This article explains why testing is essential, outlines its concrete benefits, compares static analysis tools like PMD and SonarQube, provides actionable test‑layout guidelines, suggests a phased adoption path, and defines key metrics for continuous test‑quality improvement.
This guide details a step‑by‑step, incremental upgrade of SonarQube from V7.9.6 LTS to V10.7 LTS, covering project background, upgrade value, challenges, strategy, technical implementation, JDK compatibility, plugin migration, multi‑JDK handling, authentication changes, reference‑branch feature, and post‑upgrade results with lessons learned.
This article compares SonarQube and Codacy, examining their histories, core features, security capabilities, deployment models, and ideal use‑cases, to help teams decide which static analysis solution aligns best with their workflow, technology stack, and compliance requirements.
This article compares SonarQube, Infer, and Clang Static Analyzer for iOS development, detailing their language support, strengths, weaknesses, integration with CI/CD pipelines, and practical usage tips to help teams select the most suitable static analysis solution.
This article compares popular static‑code analysis tools for iOS—including SonarQube, Infer, and Clang Static Analyzer—detailing their language support, features, pros and cons, integration methods, and practical usage tips, helping developers select the most suitable solution for their projects.
This guide walks you through setting up a fully automated security code detection platform—covering environment preparation, installing JDK, MySQL, SVN, Maven, Tomcat, SonarQube, and Jenkins, configuring each component, integrating them via Jenkins pipelines, and running sample scans to generate actionable security reports.
The article reviews open‑source static analysis options for iOS, then compares SonarQube, Infer, and Clang Static Analyzer, outlining each tool’s language support, advantages, drawbacks, CI/CD integration, and practical usage to help teams choose the best solution based on project size, language mix, and reporting needs.
This article provides a comprehensive overview of essential DevOps engineering tools and practices—including Jira release management, GitLab Gitflow workflow, Jenkins CI/CD pipelines, Maven/Gradle/MSBuild build tools, unit testing frameworks, and SonarQube quality analysis—illustrated with enterprise‑level case studies to demonstrate their real‑world impact.
This guide explains the background, purpose, and step‑by‑step process for creating an automated security code detection platform that integrates SonarQube, Jenkins, Maven, SVN and MySQL, enabling continuous security testing and reporting within the software development lifecycle.
This article details Zhuanzhuan's practical implementation of static code scanning within its self‑built DevOps platform, covering its significance, architecture, incremental analysis methods, permission management, rule selection, promotion process, and challenges encountered, illustrating how it became a low‑cost, repeatable security safeguard in their CI/CD workflow.
Shire 0.5 introduces SonarQube issue support, Git‑enabled ShireQL queries, a reranking function for RAG, and new data‑guarding capabilities like the redact function and customizable secret‑pattern YAML, enabling developers to securely build AI‑powered coding agents that leverage IDE assets while protecting sensitive information.
Nova is an AI-powered code review system integrated with GitLab CI and SonarQube, offering full-project context, multi-language support, extensibility for models and search methods, easy Docker deployment, safety filters, and aims to improve review precision and provide customizable audit prompts.
This step‑by‑step tutorial explains how to configure version control, provision an AWS EC2 instance, install Java and Jenkins, set up Docker and SonarQube, write a Jenkinsfile, and deploy the application automatically with ArgoCD on a Kubernetes cluster.
This step‑by‑step tutorial explains how to configure a full CI/CD pipeline using Jenkins, Maven, Docker, SonarQube, Helm, and ArgoCD on an AWS EC2 instance with Kubernetes, covering version‑control setup, instance provisioning, credential management, pipeline scripting, and automated deployment.
This guide walks through setting up a complete CI/CD environment on three CentOS 7.6 machines—GitLab, Jenkins, and Tomcat—covering installation, configuration, plugin management, Maven integration, SonarQube scanning, and automated deployment of a Java web application.
This guide explains what SonarQube is, its advantages, architecture, and provides step‑by‑step Docker installation, project setup, scanner configuration, and real‑world examples of detecting unreachable code and unused parameters.
This article describes Huolala's journey from a legacy PHP codebase to a Java‑centric microservice architecture, the common misconceptions and difficulties of unit testing, and the design of an automated CI/CD pipeline that integrates Tekton, SonarQube, GitLab Runner, JUnit5, and Mockito to enforce coverage gates and improve code quality.
