SonarCloud / SonarCube

  • SonarCloud ( on cloud )
  • SonarCube

SonarScan : We want which code / project to review.

VM

  • Code smell
  • Bug
  • Vulnerbility ( Security domain )
  • Security ( Security domain )

docker-compose

image: sonarcube

http://localhost:9000 ( user : admin, pass : admin )

create project > get the project key for sonar-scan

Install SonarScanner

brew install sonar-scanner

Send code to scan on the project on the machine

sonar-scanner projectKey sources host=https://localhost:9000 login=keyToServer

see a result at the http://localhost:9000

Type : Bug / Vulnerability / Security / Reliability / Code coverage ( Unit test )

Language : Javascript

Can track priority major / assign to person ?

 

Quality Grade > New ( Operator Error at least : 80% )

Can add rules ….

 

SonarCube v.s. Eslint

  • SonarCube has visualization for non-technical person
  • $$$ if Integrated with github (need developer edition i.e. 12euro/month ( public repository ), private repository ( count max(LOC) in every branch, i.e. 100k ( 10 euro ) ) ( if SonarCloud, need to be public repository )
  • SonarCloud setup is more convenient ( login via github ). If SonarCube we need to pull the key and setup ( need ElasticSearch and another DB ).
  • SonarCloud is NOT able to custom rule ( rule and quality gate ).

SonarLint ( VS code extensions ) 

CircleCI ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s