Code quality and analysis with SonarQube — Part I

  • Vulnerabilities : Sonarqube runs OWASP top 10 checklist on your code.
  • Bugs
  • Code smells : this one specifically, runs a series of tests to be sure you’re following the best practices and the optimum way to get a clean code.
  • Technical debt : in brief words, technical debt in Sonar is the necessary time to fix what you’ve skipped (such as implementing tests, code readability ..) to deliver a feature fast.
  • Duplications : It scans for code blocks duplications, this is a good way to avoid redundant code to increase your app performance and make your code more readable.
  • Code coverage : This service measures how far your code is covered my tests like Unit tests for example, it gives a percentage that describe the coverage.
  • Cyclomatic complexity : This indicates the possible number of paths to go from a defined condition to an expected result.
  • Cognitive complexity : This measure indicates how difficult your code will be to read and understand, Sonarqube allow 15 as the default value to not go above, the rule is that, the less cognitive complexity you’ve in your code, the more readable it’s.

Add Sonarqube to your project locally :

Add Sonarqube to your CI-CD pipelines :

Quick troubleshooting 🔧:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store