10. SonarQube

10.1. Issues

  • Cykl życia

  • Poziom istotności

  • Zagadnienia ręczne

10.2. Quality Profiles

  • Reguły jakościowe

  • Dostosowanie do potrzeb projektu

  • Jednonolita polityka jakościowa

  • Zasady dziedziczenia

10.3. Quality Gates

  • Statusy

  • Notyfikacje

  • Definiowanie bram

10.4. Kokpity

  • Widgety

10.5. Widoki różnicowe

  • W zakresie miar

  • W zakresie zagadnień

10.6. Administracja i bezpieczeństwo

  • Konta użytkowników

  • Grupy

  • System uprawnień

  • Konfiguracje globalne

10.7. Rozszerzenia systemu

  • Integracja

  • Zarządzanie

  • Języki

  • Analizatory zewnętrzne

  • Metryki

  • Wizualizacja i raportowanie

10.8. Dobre i złe praktyki

  • Pre-commit check

10.9. Bitbucket Integration

Code 10.6. sonar.json
  "sonarHost": "https://sonarcloud.io",
  "sonarProjectKey": "MyProjectKey"

SonarQube Commercial Editions tightly integrate with Atlassian Bitbucket Server so your team can write clean, quality code all day long!


Figure 10.1. Atlassian Bitbucket Server integration [sqbb]


Figure 10.2. Atlassian Bitbucket Server integration [sqbb]


Figure 10.3. Atlassian Bitbucket Server integration [sqbb]

10.10. Project News and Updates

10.11. Roadmap

The 8.x LTS, which is expected in early 2021, will add significant value in the areas of security, operability, integration, and Python analysis.

Security For the 7.9 LTS we entered the SAST (Static Application Security Testing) arena with taint analysis rules for Java, C#, and PHP, and Hotspots for those languages plus another three. For the 8.x LTS, we’ll expand that offering with more rules and more languages. Expect to see taint analysis expanded to Python, C++, C, JavaScript, and TypeScript, and expect to see the range of covered vulnerabilities expand too. We’ll also add more Hotspot rules and make the Hotspot concept more intuitive and easier to use. (Because not everything that might be a Vulnerability actually is a Vulnerability.)

Python Speaking of Python, we’re planning to really bring it this year. Expect top-notch analysis with high-value rules - quality and security - out of the box, no other tools required.

Integration We’ve done a good job so far providing integrations with major ALM and CI/CD tool chains, but “good” isn’t good enough. By the end of 2020, we expect to have seamless integration - both on-prem and in the cloud - with GitHub, Azure, BitBucket, and GitLab, as well as making it easier to get all your code (branches) analyzed via Jenkins.

Operability On the DevOps side, we’ll make life easier with an official, supported Docker Scanner image, as well as an official, supported image for each SonarQube edition. On top of that, we’ll add support for an orchestration system such as Kubernetes monitoring geographical (active/passive) redundancy

And more... As usual, we’ll add plenty of smaller features too. A sampling of the current short-list: tests as first-class citizens (e.g. analyzed with “real” rules), support for mono repos, and Portfolio branches.

10.12. References