When creating software, the code should have the following characteristics:
Popular tools for static Code Analysis are Checkstyle, PMD, and FindBugs.
There are a few tiers to SonarQube, which will depend on how much you want the software to do and for what level of development you want to do with the software. A brief breakdown is as follows:
docker run -d --name sonarqube -p 9000:9000 <image name>
The SonarQube platform comprises of 4 components:
If you have access to the internet and you are connected with a SonarQube user having the Global Permission “Administer System” you can go to Administration > Marketplace (To learn more about the marketplace, go here: https://docs.sonarqube.org/latest/instance-administration/marketplace/)
Then you can find the plugin you want to install from the marketplace, and click on install and wait for the download to be processed. Once the download is complete, a restart button will be available to restart your instance
sonar.python.pylint.reportPath
property.pylint <module_or_package> -r n --msg-template="{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}" > <report_file>
The Python analyzer parses the source code, creates an Abstract Syntax Tree (AST) and then walks through the entire tree. A coding rule is a visitor that is able to visit nodes from this AST.
As soon as the coding rule visits a node, it can navigate its children and log issues if necessary.
Custom rules for Python can be added by writing a SonarQube Plugin and using Python Analyzer APIs.
pom.xml
:PythonCheckTree
or PythonSubscriptionCheck
.RulesDefinition
Sean Malloy is working as an Automation Engineer at Crest Data Systems. Sean has worked on multiple automation and 508 Compliance projects for Splunk. Before joining Crest, Sean worked as an intern twice at SAP and has led multiple projects as part of his internship for Machine Learning and web development. Sean holds a Bachelor’s degree from UC Davis.