Pages

Thursday 8 April 2021

What is SonarQube and why we need it in Automation project?SonarQube components

 





This post we will know about the terminologies for SonarQube and try to understand why we need it our project.

What is SonarQube?

Web-based tool to measure and analyze the quality of source code

•Sonar does static code analysis, which provides a detailed report of bugs, code smells, vulnerabilities, code duplications.

•It supports 25+ major programming languages through built-in rulesets and can also be extended with various plugins.

•Major components of SonarQube:


- Quality Profiles

- Dashboard

- Quality Gates

- Rules


Why we need SonarQube for automation testing?


SonarQube empowers all automation testers to write cleaner and safer code. As automation profile is slowly moving towards SDET so it is quite important for testers to make it a habit of writing quality codes.


What is RULES in SonarQube?

•SonarQube executes rules on source code to generate issues. There are four types of rules:

  - Code Smell (Maintainability domain)

  - Bug (Reliability domain)

  - Vulnerability (Security domain)

  - Security Hotspot (Security domain)


•For Code Smells and Bugs, zero false-positives are expected. At least this is the target so that developers don't have to wonder if a fix is required.

•For Vulnerabilities, the target is to have more than 80% of issues be true-positives.

•Security Hotspot rules draw attention to code that is security-sensitive. It is expected that more than 80% of the issues will be quickly resolved as "Reviewed" after review by a developer.


*****************************************************

Check below link for question and answers with code:

Top API Interview Question 1-10

 

*****************************


RULES-TYPES:


Bug

An issue that represents something wrong in the code. If this has not broken yet, it will, and probably at the worst possible moment. This needs to be fixed. Yesterday.

Code Smell

A maintainability-related issue in the code. Leaving it as-is means that at best maintainers will have a harder time than they should making changes to the code. At worst, they'll be so confused by the state of the code that they'll introduce additional errors as they make changes.


Security Hotspot

Security-sensitive pieces of code that need to be manually reviewed. Upon review, you'll either find that there is no threat or that there is vulnerable code that needs to be fixed.


Vulnerability

A security-related issue which represents a backdoor for attackers. See also Security-related rules.



Bugs

Impact: Could the Worst Thing cause the application to crash or to corrupt stored data?

Likelihood: What's the probability that the Worst Thing will happen?


Vulnerabilities

Impact: Could the exploitation of the Worst Thing result in significant damage to your assets or your users?

Likelihood: What is the probability that a hacker will be able to exploit the Worst Thing?


Security Hotspots

Security Hotspots are not assigned severities as it is unknown whether there is truly an underlying vulnerability until they are reviewed.


QUALITY-PROFILES in SonarQube:


Quality Profiles are a core component of SonarQube, since they are where you define sets of Rules that when violated should raise issues on your codebase (example: Methods should not have a Cognitive Complexity higher than 15). 

• Quality Profiles are defined for individual languages. For each language there is a default profile.

 

• To manage Quality Profiles, browse to the the Quality Profiles page where you'll find Quality Profiles grouped by language.

•Quality Profiles are collections of rules to apply during an analysis.

***********************************************

How to run selenium tests from Jenkins? Maven and Jenkins Integration with Testng-Selenium?Run selenium maven project from command line?

Click Here For Steps with Screenshot

*********************************************** 


QUALITY-GATES in SonarQube:


•Quality Gates enforce a quality policy in your organisation by answering one question: is my project ready for release?

• To answer this question, you define a set of conditions against which projects are measured. For example:

                      No new blocker issues

                      Code coverage on new code greater than 80%

•Each Quality Gate condition is a combination of:

  a measure

  a comparison operator

  an error value

•For instance, a condition might be:

  measure: Blocker issue

  comparison operator: >

  Error value: 0

     Which can be stated as: No blocker issues. 


NOTE: Next post will be on How to Configure SonarQube in Automation Project?

Suggested Post:
ALL ABOUT AUTOMATION FRAMEWORK DESIGN


Check below link for question and answers with code:

Top API Interview Question 1-10

*************************************************

SeleniumWebdriver Automation Testing Interview Questions:

API Testing Interview Question Set:
https://automationreinvented.blogspot.com/search/label/Rest-API

 
Kubernetes Interview Question Set
https://automationreinvented.blogspot.com/search/label/Kubernetes

 
Docker Interview Question Set
https://automationreinvented.blogspot.com/2020/02/top-18-docker-commands-for-aytomation.html

 
Linux Interview question Set
https://automationreinvented.blogspot.com/search/label/Linux

 
Automation Testing/SDET Framework Design
https://automationreinvented.blogspot.com/search/label/FrameworkDesign


Java Related Interview Question Set

https://automationreinvented.blogspot.com/search/label/Java


GIT Interview Question Set:
https://automationreinvented.blogspot.com/search/label/GIT


Coding Interview Question Set:
https://automationreinvented.blogspot.com/search/label/Coding%20Questions








No comments:

Post a Comment