Sonarqube is an open-source platform which performs a continuous code analysis to help your team write cleaner and safer code. You can view this report of your code in your SonarQube account, where you can see possible bugs, security issues, code smells and other suggestions to avoid technical debt. However, it is also possible to add this report straight into your ALM’s provider’s interface!
Let’s take a look at PR Decoration with SonarQube.
This feature (available with the developer edition of SonarQube), allows you to add SonarQube analysis and a Quality Gate to your Pull Requests on GitHub, Bitbucket, Azure DevOps and GitLab.
By introducing this continuous analysis directly to your source code location, you can support your team to detect bugs quicker. The team will also be supported to write cleaner code to prevent technical debt and a legacy codebase. When submitting a pull request, possible security issues are directly identified. Moreover, any unit tests that are build into your code can also be included in the report, to provide a complete overview of your code analysis. Clean up your code directly after submitting your PR: the code eventually published to production, and coming into the hands of your end-users, will be double checked and more reliable.
The PR decoration can be built directly into your CI/CD workflow: every time a Pull Request is send, the analysis can automatically be executed. It takes some work to build the PR Decoration properly, but it has a lot of benefits when it is in place.
Are you interested in learning more about SonarQube and PR Decorations, or do you need help to implement this within your project? Get in touch to discuss how we can help you improve your code quality workflow.