SonarSource City Tour #SSCT2016

CjYVH1fWsAAAMPm (1)

SonarSource are embarking upon a “city tour” of European capitals and US cities which started on 26th May in London.

I have been one of the ~50 attendees who gathered at The Radisson Blu Portman hotel to talk about the technology and the product with the CEO Oliver Gaudin, Product Manager Freddy Mallet, and Java Developer Nicolas Peru.

I will start by stating that I am a big advocate of SonarQube as part of Continuous Integration and Delivery. In my current role, I encourage all stakeholders to maintain a SonarQube dashboard and understand a few aspects of the software we produce, as it evolves over time. I have been however in many situations where the results of a static analysis and the reports produced are overlooked. The opportunity to meet the team of SonarSource in person and ask my questions as well as listen to other questions and chat with the audience was one that I wouldn’t miss.

Oliver, begun by discussing the concept of quality and technical debt. This part was particularly interesting as I was keen to absorb some arguments in favor of SonarQube as the tool to produce good quality metrics as well as accurate technical debt reports. All organisations who are related to software development face the challenge of quality ownership. It was a unanimous opinion in the room though, that it is  the developers themselves who are responsible for the code they write and at the same time they are the ones who take pride in producing a quality product. Nonetheless, in big corporations, the feeling of writing good software is completely extinct as the contracted deadlines and payments take over. This is the part where I believe SonarQube can play a huge role with its technical debt reports. Technical debt must always be maintainable and there are ways to properly deal with it, such as the usage of quality gates which can be categorized by complexity levels and can be introduced gradually on each project to take it to the next level. This is a practice that SonarSource guys are using in house which I found very intriguing.

The “Fix the leak” concept, which was the main theme of the day, triggered very nice debates about what do we do when we inherit legacy codebases, or begin in a greenfield project to ensure that the technical debt remains maintainable?

As part of the SonarQube roadmap, the SonarSource team are planning to release the next LTS on 3rd of June which encourages clustering by introducing improvements to the Compute Engine. This is the part which was of great interest, as in many cases in the past LTS versions I have been using, the Jenkins instances had to have connectivity to the Sonar Database making it impossible to ring-fence the database instance. With Compute Engine and the new versions of the SonarQube plugins, the build servers only need the SonarQube URL

Improvements are made on the quality ratings by introducing the new commercial plugin named ‘Governance’ which will contain views on Maintainability (ex SQALE), Releaseability, Reliability and Security.

SonarQube as a service was another announcement which pleased the audience. This will be a free service and will enable opensource projects to perform static analysis using SonarQube. In the early days it will require a github account for authentication.  It will also support all of the built-in SonarSource plugins, but no 3rd party ones.

The flagship of the tour however was the notorious SonarLint plugin for Eclipse and IntelliJ. This is the plugin which allows a real-time analysis of the code a developer works on which will ultimately will present all the issues based on the profile used. Nicholas Peru gave us a nice Demo of the feature and answered all immediate questions around the plugin. It will load the rules upon startup of IDE, it will perform the analysis everytime code is compiled, 3 languages supported php java javascript by default, Uses the rules of sonar way profile but it is configurable  etc…

At the end of the day, my impression was extremely good. The opportunity to speak to the guys themselves as well as other technical people in London about the tool was terrific. Many thanks to the SonarSource team for being patient with our questions.

Stay tuned for new stuff! #SSCT2016

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s