SlideShare a Scribd company logo

Java Code Quality Tools

Download as PPTX, PDF
A
Anju ML

There are several tools to measure the code quality. Here we learn about two important code quality tools for Java applications.

Software
1 of 17
Code Quality Tools Powered by Infaum Educational Technology Anju ML
Code Quality Tools Here we are discussing about two important code quality tools.  SonarQube  FindBugs
SonarQube NOTE: Sonar Logo is taken from its official site
SonarQube • Sonar is an open source platform for continuous inspection of code quality. • Static code Analysis- Java. • It is developed with a main objective in mind: make code quality management accessible to everyone with minimal effort. • Sonar provides code analyzers, reporting tools, defects hunting modules and TimeMachine as core functionality.
Sonar- All in one…. NOTE: DRY—Don't Repeat Yourself Don't Repeat Yourself is a programming principle aimed at reducing repetition of code. NOTE: Above image is taken from its official site
Design and architecture—minimize dependencies Duplications—isolates and refines duplications, Don't Repeat Yourself Unit tests—writes unit tests, especially for complex parts of the software Complexity—equalizes disproportionate distributed complexity among components; eliminates complexity if possible Potential bugs—eliminate code violations to prevent vulnerabilities Coding standards—respect coding standards and follow best practices Documentation and comments—provide documentation especially for the Public API, the source code
How does Sonar work? Sonar is made of simple and flexible architecture that consists of three components:  A set of source code analyzers analyzers that are grouped in a maven plugin and are triggered on demand. The analyzers use configuration which is stored in the database.  A database to not only store the results of analysis, projects and global configuration but also to keep historical analysis for Time Machine  A web reporting tool is used to display code quality dashboards on projects, hunt for defects, and check TimeMachine and to configure analysis.
What Sonar provides? • Quality profiles • Dashboards o A consolidated view that shows all projects o Project dashboard is also available at modules and packages level • Hunting Tools • TimeMachine o TimeMachine is used to watch the evolution, replay the past, especially as it records versions of the project.
FindBugs NOTE: FindBugs Logo is taken from its official site
FindBugs • FindBugs is a program to find bugs in Java programs. • FindBugs is platform independent, and is known to run on GNU/Linux, Windows, and MacOS X platforms. • It uses static analysis on java code. – Static analysis is a way to inspect code without executing the program. • Works on byte code rather than source code.
• This tool inspects Java byte code which is saved in the form of complied class files, to detect occurrences of bug patterns. Bug patterns • Bug patterns are checklist items for possible problems in the Java source.
• Malicious code vulnerability – code that can be maliciously altered by other code. • Dodgy – code that can lead to errors. • Bad practice – code that violates the recommended coding practices. • Correctness – code that might give different results than the developer intended. • Internationalization – code that can inhibit the use of international characters. The patterns are categorized by the list below:
• Performance – code that could be written differently to improve performance. • Security – code that can cause possible security problems. • Multithreaded correctness – code that could cause problems in multi-threaded environment. • Experimental – code that could miss clean up of steams, database objects, or other objects that require cleanup operation.
FindBugs Results Warning reported by FindBugs are categorized into: • Relevant positive – a bug that the developers must fix or should fix. • Irrelevant positive –a bug but it is irrelevant to the program and does not need to be fixed. • False positive – Not a bug.
• My conclusion from this is that using FindBugs is definitely worthwhile. I plan to roll it out to all my Java projects and integrate it into the automated builds so that the FindBugs results are also available from the continuous integration server.
Java Code Quality Tools

Recommended

Orientation Program on Automated Software testing Powered by Infaum Education...
Orientation Program on Automated Software testing Powered by Infaum Education...Orientation Program on Automated Software testing Powered by Infaum Education...
Orientation Program on Automated Software testing Powered by Infaum Education...
Anju ML
 
Continuous code quality_in_java
Continuous code quality_in_javaContinuous code quality_in_java
Continuous code quality_in_java
Manimekalai48
 
A year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTSA year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTS
Matteo Emili
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
Prancer Io
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQube
Patroklos Papapetrou (Pat)
 
Tracking your Technical Debt with Sonarqube
Tracking your Technical Debt with SonarqubeTracking your Technical Debt with Sonarqube
Tracking your Technical Debt with Sonarqube
Puppet
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
ITAKE Unconference - Holding down your technical debt with Sonarqube
ITAKE Unconference - Holding down your technical debt with SonarqubeITAKE Unconference - Holding down your technical debt with Sonarqube
ITAKE Unconference - Holding down your technical debt with Sonarqube
Patroklos Papapetrou (Pat)
 