The report analyzes SonarQube‑detected defects in Projects A and B, classifying them by type and severity, revealing that code smells dominate while null‑pointer bugs are unexpectedly frequent, and discusses why some defects are quickly fixed versus others remaining unresolved, emphasizing early detection, design rigor, and robust testing.
This article explains cyclomatic complexity, its calculation formulas, practical examples, and how to measure and improve code quality using tools like SonarQube, ESLint, and codeMetrics, while also presenting refactoring techniques such as single‑responsibility, open‑closed, polymorphism, early returns, and functional programming to reduce complexity.
The article explains static testing concepts, the role of code inspection and reviews, the advantages and limitations of automated code scanning tools, and provides a practical guide for integrating SonarQube into a development workflow to improve code quality and enforce testing standards.
This guide explains how to integrate GitLab CI/CD with SonarQube, configure runners, set up SonarQube projects, define quality gates, and embed the pipeline into the development workflow to enforce code‑quality standards automatically.
This article details how the Litmus code‑quality platform was integrated into a CI pipeline, the performance bottlenecks encountered with Jenkins and Sonar, the systematic optimizations applied—including server redesign, script refactoring, parallel testing, and JVM tuning—and the resulting dramatic reduction in task duration and increase in throughput.
This guide defines technical debt, outlines its classification into vulnerabilities, bugs, and code smells, and presents clear objectives, principles, standards, evaluation rules, recommended practices, and metrics to visualize, assess, and systematically reduce debt, thereby improving project delivery efficiency.
This article explains how to integrate SonarQube into Zadig to automatically scan code in the pkg directory, configure scans, trigger them via webhooks, and view results, providing a practical three‑step workflow that enhances code quality and reduces delivery risk.
Recent rumors claimed that foreign hacker groups were exploiting SonarQube and Vue.js to attack government and enterprise systems, but investigation shows the SonarQube flaw is a pure backend API authentication issue unrelated to Vue, and Vue itself has no known security vulnerabilities when standard front‑end safety practices are followed.
Chinese authorities have ordered government bodies and key enterprises to investigate the use of open‑source tools SonarQube and Vue.js amid claims that foreign hackers are exploiting these platforms, prompting a public response from Vue.js founder Evan You about the projects' security posture.
This guide explains how to separate unit and integration tests in a Maven project, configure the Build Helper and Failsafe plugins, set up JaCoCo to generate combined coverage reports, and visualize them in SonarQube, including a complete example pom.xml.
This guide explains how to set up SonarQube and Sonar‑scanner for static code analysis, run the scanner with project parameters, install the Sonar‑GitLab plugin, configure commit‑status integration, and use the resulting GitLab commit status to enforce merge‑request policies based on pipeline outcomes.
This guide introduces SonarLint and SonarQube, explains how to install and configure them for Java projects, demonstrates scanning with Maven, and provides additional resources such as Alibaba Java coding conventions and documentation links, helping developers improve code quality and maintainability.
This article introduces three essential code‑quality tools—SonarLint, SonarQube, and the Alibaba code‑convention plugin—explaining their installation, basic usage, integration with Maven, and how they help developers detect code smells, enforce standards, and quantify quality metrics in Java projects.
This article explains how SonarQube uses static analysis to measure software reliability, maintainability, security, complexity, test coverage and duplication, describes its rule categories, severity levels, issue states, and metric rating scales, and shows why high‑quality code reduces costs and improves safety.
This article explains how SonarQube uses static analysis to measure software reliability, maintainability, security, complexity, test coverage and duplication, describes its rule categories, severity levels, issue states, and quality metrics, and highlights the cost and productivity benefits of high‑quality code.
This tutorial walks you through installing and using SonarLint for on‑the‑fly code smell detection, setting up SonarQube as a centralized quality platform, configuring Maven integration, and leveraging Alibaba's coding standards to quantify and improve software quality.
This article introduces SonarLint and SonarQube, explains how to install and configure them, demonstrates code analysis and rule customization, shows integration with Maven via the sonar‑maven‑plugin, and highlights Alibaba's coding standards as a practical example of improving software quality.
