SonarLint
Author: Dheeraj Jha
Code Review
While writing code, a coder should try to code in very effective and efficient manner. However, coder is a human and human can make mistakes, so the need of code review arises.
Code review is an examination of computer source code to check whether the written code follows the standards. It is intended to find and fix mistakes overlooked in initial coding phase.
It is also known as peer review, if done manually will take human effort. So there are tools available to check code quality.
Some Open Source Code Review Tools
PMD (Programming Mistake Detector)
It is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It includes CPD, the copy-paste-detector.
CheckStyle
It is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.
FindBugs
It detects possible bugs in Java programs. Potential errors are classified in four ranks: scariest, scary, troubling and of concern. This is a hint to the developer about their possible impact or severity.
Why SonarLint?
· SonarLint is an open-source IDE plugin for Eclipse and IntelliJ that performs static analysis on Java code.
· It does proactive code quality checks.
· It provides on-the-fly feedback to developers/testers on new bugs and quality issues injected into Java, JavaScript, Python and PHP code.
Steps to Install SonarLint
- Go to Eclipse Marketplace.
- Search SonarLint.
- Start The Installation.
- Accept license agreement.
- Click finish and restart the eclipse.
Steps to find the rules
Windows -> Preferences ->SonarLint ->Rules Configuration
Functionality of SonarLint
Once SonarLint is installed in Eclipse IDE, it can be triggered by clicking on analyze option on java code.
Here we have taken java example and IDE used is Eclipse.
It scans code for bugs, vulnerabilities and quality issues and reports to the user, so user can take appropriate action. Below is sample report of SonarLint.
SonarLint Interpretation
Challenges in analyzing Sonar Rules
There are more than 540 rules for java in SonarLint.
It can be checked on sonar community https://rules.sonarsource.com/java. The challenges were
· Analysis of single rule.
· Applying these rules manually on individual’s machine.
· Refactoring the code on the basis of sonar warnings and errors.
· Changes in coding practice.
· Not compatible with TestNG framework (due to ‘test’ keyword in file path)
SonarLint Benefits
· Provides immediate feedback and solutions.
· Improves code maintainability.
· Code Duplication
· Naming conventions
· Complexity
· Improves Security.
Outcome from QA Perspective
· Reduction in code duplicity
· Reduction in Code complexity
· Reduction in Script Execution time
· Better Coding Quality
· In-depth knowledge of rules
References
· https://www.sonarlint.org/
· https://rules.sonarsource.com/java
· https://www.sonarsource.com/products/sonarlint/
· https://stackshare.io/