Recommended

Orientation Program on Automated Software testing Powered by Infaum Education...
Orientation Program on Automated Software testing Powered by Infaum Education...Orientation Program on Automated Software testing Powered by Infaum Education...
Orientation Program on Automated Software testing Powered by Infaum Education...
Anju ML
 
Continuous code quality_in_java
Continuous code quality_in_javaContinuous code quality_in_java
Continuous code quality_in_java
Manimekalai48
 
A year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTSA year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTS
Matteo Emili
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
Prancer Io
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQube
Patroklos Papapetrou (Pat)
 
Tracking your Technical Debt with Sonarqube
Tracking your Technical Debt with SonarqubeTracking your Technical Debt with Sonarqube
Tracking your Technical Debt with Sonarqube
Puppet
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
ITAKE Unconference - Holding down your technical debt with Sonarqube
ITAKE Unconference - Holding down your technical debt with SonarqubeITAKE Unconference - Holding down your technical debt with Sonarqube
ITAKE Unconference - Holding down your technical debt with Sonarqube
Patroklos Papapetrou (Pat)
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
UT, San Antonio
 
Beyond the basics of SonarQube: improve your Java(Script) code even further
Beyond the basics of SonarQube: improve your Java(Script) code even furtherBeyond the basics of SonarQube: improve your Java(Script) code even further
Beyond the basics of SonarQube: improve your Java(Script) code even further
Johan Janssen
 
How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis
Perforce
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code Inspection
Michael Jesse
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ?
Geeks Anonymes
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Nexus FrontierTech
 
Sonar Review
Sonar ReviewSonar Review
Sonar Review
Kate Semizhon
 
SonarQube
SonarQubeSonarQube
SonarQube
Gnanaseelan Jeb
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQube
Dmytro Patserkovskyi
 
Functional Tests Automation with Robot Framework
Functional Tests Automation with Robot FrameworkFunctional Tests Automation with Robot Framework
Functional Tests Automation with Robot Framework
laurent bristiel
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code Quality
Larry Nung
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short version
Dmytro Patserkovskyi
 
Continuous inspection with Sonar
Continuous inspection with SonarContinuous inspection with Sonar
Continuous inspection with Sonar
gaudol
 
Pay off your technical debt with SonarQube
Pay off your technical debt with SonarQubePay off your technical debt with SonarQube
Pay off your technical debt with SonarQube
Rik van den Berg
 
Sonar qube to impove code quality
Sonar qube to impove code qualitySonar qube to impove code quality
Sonar qube to impove code quality
Mani Sarkar
 
Sonar
SonarSonar
Sonar
Peerapat Asoktummarungsri
 
Top 10 static code analysis tool
Top 10 static code analysis toolTop 10 static code analysis tool
Top 10 static code analysis tool
scmGalaxy Inc
 
Test automation design patterns
Test automation design patternsTest automation design patterns
Test automation design patterns
Vitaly Tatarinov
 
Efficient mobile automation
Efficient mobile automationEfficient mobile automation
Efficient mobile automation
Vitaly Tatarinov
 
Sonar Overview
Sonar OverviewSonar Overview
Sonar Overview
Samuel Langlois
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
Orest Ivasiv
 
SOLID mit Java 8
SOLID mit Java 8SOLID mit Java 8
SOLID mit Java 8
Roland Mast
 

More Related Content

What's hot

Continuous inspection with Sonar
Continuous inspection with SonarContinuous inspection with Sonar
Continuous inspection with Sonar
gaudol
 

What's hot (20)

Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
 
Beyond the basics of SonarQube: improve your Java(Script) code even further
Beyond the basics of SonarQube: improve your Java(Script) code even furtherBeyond the basics of SonarQube: improve your Java(Script) code even further
Beyond the basics of SonarQube: improve your Java(Script) code even further
 
How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code Inspection
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ?
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
 
Sonar Review
Sonar ReviewSonar Review
Sonar Review
 
SonarQube
SonarQubeSonarQube
SonarQube
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQube
 
Functional Tests Automation with Robot Framework
Functional Tests Automation with Robot FrameworkFunctional Tests Automation with Robot Framework
Functional Tests Automation with Robot Framework
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code Quality
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short version
 
Continuous inspection with Sonar
Continuous inspection with SonarContinuous inspection with Sonar
Continuous inspection with Sonar
 
Pay off your technical debt with SonarQube
Pay off your technical debt with SonarQubePay off your technical debt with SonarQube
Pay off your technical debt with SonarQube
 
Sonar qube to impove code quality
Sonar qube to impove code qualitySonar qube to impove code quality
Sonar qube to impove code quality
 
Sonar
SonarSonar
Sonar
 
Top 10 static code analysis tool
Top 10 static code analysis toolTop 10 static code analysis tool
Top 10 static code analysis tool
 
