Since June 2022, Wolfberry is helping a nordic industrial leader within a specific sector to upgrade their current and upcoming products with IoT capabilities. We will help the client to go from idea to production using the Microsoft Azure IoT eco-system.
We’re happy to be a part of this exciting journey and will share all our best advice along the way.
Due to a NDA we are unable to disclose the client yet.
In our game, great code is a key factor to success. Quality coding speeds up your development and saves time and money.
There are multiple ways of improving your source code, from more education and training, applying a coding standard, code reviewing, and static code analysis to unit testing.
Hopefully all the above are already in place, but if you’re missing the static code analysis part or are interested in SonarQube as static code analysis tool, this article is for you.
If your project has been in a hectic release phase with focus on delivering features rather than on design discussions, unit testing and refactoring, the KPI’s on the SonarQube overview dashboard will probably show that. Some examples of KPI’s are Security Hotspots, Technical depts (measured in time), number of bugs, number of code smells and duplicated code (measured in % and lines of code).
Pricing and hosting
Is SonarQube expensive? On the contrary, it’s free in most cases. You can choose between using SonarCloud or hosting your own SonarQube server and databasee on-premises or in cloud (e.g., in a virtual machine in Azure/GCP/AWS). In the latter case, costs for the virtual machine and database will be added to your cloud bill. SonarCloud is free for public repositories but costs for private/non-public ones.
SonarQube consists of a scanner to scans the source code, a server receiving the results, and a database. The scanner is preferrably installed and run by your Continous Integration (CI) and Pull/Merge Request pipelines. If you choose to host your own server, remember that you are responsible for keeping the operating system and SonarQube server and database updated and secure.
It is also possible to integrate SonarQube into your IDE such as Visual Code or Visual Studio to get real-time feedback.
If you choose SonarCloud you only need to install the scanner in the CI/Pull/Merge Request pipeline. The server part is managed by SonarSource (the company behind SonarQube/SonarCloud).
Below is an example of when SonarCloud is used for scanning the code in a Pull Request (on GitHub). The comment below is inserted as a comment into the Pull Request. The result can also be viewed with more details on SonarCloud.io.
Where to start the refactoring?
When it’s time to start refactoring the code, but you don’t know where to start, SonarQube will guide you. Under the Measures tab, there is a very nice graph of different files with reliability and security ratings. I usually start with the worst file.
Pimp your repo documentation with a badge
Brag about your top-notch code quality with an impressive and beautiful badge.
My SonarQube experience
At Wolfberry, we’ve used and installed SonarQube for many years, each time resulting in higher code quality. Both managers and developers have been very satisfied with the tool, and we have only received positive feedback.
If you don’t have a static code analysis tool today, we really recommend you start right away with SonarQube. If, however, you know of an even better tool, please drop us a message on LinkedIn.
Since June 2021, Wolfberry has worked on an interesting assignment for a major Swedish agriculture company with 10 000 employees, 20 000 farmers and an annual turnover of EUR 4.5 billion.
Our mission is to provide best practices in software architecture and development. We are now helping the company develop new solutions and migrate existing front-ends, back-ends and databases from on-premises servers to cloud (Microsoft Azure).
Wolfberry had a flying start in the fall of 2020 with a very exciting scale-up company in the tech-dense city of Lund as our first client. Our ongoing task is to help with system architecture, product ownership, project coordination and development.