Building Continuous Code Quality through SonarCloud

  • Continuous inspection of overall health.
  • Centralized code quality management.
  • Enforce code quality through the quality gate in our organization.
  • Dashboard: Overall quality health of all projects at a glimpse.
  • Quality Gate: Go/No-Go gate for a new version of the project.
  • Tracking: Gives you a moment-in-time snapshot of your code quality today.
  • Integration with our CI Engine: SonarCloud integrates with CircleCI out of the box.

Start Small

After we integrated sonar with our source code, SonarCloud has pre-defined rules built in for every language. We examined all the pre-defined rule-sets and picked the most important and suitable ones that suit our needs.

Pilot Run Analysis

We selected a couple of projects from our engineering teams and requested them to scan their projects against the defined rules set and quality gate. We also asked the respective teams to look into the issues reported and to provide us with their feedback. Based on their response, we readjusted the baseline of the ruleset with the changes in activating/deactivating the rules, changing the severity, etc.

Roll-Out

After getting positive feedback from the pilot run, we rolled it out across all the projects. Though there was some hesitancy, we have soon realized the value, and now it has become the regular practice of analyzing the code and approving the PR more confidently.

How does SonarCloud work with our CI/CD?

How we fixed a security issue through a quick feedback loop

When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that the software will generate and use this guess to impersonate another user or access sensitive information.

Code Complexity

Summary

How have we benefited so far?

  1. Significant effort spent on manual code review (static) is now being avoided.
  2. It improved the quality of the code by reducing code complexities, security, duplications in the code.
  3. Through our CircleCI integration, analysis is now automated and makes code easy to review.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store