Scribd Logo
Upload

Welcome to Scribd!

  • 30 views

    Static Code Analysis Exercise

    Uploaded by

    Luis Gutierrez
    This document provides instructions for using SonarQube and SonarScanner to analyze Java and TypeScript code. It describes running SonarQube to generate a report on Java code and SonarScanner to analyze TypeScript code. Students are asked to review the reports, identify issues, and provide recommendations and screenshots for 3-4 flagged areas in their Sprint 4 deliverable.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Static Code Analysis Exercise

    Uploaded by

    Luis Gutierrez
    30 views6 pages
    This document provides instructions for using SonarQube and SonarScanner to analyze Java and TypeScript code. It describes running SonarQube to generate a report on Java code and SonarScanner to analyze TypeScript code. Students are asked to review the reports, identify issues, and provide recommendations and screenshots for 3-4 flagged areas in their Sprint 4 deliverable.

    Original Description:

    Static Code Analysis Exercise and Project Analysis

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides instructions for using SonarQube and SonarScanner to analyze Java and TypeScript code. It describes running SonarQube to generate a report on Java code and SonarScanner to analyze TypeScript code. Students are asked to review the reports, identify issues, and provide recommendations and screenshots for 3-4 flagged areas in their Sprint 4 deliverable.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    30 views6 pages

    Static Code Analysis Exercise

    Uploaded by

    Luis Gutierrez
    This document provides instructions for using SonarQube and SonarScanner to analyze Java and TypeScript code. It describes running SonarQube to generate a report on Java code and SonarScanner to analyze TypeScript code. Students are asked to review the reports, identify issues, and provide recommendations and screenshots for 3-4 flagged areas in their Sprint 4 deliverable.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 6

    Static Code Analysis Exercise

    For this exercise, you will run SonarQube to analyze your Java project code and SonarScanner
    to analyze your TypeScript code. There is a deliverable due by end of class and another for
    Sprint 4.

    With the generated reports, you will put together a plan to address issues that were flagged in
    your Java or TypeScript code.

    Note: Make SonarQube is running, which you should have verified in the setup document.

    Analyzing code with SonarQube


    We will use SonarQube to analyze our Java code
    1. Go to your project directory where you would run maven to build and test your code
    2. Run mvn clean test sonar:sonar -D sonar.login=admin -D sonar.password=admin password
    3. This will execute all unit tests followed by SonarQube. You should see something
    similar to below:

    4. Log in to http://localhost:9000 and you should see your SonarQube report:


    Running SonarScanner
    Next, we will run SonarScanner to analyze our TypeScript code

    1. In SonarQube, click the “Create Project” button in the upper right corner and select
    “Manually”
    2. Enter a name for your project and click “Set Up”

    5. Select “Locally”
    6. For #1 Provide a Token, Enter any name for your token and click “Generate”

    7. Click “Continue”
    8. For #2 Run analysis on your project, select Other (for JS, TS, Go, Python, PHP, ...)
    9. Select your OS
    10. You should see something similar to below:

    11. Copy the command under “Execute the Scanner” and go to the directory where your
    TypeScript code resides and paste this to run. You should see something similar to
    below:
    12. Go back to the SonarQube web page and you should see both your projects listed.

    Take a screen shot of the projects (similar to above) and deposit it in the Static Code Analysis -
    individual in the myCourses Assignments by the date shown on your section's schedule.

    Explore and Analyze Your Reports


    Every report will be different based on what the code analysis identified. Clicking on “Issues”
    (top of screen – see below) will list all the issues across your projects, which can then be
    categorized by severity (e.g. major, critical, blocker) and type (e.g. bug, vulnerability).

    Depending on the complexity of your code, certain metrics like Cognitive Complexity might get
    triggered, requiring attention for potentially refactoring:
    Other “code smells” may get flagged due to issues with readability or other factors. This may
    indicate a problem or possibly a false flag.
    If a particular issue is not clear, click the “Why is this an issue?”, which will provide a description
    of the issue including code examples of a non-compliant issue and a compliant solution.

    Project Sprint 4 Deliverable

    Identify 3-4 areas within your code that have been flagged by SonarQube and provide your
    analysis and recommendations. Include any relevant screenshot(s) with each area. This will be
    part of your final design documentation in your Sprint 4 submission. Be sure to include at least
    one from both reports (Java and TypeScript).

    Stopping SonarQube
    Refer to the setup document to stop SonarQube.

    You might also like