Skip to main content

SonarQube LTS comprehensive study and 6.7 evaluation

The elegant and comprehensive static code quality analysis tool's latest LTS - 6.7 was out by end of 2017. From LTS stand point of view every version shows significant improvement from the predecessor, in case of SonarQube there have been three LTS so far, 4.5; 5.6; 6.7. Sonar, as it was called when it was started had a very humble yet powerful thought of analyzing java code with existing static code analysis tools like pmd and findbugs and persisting the report in database. This opened new opportunities for PMO and people concerned with productivity as it preserves history of project.

But Sonar was still only helpful for java developers and was almost exclusive for maven. By becoming a part of Codehaus projects it became more popular among maven community, around the same time they were recognized with Jolt award. Sonar started getting more attention, and they indeed lived up to it. Sonar soon incorporated other languages analyses into their arsenal. An interesting decision was made at this point, they ditched their approach of being aggregator of static code analysis tools to becoming an independent one. This move was in-fact essential and important for being one stop static analysis solution for all programming languages.

SonarQube 4.5 LTS is the first version that broke out of "java as first citizen" cocoon to give multi language support under single project and implemented SQALE methodology for calculation of technical debt. The version also marked the step towards establishing themselves as for profit organization, as they started offering commercial plugins for language analysis and PMOs (governing and report generation). Writing custom rules for SonarQube became elegant as they started using their own AST instead of using Pmd's AST, I have written about 50 on my own and it would have sucked big time if I had to use Pmd of XPath of Pmd! AST or Abstract Syntax Tree is how a code traversals through another code, its very intriguing to think of something like that ain't it. The Enterprise offering demanded availability and SonarSource came up with first Active Passive clustering guide. IDE plugin initiative helped them move away from the label of blamer, as developers can perform preview analysis in IDE itself before committing new changes and bugs. As far as architecture is concerned inclusion of Elastic Search improved search.

SonarQube 5.6 LTS made considerable amount of changes from architectural stand point to support changes at different level. Clustering was foremost, as SonarSource started offering cloud solution; even before this they had which was more of SonarQube's demo which was primary used by open source project; I gave it a go when I presented SonarQube for Chennai devops community. The pre-commit analysis was expanded to support comments under source code repository, it was cool both in paper and in action. If you are working in big organization or open source project and kept getting pull request this was a boon for you, as it helps product owner to decide it the new pull request is to be merged with development branch - my trial. Most important change is the decision to split analysis into two phase, one at analyzer - mostly your CI engine and the second inside SonarQube's compute engine. And the UX improvements and re-organization of rules based on categories as one of bug, vulnerability or code smell from previous categorization model based on 5 level severity, also this gave every fresh look and feel.

SonarQube 6.7 LTS marked the arrival of aggressive commercial versions of Open Core SonarQube. The pricing was changed from edition based to LOC based from SonarQube 5.6 itself but that was only going to help small organizations but the new change was made at Compute engine level so as to force organization to move to enterprise version if they have multiple projects continuously analysed. And this is why careful evaluation of your needs and your budget allocation is required before proceeding with SonarQube 6.7 LTS. From Technical stand point SonarQube introduced branch analysis, i.e., you can continuously analyze your regular release made from trunk or master branch and also keep track of feature release being developed in different branch, neat isn't it. Also Sonarlint the plugin for IDE was better integrated with SonarQube or SonarCloud by having improved notification mechanism. Elastic search was upgraded improving the already smooth search experience.

So what is to be evaluated? SonarQube 6.7 sound awesome right? Yes, in-fact now more language has received first class citizen status along with jvm based languages, js and c#; also php, python, flex are all invited to party. So the hitch? compute engine, did not explain on purpose; before compute engine all he analyses and data writing happened outside Sonarqube server. Server essentially was an instructor on how to analyze and where to store, analyzers did all the heavy lifting, SonarQube server concentrated on displaying issue and managing action plans and so on. With Compute engine, SonarQube server became active participant in analysis stage also by taking over the job of persisting data. This control was leveraged in new LTS, from now community version will only support sequential data persist and thus putting a block on number of parallel analysis happening at a given point of time - only one project can be persisted you have to pay more for parallel persistence of analyzed data. On average Compute engine takes 2 seconds to 5 minutes to analyze a project even bigger once if you can tolerate this you can go ahead and upgrade/start using SonarQube 6.7. If you are huge organization and you use SonarQube as a center piece with it analyzing 20 plus projects every hour then consider upgrading to Enterprise version. But before moving to commercial landscape you might want to make yourself familiar with Kiuwan, Checkmarx, Fortify as their offerings puts security along with static code analysis. But when it comes to static code analysis SonarQube is still perfect with report accuracy. 

Popular posts from this blog

Up and Close with Sudalai Madan: The Encounter

Night of 13th April all the preparations for the rituals were done in the temple, Sudalaimadam swamies idol was decorated with flowers and fruits and coconuts dedicated to the lord reached above his chest.My cousin Sudalai muthu, senior priest of the shrine reached home by late night got blessings of his father Late Shanmugam Sundaram and blessed the family members in 8x10 room dedicated for God, then started towards the temple. There peoples in huge number were waiting for the Sudalaimada swamy's arrival. Different rituals were offered by people to the Lord in order to get the blessings. As its is believed Sudaimada swamy, son Lord Siva used to consume meat in Kailash for this reason he is sent to earth were he can satisfy his earthy hunger there by not polluting Kailash.

Offering meat to Sudalaimadan is the most important and an watchful event in the festival. Many devotees offer their goat & pig so as to please the lord and get his blessings. That midnight Sudalaimada swamy …

Training @ Cognizant

I received my Date of Joining mail on 16 Oct 2011, I was so happy that finally I got that. I was the only one from my college to get the mail to report on that particular day so I went pretty much alone. I reported in MEPZ on Oct 20th from the next Monday my training began in Siruseri. I was able to spot many people who studied with me in school on the first day of Induction.
Initially I was placed in customized batch then was moved to Advance JAVA or J2EE in a generic term. I got pinned to IME vertical that handles clients related to Information, Media and Entertainment domain.We were trained in batches of 24, curse or charm I got into a batch with 20 girls! Whatever it didn't last for long, I was pretty much comfortable after getting out of it. My school was co-ed but classes were separate for boys and girls never mind 8th and 12th grades, where I was put into co-ed classes because I'm a good boy :P In college I remember studying together with girls nope remember seeing girls…

why do people sweat more in chennai???

One of the famous ornament of chennai is its summer!. Everyone here would have at least once talked about its effect and the way they affected. People comes out with sweats flowing from the body is the usual scene of chennai noon. The sweat produced is not just due to the temperature of the region. It is in fact due to the high humidity of chennai.

To explain this lets see a fact, people in chennai sweats more than the people in delhi where the temperature is higher than the former.

This is because of chennai's location. Chennai is located near sea due to which sea water evaporation is high during summer which in turn increases the humidity (Amount of water vapour present in air).
Normally human blood temperature is about 35 deg Celsius. If the outside temperature is more than that, then our system tries to automatically cools down by releasing sweat from the body.

The sweat which is released cools the surrounding heat by converting into vapour thereby reducing the body temperature…