What is SonarQube ?
In simple words, SonarQube is an open-source tool for continuous inspection of code quality. It does static code analysis, provides a detailed report of bugs, code smells, vulnerabilities and code duplications.
SonarQube integration with Azure DevOps
We can utilize built-in Azure DevOps tasks for SonarQube which helps us to incorporate this tool into our CI/CD pipelines. We will learn that with a use case.
Lets begin 🙂
Continue reading “SonarQube Integration with Azure DevOps”
Source code quality analysis is a basic piece of the Continuous Integration process. Along with automated tests, it is the key component to deliver reliable software without numerous bugs, security vulnerabilities, or performance spills.
There are many open source as well as commercial tools available in the market for static code analysis such as LGTM, PMD,Graudit, reshift, Codacy, and many more. One of the best static code analyzer you can find on the market is SonarQube.
Continue reading “SonarQube Custom Quality Profiles”