Automaters: Full Stack QA_SDET: What is SonarQube and why we need it in Automation project?SonarQube components

Thursday 8 April 2021

What is SonarQube and why we need it in Automation project?SonarQube components

This post we will know about the terminologies for SonarQube and try to understand why we need it our project.

What is SonarQube?

Web-based tool to measure and analyze the quality of source code

•Sonar does static code analysis, which provides a detailed report of bugs, code smells, vulnerabilities, code duplications.

•It supports 25+ major programming languages through built-in rulesets and can also be extended with various plugins.

•Major components of SonarQube:

- Quality Profiles

- Dashboard

- Quality Gates

- Rules

Why we need SonarQube for automation testing?

SonarQube empowers all automation testers to write cleaner and safer code. As automation profile is slowly moving towards SDET so it is quite important for testers to make it a habit of writing quality codes.

What is RULES in SonarQube?

•SonarQube executes rules on source code to generate issues. There are four types of rules:

- Code Smell (Maintainability domain)

- Bug (Reliability domain)

- Vulnerability (Security domain)

- Security Hotspot (Security domain)

•For Code Smells and Bugs, zero false-positives are expected. At least this is the target so that developers don't have to wonder if a fix is required.

•For Vulnerabilities, the target is to have more than 80% of issues be true-positives.

•Security Hotspot rules draw attention to code that is security-sensitive. It is expected that more than 80% of the issues will be quickly resolved as "Reviewed" after review by a developer.

*****************************************************

Check below link for question and answers with code:

Top API Interview Question 1-10

Top API INterview Questions 11-20

Top API AUTOMATION Interview Q&A - 21-30

Top 50 Selenium Automation Interview Q&A

*****************************

RULES-TYPES:

Bug	An issue that represents something wrong in the code. If this has not broken yet, it will, and probably at the worst possible moment. This needs to be fixed. Yesterday.
Code Smell	A maintainability-related issue in the code. Leaving it as-is means that at best maintainers will have a harder time than they should making changes to the code. At worst, they'll be so confused by the state of the code that they'll introduce additional errors as they make changes.

Security Hotspot

Security-sensitive pieces of code that need to be manually reviewed. Upon review, you'll either find that there is no threat or that there is vulnerable code that needs to be fixed.

Vulnerability

A security-related issue which represents a backdoor for attackers. See also Security-related rules.

•Bugs

Impact: Could the Worst Thing cause the application to crash or to corrupt stored data?

Likelihood: What's the probability that the Worst Thing will happen?

•Vulnerabilities

Impact: Could the exploitation of the Worst Thing result in significant damage to your assets or your users?

Likelihood: What is the probability that a hacker will be able to exploit the Worst Thing?

•Security Hotspots

Security Hotspots are not assigned severities as it is unknown whether there is truly an underlying vulnerability until they are reviewed.

QUALITY-PROFILES in SonarQube:

Quality Profiles are a core component of SonarQube, since they are where you define sets of Rules that when violated should raise issues on your codebase (example: Methods should not have a Cognitive Complexity higher than 15).

• Quality Profiles are defined for individual languages. For each language there is a default profile.

• To manage Quality Profiles, browse to the the Quality Profiles page where you'll find Quality Profiles grouped by language.

•Quality Profiles are collections of rules to apply during an analysis.

***********************************************