SonarSource are embarking upon a “city tour” of European capitals and US cities which started on 26th May in London.
I have been one of the ~50 attendees who gathered at The Radisson Blu Portman hotel to talk about the technology and the product with the CEO Oliver Gaudin, Product Manager Freddy Mallet, and Java Developer Nicolas Peru.
I will start by stating that I am a big advocate of SonarQube as part of Continuous Integration and Delivery. In my current role, I encourage all stakeholders to maintain a SonarQube dashboard and understand a few aspects of the software we produce, as it evolves over time. I have been however in many situations where the results of a static analysis and the reports produced are overlooked. The opportunity to meet the team of SonarSource in person and ask my questions as well as listen to other questions and chat with the audience was one that I wouldn’t miss.
Oliver, begun by discussing the concept of quality and technical debt. This part was particularly interesting as I was keen to absorb some arguments in favor of SonarQube as the tool to produce good quality metrics as well as accurate technical debt reports. All organisations who are related to software development face the challenge of quality ownership. It was a unanimous opinion in the room though, that it is the developers themselves who are responsible for the code they write and at the same time they are the ones who take pride in producing a quality product. Nonetheless, in big corporations, the feeling of writing good software is completely extinct as the contracted deadlines and payments take over. This is the part where I believe SonarQube can play a huge role with its technical debt reports. Technical debt must always be maintainable and there are ways to properly deal with it, such as the usage of quality gates which can be categorized by complexity levels and can be introduced gradually on each project to take it to the next level. This is a practice that SonarSource guys are using in house which I found very intriguing.
The “Fix the leak” concept, which was the main theme of the day, triggered very nice debates about what do we do when we inherit legacy codebases, or begin in a greenfield project to ensure that the technical debt remains maintainable?
As part of the SonarQube roadmap, the SonarSource team are planning to release the next LTS on 3rd of June which encourages clustering by introducing improvements to the Compute Engine. This is the part which was of great interest, as in many cases in the past LTS versions I have been using, the Jenkins instances had to have connectivity to the Sonar Database making it impossible to ring-fence the database instance. With Compute Engine and the new versions of the SonarQube plugins, the build servers only need the SonarQube URL
Improvements are made on the quality ratings by introducing the new commercial plugin named ‘Governance’ which will contain views on Maintainability (ex SQALE), Releaseability, Reliability and Security.
SonarQube as a service was another announcement which pleased the audience. This will be a free service and will enable opensource projects to perform static analysis using SonarQube. In the early days it will require a github account for authentication. It will also support all of the built-in SonarSource plugins, but no 3rd party ones.
At the end of the day, my impression was extremely good. The opportunity to speak to the guys themselves as well as other technical people in London about the tool was terrific. Many thanks to the SonarSource team for being patient with our questions.
Stay tuned for new stuff! #SSCT2016