. Now that I have grown a taste for cheese I bought a lot of cheese and started googling recipes that includes cheese. I started out with cheese sauce for nachos, I liked nachos more than sauce cause I didn't get it right the first time. In nachos I found a good evening snack, so moved into salsa or mayo or even thick salad dressing as I found it easier to arrange than cook. Inevitably I came back to stove when I wanted to eat pasta after having mouth watering conversations with Dewang . I wanted to make pasta with sauce or cheese of my choice also privilege of eating pasta in India is mostly reserved for those people who works in corporate and goes out for casual dinner and lunch were they don't need to pay bill. Cooking at home gives me the opportunity to introduce such cuisine to my parents. I started cooking pasta and sauce, once I made the cheese sauce curdy and the other day I forgot to...