Informações Gerais
Este Permite automatizar a análise de código fonte escrito em C/C++ e/ou Java utilizando os plugins sonar-cxx e/ou sonar-java para adicionar relatórios de análises realizadas com outras ferramentas de código aberto como: cppCheck, Vera++, Checkstyle, SpotBugs e PMD. Por fim, você pode ver a integração com ferramentas de Integração Contínua como Jenkins ou GitLab.
Conteúdo Programatico
Introduction to Source Code Analysis and SonarQube
- Why Source Code Analysis (SCA)
- Overview of Coding Style Standards
- Analysis Tools: C/C++ and Java
- Introduction to SonarQube
- Lab: Running static analysis and visualizing the results in SonarQube
SonarQube for C/C++ Projects
- Overview of the sonar-cxx plugin
- Integration with external tools: cppcheck and Vera++
- SonarQube configurations: rules, quality profiles & quality gates
- Lab: Running code analysis and interpreting the results in SonarQube
SonarQube for Java Projects
- Overview of the sonar-java plugin
- Integration with external tools: checkstyle, SpotBugs and PMD
- SonarQube configurations: rules, quality profiles & quality gates
- Lab: Running code analysis and interpreting the results in SonarQube
SonarQube Server Configuration
- SonarQube system architecture
- SonarQube servier configuration
- SonarQube maintenance
- Lab: SonarQube configuration, deployment and integration with external databases
Developing Custom Style Rules
- Overview of the process to develop custom rules using sonar-cxx and sonar-java
- Deployment of the custom rules to the server
- Lab: Developing a custom rule
SonarQube Integration with Jenkins
- SonarScanner plugin for Jenkins
- SonarQube continuous analysis with Jenkins and Git
- Generating reports using SonarQube Web API
- Lab: Jenkins configuration with SonarQube
SonarQube Integration with GitLab
- GitLab CI/CD Pipelines Architecture
- GitLab and SonarQube Integration
- Lab: Developing a GitLab CI/CD pipeline using SonarQube