This guide walks you through installing and using SonarLint for on‑the‑fly code smell detection, setting up SonarQube as a centralized quality platform, integrating it with Maven via the sonar‑maven‑plugin, and applying Alibaba's coding standards to achieve measurable improvements in code health.
This article explains how to integrate the SonarQube Sonar Secrets plugin into a CI/CD pipeline to provide early security feedback, detect hard‑coded credentials, build and install the plugin, configure SonarQube, and enable secret scanning for Java and JavaScript projects.
This article explains how to build a complete MR/Push feedback loop that calculates incremental code coverage using GitLab webhooks, Jenkins pipelines, Jacoco reports, and SonarQube quality gates, enabling automated acceptance or rejection of code changes based on coverage thresholds.
This guide explains how to install SonarQube and Sonar‑scanner, configure scanning parameters, add the Sonar‑GitLab plugin, and use additional properties to link scan results to GitLab commit statuses, enabling pipeline‑based merge request control.
This guide explains how to address three frequent SonarQube challenges—unstable data across branches, difficulty assigning custom rule sets to new projects, and project permission management—by creating per‑branch projects, using REST APIs for quality profiles, and applying permission templates via Jenkins integration.
This guide walks you through setting up SonarLint in IntelliJ IDEA, configuring the SonarQube server and project, and using the tool to automatically detect coding standards violations, potential bugs, complexity issues, duplication, and comment problems before committing code.
This guide explains how to restructure a Maven project to isolate unit and integration tests, configure Maven Surefire, Failsafe, Build‑Helper, and JaCoCo plugins for separate execution and combined coverage reports, and finally display the results in SonarQube.
This guide explains how to structure a Maven project to run unit tests and integration tests separately, configure the Build Helper, Surefire, Failsafe, and JaCoCo plugins, and generate combined test reports that can be visualized in SonarQube.
This guide explains how to install the SonarQube Community Branch Plugin, configure multi‑branch scanning, and integrate pull‑request quality reports into GitLab CI pipelines using SonarQube settings and API commands.
This article discusses common challenges encountered when using SonarQube at scale—including data instability across branches, rule configuration for new projects, and project permission management—and presents practical solutions such as branch-specific project naming, Jenkins-driven API automation, and recommendations for purchasing commercial editions.
This article explains how Skyscanner integrated the Sonar Secrets plugin into their CI/CD pipeline to automatically detect hard‑coded secrets such as passwords, API tokens, and AWS credentials, covering setup, build commands, installation steps, and enabling the rules in SonarQube quality profiles.
This article explains the fundamentals of static code scanning, reviews popular analysis tools such as Checkstyle, FindBugs, PMD and SonarQube, and details a three‑year evolution of a dealer technology department’s CI/CD integration, automation, metrics, and key success factors for effective code quality assurance.
The article details how a Go middleware QA team generates unit‑test coverage with go test and gocov, runs static analysis via golangci‑lint, integrates results into SonarQube, captures integration‑test coverage in Kubernetes, and applies diff‑cover for incremental coverage checks, all visualized through Jenkins.
This guide explains how to integrate SonarQube into a DevOps workflow by using its REST API, creating reusable shared library functions, configuring multi‑branch analysis, and automating quality gate checks within a CI/CD pipeline.
This guide explains how to install and configure SonarQube Scanner, set up project analysis parameters, and automate code quality checks within Jenkins pipelines using shared libraries and Groovy scripts, enabling continuous inspection of Java projects.
This guide explains SonarQube's architecture, shows how to deploy it with Docker, and details configuration steps including forced login, LDAP integration, and GitLab authentication, providing code snippets and screenshots for a complete DevOps quality‑management setup.
This article introduces SonarQube, an open‑source code quality management platform, explains its four main components, integration workflow with IDEs, CI servers and databases, and highlights key features such as rule sets, quality gates, and project dashboards for improving software quality.
This tutorial explains how to install and configure Java 8, Ant, JUnit 4, JaCoCo, Jenkins, and SonarQube on Windows or Linux to create a fully functional CI server with code‑coverage and quality analysis for a modular Java project.
