Sonar qube adoption in OSDU to systematically deliver and meet high code quality standards

Problem:

  • With growing code base in OSDU data platform, we have not seen certail standard to be getting followed and require attention to keep code quality in place.

  • There are places in code where there is a code duplication/code smell/inconsistency/ and does not follow a regular pattern which requires a clean code approach to reduce future risks. More details about clean code here https://docs.sonarsource.com/sonarqube/latest/user-guide/clean-code/definition/

  • No quality gates and metrics monitoring for code being written. metrics like code complexities/ cyclomatic complexities / duplicate code/code smells required to know the current health of the code and improvements required as per coding standards.

Implementation Proposal:

  • To achieve the required quality and standard in OLSDU platform code we can implement the **Sonar Qube ** tool in our CICD pipelines.
  • It shall be implemented for each service and configure the required metrics to know the current status of the code.
  • Work towards the gap found and bring code to standard quality.
  • Integrated Sonar Lint can be used to fix the issue in IDE and the check-in back code to repos.

SonarQube

  • Sonar qube is a comprehensive tool that achieves required code quality by configuring different metrics and quality gates. It can report different gaps and also suggestions to fix them.
  • SonarLint by SonarQube is a free and open-source IDE plugin brought to you by Sonar. It's your first line of defense to find and fix coding issues in real-time, ensuring the quality of your code and enhancing productivity.. Sonar lint is being used locally across multiple ideas to easily scan and provide the gaps. https://docs.sonarsource.com/sonarlint/intellij/
  • There are multiple scanner plug-ins available for different languages to easily scan and detect the gaps.
  • different quality gates can be configured to measure the code standard .o reliability, security, security review, and maintainability
  • There is a bigger and more knowledgeable community to help with this tool.

Pricing and licensing

Sonar Qube is a paid tool and is available for free trial. However proposal would start with a community edition and later move to a developer license rather enterprise. SonarQube claims to be free for open-source projects. However, we need to check further. For licensing and prices following links will be useful https://www.sonarsource.com/open-source-editions/ https://www.sonarsource.com/plans-and-pricing/

Edited by Om Prakash Gupta