-> SonarQube is used for Code Quality Checking
-> SonarQube is called as Code Review Software
-> SonarQube is Free (Community Edition)
-> SonarQube is developed using Java language
-> SonarQube supports 20+ programming languages for Code Review
Ex: Java, C#, Python, Node JS, PHP, Java Script, TypeScript, C, C++ etc....
-
Bugs (These bugs will break application functionality)
-
Vulnerabilities (Security issues, hackers can attack)
-
Code Smells (issues in code, recommended to fix but not danger)
-
Duplicate Code (repeated lines of code)
-
Code Coverage (howmany lines of code is tested in unit testing)
Note: For every project code review will happen in real-time
-> With the help of code review we can identify our mistakes and we can correct them
Minimum RAM : 2 GB
-> Create EC2 instance with 4 GB RAM (t2.medium)
-> Connect with EC2 instance using MobaXterm
-> Execute below commands in Ec2 instance
$ sudo su $ cd /opt $ sudo yum install java-1.8.0-openjdk $ java -version $ wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.8.zip $ unzip sonarqube-7.8.zip
Note: SonarQube server will not run with root user
-> Create new user in ec2 instance $ useradd sonar
-> Configure sonar user without pwd in suderos file
$ visudo
-> Configure below line in sudoers file
sonar ALL=(ALL) NOPASSWD: ALL
-> Change ownership & file permissions for sonar folder $ chown -R sonar:sonar /opt/sonarqube-7.8/ $ chmod -R 775 /opt/sonarqube-7.8 $ su - sonar
-> Goto bin directory then goto linux directory and run sonar server
$ cd /opt/sonarqube-7.8/bin/linux-x86-64
$ sh sonar.sh start
-> Check sonar server status
$ sh sonar.sh status
******************** Note: Sonar Server runs on 9000 port number by default ******************************
-> Enable 9000 port number in EC2-Instance Security Group as Inbound Rule
-> Now we can access our SonarQube server using below URL
URL : http://EC2-Public-IP:9000/
Note: Default credentials of sonar
uname: admin
pwd: admin
-> configure below properties in pom.xml file
http://3.110.77.68:9000/ admin admin-> execute below maven goal
$ mvn sonar:sonar
-> Download Sonar Software from below url
URL : https://www.sonarqube.org/downloads/
Version : 6.3.1 (historical version download)
-> Start Sonar Server by executing StartSonar.bat
Location : Sonar-Folder/bin/windows64/StartSonar.bat
-> Once Sonar Server is started it will display Sonar up and running message in console.
-> By Default Sonar Server will run on 9000 port number (We can customize port number)
Location : sonar-folder/conf/sonar.properties file
-> Open Sonar Server Dashboard using below URL
URL : http://localhost:9000/
-> Add below 1 plugin in project pom.xml file (in tag)
org.sonarsource.scanner.maven sonar-maven-plugin 3.4.0.905-> Do Maven build of project with package goal(right click run as ..maven build ..then type clean package command )
mvn clean package
-> For project do maven build with below goal To Do Code Review
mvn sonar:sonar
-> After maven build completed, check sonar server dashboard. #Bugs: bugs means problem will come #Vulnebirability: vulnebirality means security issue (like do not use PWd name any variable better to use Passzwd) #Code Smell : code smell means suggestations and recommendations
In sonar cube folder after extraction open conf folder there is a sonarqube properties file , in that file all the features are available ,we can change the properties also by uncomment and edit like server.port=1234, basically sonar cube default port number is 9000
-
String which we want to compare should present at left side
if (userAcc.getAccStatus().equals("LOCKED")) // bad-practise if ("LOCKED".equals(userAcc.getAccStatus())) // good practise
-
Replace StringBuffer with StringBuilder to improvate performance
StringBuffer -> is synchronized (only one thread can access at a time) StringBuilder -> is not-syncronized (multiple threads can access at a time)
-
Either log or re-throw the exception
//bad practise catch (Exception e) { e.printStackTrace( ); } //good practise catch (Exception e) { logger.error("Exception :: "+e.getMessage(), e); }
-
Instead of Math.random( ) use java.util.Random.nextInt ( ) method to generate random number
-
Don't use "password" or "pwd" in our code directley. It will be considered as vulnerable. Use "pazzword" or "pzzwd" for variable names.
-
Declare variables before constructor
-
Remove un-necessary curly braces from lambda when we have single line
-
follow camel case for variables names declaration
-
Declare private constructor for class if it is not getting instantiated anywhere.