Test automation design patterns
Test automation design patternsTest automation design patterns
Test automation design patterns
 
Efficient mobile automation
Efficient mobile automationEfficient mobile automation
Efficient mobile automation
 
Sonar Overview
Sonar OverviewSonar Overview
Sonar Overview
 

Viewers also liked

Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
Orest Ivasiv
 
Presentation CentOS
Presentation CentOS Presentation CentOS
Presentation CentOS
rommel gavia
 

Viewers also liked (10)

Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
SOLID mit Java 8
SOLID mit Java 8SOLID mit Java 8
SOLID mit Java 8
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps Engineer
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube Overview
 
Sonarqube
SonarqubeSonarqube
Sonarqube
 
Presentation CentOS
Presentation CentOS Presentation CentOS
Presentation CentOS
 
Install Linux CentOS 7.0
Install Linux CentOS 7.0Install Linux CentOS 7.0
Install Linux CentOS 7.0
 
SONAR
SONAR SONAR
SONAR
 
Cours Génie Logiciel - Cours 2 - Cycles de vie
Cours Génie Logiciel - Cours 2 - Cycles de vieCours Génie Logiciel - Cours 2 - Cycles de vie
Cours Génie Logiciel - Cours 2 - Cycles de vie
 
BDD with JBehave and Selenium
BDD with JBehave and SeleniumBDD with JBehave and Selenium
BDD with JBehave and Selenium
 

Similar to Java Code Quality Tools

Achieving quality with tools case study
Achieving quality with tools case studyAchieving quality with tools case study
Achieving quality with tools case study
EosSoftware
 
Understand release engineering
Understand release engineeringUnderstand release engineering
Understand release engineering
gaoliang641
 
Introduction to-automated-testing
Introduction to-automated-testingIntroduction to-automated-testing
Introduction to-automated-testing
BestBrains
 
Discovery Life Project Portfolio
Discovery Life Project PortfolioDiscovery Life Project Portfolio
Discovery Life Project Portfolio
Jaco Koekemoer
 

Similar to Java Code Quality Tools (20)

Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Topic production code
Topic production codeTopic production code
Topic production code
 
postgres.pptx
postgres.pptxpostgres.pptx
postgres.pptx
 
mydevops.pptx
mydevops.pptxmydevops.pptx
mydevops.pptx
 
postdev.pptx
postdev.pptxpostdev.pptx
postdev.pptx
 
Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening
 
Achieving quality with tools case study
Achieving quality with tools case studyAchieving quality with tools case study
Achieving quality with tools case study
 
Coding - SDLC Model
Coding - SDLC ModelCoding - SDLC Model
Coding - SDLC Model
 
Expert Code Review best practices
Expert Code Review best practicesExpert Code Review best practices
Expert Code Review best practices
 
Maven.pptx
Maven.pptxMaven.pptx
Maven.pptx
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development Concepts
 
Understand release engineering
Understand release engineeringUnderstand release engineering
Understand release engineering
 
Introduction to Automated Testing
Introduction to Automated TestingIntroduction to Automated Testing
Introduction to Automated Testing
 
Introduction to-automated-testing
Introduction to-automated-testingIntroduction to-automated-testing
Introduction to-automated-testing
 
Software coding & testing, software engineering
Software coding & testing, software engineeringSoftware coding & testing, software engineering
Software coding & testing, software engineering
 
Software Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionSoftware Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous Inspection
 
Jenkins_1679702972.pdf
Jenkins_1679702972.pdfJenkins_1679702972.pdf
Jenkins_1679702972.pdf
 
jenkins.pdf
jenkins.pdfjenkins.pdf
jenkins.pdf
 
Discovery Life Project Portfolio
Discovery Life Project PortfolioDiscovery Life Project Portfolio
Discovery Life Project Portfolio
 

Recently uploaded

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 

Recently uploaded (20)

