What is SonarQube?
Web-based tool to measure and analyze the quality of source code
•Sonar does static code analysis, which provides a detailed report of bugs, code smells, vulnerabilities, code duplications.
•It supports 25+ major programming languages through built-in rulesets and can also be extended with various plugins.
•Major components of SonarQube:
- Quality Profiles
- Dashboard
- Quality Gates
- Rules
Why we need SonarQube for automation testing?
SonarQube empowers all automation testers to write cleaner and safer code. As automation profile is slowly moving towards SDET so it is quite important for testers to make it a habit of writing quality codes.
What is RULES in SonarQube?
•SonarQube executes rules on source code to generate issues. There are four types of rules:
- Code Smell (Maintainability domain)
- Bug (Reliability domain)
- Vulnerability (Security domain)
- Security Hotspot (Security domain)
•For Code Smells and Bugs, zero false-positives are expected. At least this is the target so that developers don't have to wonder if a fix is required.
•For Vulnerabilities, the target is to have more than 80% of issues be true-positives.
•Security Hotspot rules draw attention to code that is security-sensitive. It is expected that more than 80% of the issues will be quickly resolved as "Reviewed" after review by a developer.
*****************************************************
RULES-TYPES:
Bug | An issue that represents something wrong in the code. If this has not broken yet, it will, and probably at the worst possible moment. This needs to be fixed. Yesterday. |
Code Smell | A maintainability-related issue in the code. Leaving it as-is means that at best maintainers will have a harder time than they should making changes to the code. At worst, they'll be so confused by the state of the code that they'll introduce additional errors as they make changes. |
Security Hotspot | Security-sensitive pieces of code that need to be manually reviewed. Upon review, you'll either find that there is no threat or that there is vulnerable code that needs to be fixed. |
Vulnerability | A security-related issue which represents a backdoor for attackers. See also Security-related rules. |
•Bugs
Impact: Could the Worst Thing cause the application to crash or to corrupt stored data?
Likelihood: What's the probability that the Worst Thing will happen?
•Vulnerabilities
Impact: Could the exploitation of the Worst Thing result in significant damage to your assets or your users?
Likelihood: What is the probability that a hacker will be able to exploit the Worst Thing?
•Security Hotspots
Security Hotspots are not assigned severities as it is unknown whether there is truly an underlying vulnerability until they are reviewed.
QUALITY-PROFILES in SonarQube:
Quality Profiles are a core component of SonarQube, since they are where you define sets of Rules that when violated should raise issues on your codebase (example: Methods should not have a Cognitive Complexity higher than 15).
• Quality Profiles are defined for individual languages. For each language there is a default profile.
• To manage Quality Profiles, browse to the the Quality Profiles page where you'll find Quality Profiles grouped by language.
•Quality Profiles are collections of rules to apply during an analysis.
***********************************************
How to run selenium tests from Jenkins? Maven and Jenkins Integration with Testng-Selenium?Run selenium maven project from command line?
Click Here For Steps with Screenshot
***********************************************
QUALITY-GATES in SonarQube:
•Quality Gates enforce a quality policy in your organisation by answering one question: is my project ready for release?
• To answer this question, you define a set of conditions against which projects are measured. For example:
No new blocker issues
Code coverage on new code greater than 80%
•Each Quality Gate condition is a combination of:
a measure
a comparison operator
an error value
•For instance, a condition might be:
measure: Blocker issue
comparison operator: >
Error value: 0
Which can be stated as: No blocker issues.
NOTE: Next post will be on How to Configure SonarQube in Automation Project?
Suggested Post:
ALL ABOUT AUTOMATION FRAMEWORK DESIGN
*************************************************
API Testing Interview Question Set:
https://automationreinvented.blogspot.com/search/label/Rest-API
Kubernetes Interview Question Set
https://automationreinvented.blogspot.com/search/label/Kubernetes
Docker Interview Question Set
https://automationreinvented.blogspot.com/2020/02/top-18-docker-commands-for-aytomation.html
Linux Interview question Set
https://automationreinvented.blogspot.com/search/label/Linux
Automation Testing/SDET Framework Design
https://automationreinvented.blogspot.com/search/label/FrameworkDesign
Java Related Interview Question Set
https://automationreinvented.blogspot.com/search/label/Java
GIT Interview Question Set:
https://automationreinvented.blogspot.com/search/label/GIT
Coding Interview Question Set:
https://automationreinvented.blogspot.com/search/label/Coding%20Questions
No comments:
Post a Comment