BLOG
Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
We had a dream : mvn sonar:sonar
About a year ago we started to dream about the possibility to launch a full quality analysis on any Maven projects, with no configuration by simply running a simple and easy to remember command. Last week, when the Sonar maven plugin joined the Codehaus Mojo project, this dream became reality from Sonar 1.8 onwards. Joining this project presents several advantages to Sonar but the main one is definitely the step toward simplicity. Indeed, the old way to launch a quality analysis was to execute the maven command "mvn org.codehaus.sonar:sonar-maven-goal:X.Y:sonar", it now becomes "mvn sonar:sonar". No need to carry anymore the Sonar web server version, the Sonar Maven plugin groupId, artifactId, ... simply launch "mvn sonar:sonar" !
Read Blog post >
Reuse in Sonar unit test reports generated by other systems
Reuse in Sonar unit test reports generated by other systems
Read Blog post >
Using quality profiles in Sonar
Last month, Sonar 1.6 was released. The main feature of the new version is the ability to manage quality profiles. The purpose of this post is to explain what gap the functionality fills, to define what is a quality profile and to explain how to use it. Prior to Sonar 1.6, it was only possible to run analysis with one set of defined coding rules per instance of Sonar. It means that within an instance of Sonar, it was not possible to process differently various types of projects (legacy application, technical libraries, new projects, ...). They were all analyzed with the same set of rules. Therefore there was sometimes unnecessary noise around the quality data that made it difficult to see quickly what real action was required. Sonar 1.6 turns off this noise by allowing to define and simultaneously use several quality profiles.
Read Blog post >
What makes Checkstyle, PMD, Findbugs and Macker complementary ?
There is often some misunderstanding when people talk about coding rules engines. Everyone tries to take position in favor of his preferred tool and does his best to explain what are the weaknesses of the other ones.
Read Blog post >
Discussing Cyclomatic Complexity
Googling on Cyclomatic Complexity (CC), gives some interesting results... Among those results, you'll find the two following definitions :
Read Blog post >
Is 80% of code coverage any good ?
When talking about source code quality, there are always voices to tell you that metrics mean nothing and that plenty of projects have great metrics and poor quality! Let's look at one particular metric: the code coverage by unit tests.
Read Blog post >