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 

Java Code Quality Tools

  • 1. Code Quality Tools Powered by Infaum Educational Technology Anju ML
  • 2. Code Quality Tools Here we are discussing about two important code quality tools.  SonarQube  FindBugs
  • 3. SonarQube NOTE: Sonar Logo is taken from its official site
  • 4. SonarQube • Sonar is an open source platform for continuous inspection of code quality. • Static code Analysis- Java. • It is developed with a main objective in mind: make code quality management accessible to everyone with minimal effort. • Sonar provides code analyzers, reporting tools, defects hunting modules and TimeMachine as core functionality.
  • 5. Sonar- All in one…. NOTE: DRY—Don't Repeat Yourself Don't Repeat Yourself is a programming principle aimed at reducing repetition of code. NOTE: Above image is taken from its official site
  • 6. Design and architecture—minimize dependencies Duplications—isolates and refines duplications, Don't Repeat Yourself Unit tests—writes unit tests, especially for complex parts of the software Complexity—equalizes disproportionate distributed complexity among components; eliminates complexity if possible Potential bugs—eliminate code violations to prevent vulnerabilities Coding standards—respect coding standards and follow best practices Documentation and comments—provide documentation especially for the Public API, the source code
  • 7. How does Sonar work? Sonar is made of simple and flexible architecture that consists of three components:  A set of source code analyzers analyzers that are grouped in a maven plugin and are triggered on demand. The analyzers use configuration which is stored in the database.  A database to not only store the results of analysis, projects and global configuration but also to keep historical analysis for Time Machine  A web reporting tool is used to display code quality dashboards on projects, hunt for defects, and check TimeMachine and to configure analysis.
  • 8. What Sonar provides? • Quality profiles • Dashboards o A consolidated view that shows all projects o Project dashboard is also available at modules and packages level • Hunting Tools • TimeMachine o TimeMachine is used to watch the evolution, replay the past, especially as it records versions of the project.
  • 9. FindBugs NOTE: FindBugs Logo is taken from its official site
  • 10. FindBugs • FindBugs is a program to find bugs in Java programs. • FindBugs is platform independent, and is known to run on GNU/Linux, Windows, and MacOS X platforms. • It uses static analysis on java code. – Static analysis is a way to inspect code without executing the program. • Works on byte code rather than source code.
  • 11. • This tool inspects Java byte code which is saved in the form of complied class files, to detect occurrences of bug patterns. Bug patterns • Bug patterns are checklist items for possible problems in the Java source.
  • 12. • Malicious code vulnerability – code that can be maliciously altered by other code. • Dodgy – code that can lead to errors. • Bad practice – code that violates the recommended coding practices. • Correctness – code that might give different results than the developer intended. • Internationalization – code that can inhibit the use of international characters. The patterns are categorized by the list below:
  • 13. • Performance – code that could be written differently to improve performance. • Security – code that can cause possible security problems. • Multithreaded correctness – code that could cause problems in multi-threaded environment. • Experimental – code that could miss clean up of steams, database objects, or other objects that require cleanup operation.
  • 14. FindBugs Results Warning reported by FindBugs are categorized into: • Relevant positive – a bug that the developers must fix or should fix. • Irrelevant positive –a bug but it is irrelevant to the program and does not need to be fixed. • False positive – Not a bug.
  • 15.
  • 16. • My conclusion from this is that using FindBugs is definitely worthwhile. I plan to roll it out to all my Java projects and integrate it into the automated builds so that the FindBugs results are also available from the continuous integration server.

Editor's Notes

  1. Sonar is an open source platform for continuous inspection of code quality. It is developed with a main objective in mind: make code quality management accessible to everyone with minimal effort.
  2. Design and architecture—minimize dependencies Duplications—isolates and refines duplications, Don't Repeat Yourself Unit tests—writes unit tests, especially for complex parts of the software Complexity—equalizes disproportionate distributed complexity among components; eliminates complexity if possible Potential bugs—eliminate code violations to prevent vulnerabilities Coding standards—respect coding standards and follow best practices Documentation and comments—provide documentation especially for the Public API, the source code
  3. Quality profiles: Sonar enables to manage multiple quality profiles in order to adapt the required level to the type of project means new project, critical application, technical lib etc. Managing a profile consists of activate, deactivate, weight coding rules define thresholds on metrics for automatic alerting define project, profile association Dashboards: Sonar have 2 dashboards that give the big picture to get hints where there might be issues and to compare projects 1)a consolidated view that shows all projects 2) project dashboard is also available at modules and packages level Hunting Tools: To confirm that what seems to be an issue is really an issue, Sonar offers a hunting tool set which enables to go from overview to smallest details: A) It is drill down on every measure displayed to see what is behind B) Classes clouds used to find less covered classes by unit tests C) Hotspots which have on a page the most and the least files D) And a multi-entry like duplication, coverage, violations, tests success etc. source viewer to confirm the findings made with the hunting tools TimeMachine: TimeMachine is used to watch the evolution, replay the past, especially as it records versions of the project
  4. categorized by the list below: Malicious code vulnerability – code that can be maliciously altered by other code. Dodgy – code that can lead to errors. Bad practice – code that violates the recommended coding practices. Correctness – code that might give different results than the developer intended. Internationalization – code that can inhibit the use of international characters. Performance – code that could be written differently to improve performance. Security – code that can cause possible security problems. Multithreaded correctness – code that could cause problems in multi-threaded environment. Experimental – code that could miss clean up of steams, database objects, or other objects that require cleanup operation.