This article explains the drawbacks of a traditional Jenkins master‑slave setup, outlines a Kubernetes‑driven CI/CD solution that dynamically provisions Jenkins slaves as pods, details the deployment of custom Jenkins and SonarQube Docker images, and covers related Kubernetes resources, web‑terminal integration, and tuning tips.
This article explains how to address three common SonarQube challenges—data instability across branches, difficulty assigning quality profiles, and project permission management—by creating per‑branch projects, using Jenkins pipeline scripts with Sonar REST APIs, and applying permission templates to streamline large‑scale code‑quality scanning.
This article explains how continuous delivery pipelines rely on SonarQube for code quality enforcement, compares the Issues and Preview modes for displaying analysis results in commits, and provides the necessary SonarQube command‑line parameters to configure each mode in a CI/CD workflow.
This guide explains how to configure SonarQube scan parameters to automatically include the current GitLab branch name and commit SHA, enabling detailed code‑quality reporting within CI pipelines; it also shows the required command‑line flags and how to set up the Reporting section with GitLab credentials.
This article introduces SonarQube, an open‑source platform for code quality management, explains its seven quality dimensions, provides step‑by‑step installation and configuration instructions (including JDK, MySQL, and scanner setup), demonstrates scanning a project, and summarizes its advantages for developers.
This guide walks through preparing test data, migrating a SonarQube database from MySQL to PostgreSQL, running the MySQL‑Migrator tool, restarting services, verifying the migration, and finally upgrading SonarQube from 6.7.7 to the 7.9.1 LTS release with JDK 11.
This article demonstrates how to query SonarQube web APIs for Java rule data, retrieve quality profile information, and use a Python script that leverages execjs to translate rule descriptions via Google Translate, providing examples of both API responses and translation code.
This article explains SonarQube’s architecture, detailing its server, database, plugin library, and scanner components, and describes the typical development workflow from IDE integration and code commit through CI‑triggered analysis, result submission, and code review, including deployment considerations for machines and network placement.
This article walks through creating a complete CI/CD workflow for a Python service using GitLab CI, Docker‑based gitlab‑runner, unit testing, static code analysis with SonarQube, service containers for Redis and MongoDB, and deployment steps, providing all necessary configuration files and commands.
This guide explains how to download, install, and configure the SonarQube GitLab authentication plugin, including plugin installation via Maven, setting up a GitLab application with HTTPS, configuring SonarQube authentication parameters, and troubleshooting common redirect URL errors.
This article explains SonarQube's main components—including server processes, database, plugins, and scanners—and describes the end‑to‑end workflow that integrates code analysis into development, CI/CD pipelines, reporting, and operational monitoring.
This guide explains step‑by‑step how to deploy SonarQube on Azure using the Bitnami‑provided resource, retrieve the default admin credentials, configure VSTS (Azure DevOps) tasks, and set up continuous integration pipelines to automatically scan code quality during builds.
The article explains how early defect prevention through a strong test mindset, exploratory testing, and automated static code analysis with tools like SonarQube and Git hooks can dramatically reduce bug‑fix costs, improve software quality, and streamline development workflows.
This guide explains how to break down a 5‑million‑line Maven codebase into modules, configure SonarQube scanning, and integrate it into a Jenkins CI/CD pipeline for fast, automated code‑quality analysis.
This article describes how a development team introduced Azure Application Insights for runtime monitoring, built and maintained their own TFS build agents, integrated SonarQube for automated code quality, and established unit and integration testing pipelines to create a data‑driven, scalable DevOps process.
This guide shows how to configure a Spring Boot multi‑module project using Gradle 3.3 to run SonarQube 5.6.6 analysis by adding the SonarQube plugin, setting repository and classpath, defining sonar properties, and executing the analysis with a simple Gradle command.
This article explains the concept of continuous integration, its benefits, and details JD Daojia's end‑to‑end CI implementation—including Git commits, static code analysis, unit testing, automated packaging, deployment, UI/JSF/APP testing, code coverage, and future automation plans—illustrated with architecture diagrams and configuration snippets.
SonarQube, an open‑source code quality platform, offers extensive static analysis for Android (Java) projects through plugins that assess complexity, duplication, test coverage, coding standards, comments, potential bugs, and architectural design, and integrates with IDEs and CI tools such as Jenkins to visualize and reduce technical debt.
