Hello All! I'm very excited to post this update, as its been a while coming. I've been working with the ALM rangers on a project that just went to public beta. You can find a link to the blog post here on the ALM Rangers Blog.
But I wanted to take a more in depth look at a Sonar Qube here, and answer the obvious questions? What is it? and why do I care?
What is it?
Sonar Qube is an open source platform for managing Code Quality, and it is specifically focused on managing Technical Debt. So the first question is, what is Technical Debt?
Technical Debt: Refers to the accumulation of complexity within a custom application over time. These are the steps that need to be taken before new features can be added, or the amount of onboarding required to bring in a new developer. Technical Debt is what happens over time when emergency hotfixes and band-aids are not properly refactored.
This is the primary culprit behind the eventual "re-write" of the application. Think back on the times you've been involved with a re-write and I'm willing to be at least some of the reasons behind the decision to re-write are included below:
- Tight coupling of classes creates complexity.
- Spaghetti Code that is difficult to understand.
- Lots of overly complex code
- Poor abstraction around technologies
- Lack of testing and difficult to test code
These types of issues are not things that developers and architect intend to put in their code. These are byproducts of Technical Debt getting out of control.
Specifically Sonar Qube focuses on what it considers the 7 axis of code quality, and those are:
- Architecture / Design
- Unit Test Coverage
- Potential Bugs
- Coding Rules
The idea here is to create a consistent monitoring process for ensuring that the code being developed conforms with the above elements. Sonar Qube helps by creating Quality Gates where you can configure it to ensure that as part of an automated build process. The other great news is that VSTS provides out of the box integration for Sonar Qube.
For more information on Sonar Qube, see the following:
- SonarQube.org: The site for the project, has links to download, and documentation to assist.
- Installation Instructions: Detailed instructions for installing and setting up SonarQube.
- Analyzing Code: Documentation around analyizing code using the tool.
- Administrators Guide: Documentation on configuration and administration of Sonar Qube.
- Channel 9: Managing Technical Debt with Sonar Qube: Video overview of Sonar Qube and the ability to leverage the tool to manage technical debt.
- Channel 9: Configuring Sonar Qube for Azure AD: Explains how to configure Sonar Qube to be managing with Azure AD for security.
- Channel 9: Build Announcements for managing technical debt with Sonar Qube: Discussion and demonstration of integration with Sonar Qube.
Why do I care?
At the end of the day, why do we care? What benefit do we get from managing technical debt. Technical Debt as I described above is a cancer, from the minute your application goes to prod its a game of beat the clock to determine when a re-write will be necessary, and everything you do from the beginning is trying to extend that time and by the patient a few more days.
By properly managing the technical debt within an application we can keep the application in a maintainable and flexible state. And by maintaining that state we can keep the application alive and delivering value for significantly longer. But more than that it keeps the work from becoming stale, which is what ruins the project for many of the developers out there.
This will be the first of many posts about Sonar Qube, so stay tuned.