Sonar qube adoption in OSDU to systematically deliver and meet high code quality standards
Problem:
-
With growing code base in OSDU data platform, we have not seen certail standard to be getting followed and require attention to keep code quality in place.
-
There are places in code where there is a code duplication/code smell/inconsistency/ and does not follow a regular pattern which requires a clean code approach to reduce future risks. More details about clean code here https://docs.sonarsource.com/sonarqube/latest/user-guide/clean-code/definition/
-
No quality gates and metrics monitoring for code being written. metrics like code complexities/ cyclomatic complexities / duplicate code/code smells required to know the current health of the code and improvements required as per coding standards.
Implementation Proposal:
- To achieve the required quality and standard in OLSDU platform code we can implement the **Sonar Qube ** tool in our CICD pipelines.
- It shall be implemented for each service and configure the required metrics to know the current status of the code.
- Work towards the gap found and bring code to standard quality.
- Integrated Sonar Lint can be used to fix the issue in IDE and the check-in back code to repos.
SonarQube
- Sonar qube is a comprehensive tool that achieves required code quality by configuring different metrics and quality gates. It can report different gaps and also suggestions to fix them.
- SonarLint by SonarQube is a free and open-source IDE plugin brought to you by Sonar. It's your first line of defense to find and fix coding issues in real-time, ensuring the quality of your code and enhancing productivity.. Sonar lint is being used locally across multiple ideas to easily scan and provide the gaps. https://docs.sonarsource.com/sonarlint/intellij/
- There are multiple scanner plug-ins available for different languages to easily scan and detect the gaps.
- different quality gates can be configured to measure the code standard .o reliability, security, security review, and maintainability
- There is a bigger and more knowledgeable community to help with this tool.
Pricing and licensing
Sonar Qube is a paid tool and is available for free trial. However proposal would start with a community edition and later move to a developer license rather enterprise. SonarQube claims to be free for open-source projects. However, we need to check further. For licensing and prices following links will be useful https://www.sonarsource.com/open-source-editions/ https://www.sonarsource.com/plans-and-pricing/