Menu +

Search Posts

Category: Static analysis tools *

SonarQube 관련자료

SonarQube plugin https://www.sonarqube.org/features/centralization/ https://docs.sonarqube.org/latest/ https://docs.sonarqube.org/latest/user-guide/rules/ https://docs.sonarqube.org/latest/setup/overview/ https://docs.sonarqube.org/latest/analysis/overview/

S/W Quality metrics/indexes

1. CC (Cyclomatic Complexity) Cyclomatic complexity is a software metric used to indicate the complexity of a program. It is a quantitative measure of the number of linearly independent paths through a program’s source code. It was developed by Thomas J. McCabe, Sr. in 1976. Cyclomatic complexity is computed using the control flow graph of the program: the nodes of the graph correspond to indivisible groups of commands of a program, and a directed edge connects two nodes if the second command might be executed immediately after […]

How to install SonarQube, SonarLint

1. SonarLint for Eclipse SonarLint is available an stand-alone extension for the Eclipse IDE. You can install SonarLint into Eclipse via the marketplace client. The update site is http://eclipse.sonarlint.org. See Sonar on Eclipse for details. 2. Installation of SonarQube Running SonarQube via Docker is as simple as the following command. You can now login your local Sonar server on http://localhost:9000/ with the admin user and the admin password. Click on: Create your first project. This will allow you to create an access token which you […]

What is SonarQube?

SonarQube (formerly Sonar) is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities.[ SonarQube can record metrics history and provides evolution graphs. SonarQube provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.). SonarQube includes support for the programming languages Java (including Android), C#, PHP, JavaScript, TypeScript, C/C++, Ruby, Kotlin, Go, COBOL, PL/SQL, PL/I, ABAP, VB.NET, VB6, Python, RPG, Flex, Objective-C, Swift, CSS, HTML, and XML. Some of these are only available via a commercial license. SonarQube […]

List of tools for static code analysis

Multi-language Apache Yetus – A collection of build and release tools. Included is the ‘precommit’ module that is used to execute full and partial/patch CI builds that provides static analysis of code via other open source tools as part of a configurable report. Built-in support for C, C++, Java, Perl, Python, Ruby, Shell, and XML. May be extended via a plug-in framework. Axivion Bauhaus Suite – A static code analysis tool suite for Ada, C, C++, C#, […]

What is lint?

A linter or lint refers to tools that analyze source code to flag programming errors, bugs, stylistic errors, and suspicious constructs.[ The term originates from a Unixutility that examined C language source code. The analysis performed by lint-like tools can also be performed by an optimizing compiler, which aim to generate faster code. In his original 1978 paper, Johnson addressed this issue, concluding that “the general notion of having two programs is a good one” because they concentrated on different things, thereby allowing the programmer to “concentrate at […]