Saturday, September 29, 2018

Sonar Qube - Quality Gates

Code scan or linting is a very important process in CI/CD Implementation. It is a mandatory process now to scan the code for code smells, vulnerabilities, non-standard code etc. 

SonarQube is a tool which does the job of scanning your code and providing details about your code on how standard it is. It will present you with Blockers (code that is badly written that can cause issues which application running in production)critical, major and minor. It also presents you with a value of how much standard your code is. SonarQube currently supports 21 language. You can scan your code directly with out writing any linting configuration. 

SonarQube scans by using something called as Quality Gates. Every scan that we do on our code by SonarQube is by comparing our code with the quality gates. Sonar Qube has a default quality gate called “SonarQube way”. Whenever we scan our code, our code is scanned against default quality gate “SonarQube way” and results are displayed. SonarQube gives us the ability to configure our own Quality Gate. 

SonarQube Quality gates are the best way to ensure that standards are met and regulated across all the projects in the organization.  Quality gates are defined with set of threshold measures set on your project like code coverage, technical debt measure, number of blockers/critical issues, security rating, unit test pass rate etc.
In order to pass a Quality gate, the project should pass through each of the thresholds defined or in other words it is just a set of conditions the project must meet before it can qualify for production release. When SonarQube runs it will identify if the code meets all the quality thresholds we have defined – else it will fail the quality gate and will not allow you to check in code to the Source code system.  

Sonar Scan with quality gate is a powerful feature that with GitHub provides you a way to stop merging your code (Pull request) to GitHub if SonarQube scan fails. Using Quality Gates, we can also scan for new issues that arise with our new code that is written. So, it also provides you a way to scan new code issues too. 

Creating a Quality gate is very easy. Go to Quality gates in the SonarQube and create a Quality gate. We need to configure our thresholds in order for our project to meet. Once we configure the quality gate we need to assign our project to the newly created quality gate. Once we assign, all our subsequent scan on our project will be scanned against the quality gates. Here is a screenshot for the scan against our quality gate, 
More to Come, Happy learning 🙂 
Read More