sonarqube

How to install SonarQube locally or in production to check your code for vulnerabilities, performance and maintainability

Posted by Alexius Dionysius Diakogiannis on in Core Java, Open Source, Security
A picture with a teenager starring. the caption sais looking at your code after one year. Did I wrote that?

Introduction

From Wikipedia: SonarQube (formerly Sonar) is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security recommendations. SonarQube can record metrics history, evolution graphs and provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.). In other words it checks if what your team has written is secure, performs well, it is tested and easy to maintain.

Continue reading “How to install SonarQube locally or in production to check your code for vulnerabilities, performance and maintainability”