#sonarqube

Steinar Bangsteinarb
2025-06-03

Dårlig råd fra er maset om parametrisering av tester.

Det ser kanskje bra ut å få pakket inn masse greier, men det medfører at når verden endrer seg så er det masse som feiler og som fikset.

Og ettersom grunnen til at man har flere tester er (eller: bør være) at man tester litt forskjellige ting så kan det godt være at parametriseringen ikke passer lengre.

Så da må man enten utvide parametriseringen med flere paramtre... eller fjerne parametriseringen

2025-06-01

jpeek – когда SonarQube мало

Сегодня в любой более-менее серьезной компании, где настроен CI/CD, используется SonarQube. Это уже стандарт де-факто — он умеет проверять определять code smells, измерять цикломатическую сложность, определять дублирование, уровень покрытия тестами, распознавать недостижимый код, подсчитывать размеры методов и классов и многое другое. Настроили, подключил к CI — и вроде бы все хорошо. Но...

habr.com/ru/articles/912556/

#jpeek #SonarQube #quality #качество_кода #java

2025-05-22

@_rubb3r_duck lol :-D das gute #SonarQube ist tatsächlich der Meinung, dass Generics nur einen Buchstaben haben dürfen!

Rename this generic name to match the regular expression '“[A-Z][0-9]7$"
2025-05-07

SonarQube в действии: плагины как ключевой элемент контроля качества в отделе

Привет! Меня зовут Глеб, я старший backend-разработчик в ЮMoney. В прошлом году моя команда активно занималась внедрением и развитием инфраструктуры статического анализа на базе SonarQube . Итогом нашей деятельности стало превращение SonarQube из простого статического анализатора в полноценную платформу для автоматизации многих процессов контроля качества — от сопровождения кодовой базы и отказа от Kotlin до проверки обратной совместимости в OpenAPI-спецификациях и миграциях баз данных. Расскажу, какое место занимает этот инструмент в нашей системе контроля качества и как именно мы этого добились.

habr.com/ru/companies/yoomoney

#sonarqube #статический_анализ #плагины #backendразработка #контроль_качества_кода #java #semgrep

CompilaQuindiVa - Marco B.compilaquindiva@mastodon.uno
2025-04-15

Questa sera riparte “Discovery”, la serie di live #coding dedicate alla scoperta dei #tool di #sviluppo. 🧑‍🚀

Destinazione: il meraviglioso universo dell'analisi statica del #codice. 🔬

Missione: installare e configurare #SonarQube per analizzare codice #Delphi con il #plugin dedicato. 🕵️

Unisciti all'equipaggio per assistere in diretta, fare il tifo o anche sfottermi... simpaticamente eh!? 🤭

Il lancio è previsto per le 21.30 sul mio canale #Twitch “CompilaQuindiVa”! 🚀
👉 twitch.tv/compilaquindiva

Copertina della live di coding su Twitch con titolo *Analisi statica del codice con SonarQube in Delphi*, della serie "Discovery", programmata per martedì 15 aprile 2025 alle ore 21.30 sul canale Twitch "CompilaQuindiVa" di Marco Breveglieri (https://twitch.tv/compilaquindiva).
2025-03-13

Как SonarQube помогает автоматизировать код-ревью: гид для начинающих

SonarQube — это инструмент анализа качества кода, написанный на Java. Он выявляет баги, уязвимости, дублирование кода и «запахи кода» (code smells). SonarQube используют в CI/CD (Continuous Integration, Continuous Delivery — непрерывная интеграция и доставка) для автоматической проверки и улучшения качества кода.

habr.com/ru/companies/skillfac

#sonarqube #кодревью

Joey Chenjoeycdev
2025-03-09

After 4 months waiting, finally receive T-shirt from for contribution.
I love this design. Huge thanks! :smug:

Elizabeth K. Josephpleia2@floss.social
2025-02-07

The #s390x open source software team at IBM confirms the latest versions of various software packages run well on #Linux on #IBMZ & #LinuxONE

In December 2024 validation was maintained for over 30 projects, including @ApacheKafka
#HAProxy #SonarQube

We also saw community CI added for the Zxilly go-site-analyzer, and the Zig programming language, along with CI & binaries for ruri and scie-jump

Full report + how to apply for your own s390x VM for your project: community.ibm.com/community/us

2024-12-18

Blogged: .NET Code Coverage in Azure DevOps and SonarCloud

How to generate code coverage data that gets displayed in Azure Pipelines and SonarQube

david.gardiner.net.au/2024/12/

#AzureDevOps #AzurePipelines #SonarQube #CodeCoverage #dotnet

Screenshow of code coverage UI in Azure Pipelines
LatzLatz
2024-12-09

Der SonarQube Free Tier erlaubt jetzt private GitHub-Repositories (bis 50.000 Zeilen).

Cool, denn manche meiner Projekte würde ich gerne scannen lassen, sie sind aber noch nicht reif für die Öffentlichkeit.

JB Lièvremontmithfindel
2024-12-06

Hey people who read and write 👋🏻

FYI, SonarLint is now known as ✨ for IDE ✨

The 4 flavors of the product are maintained by one squad of 10 highly skilled professionals 🧑🏻‍💻 who are committed to offering the best UX to help people around the world clean their code.

Product reviews are not perfect, but we noticed that angry people tend to be overrepresented there.

So if the product is helpful in any way to you, please do feel free to drop a word, it would mean the world to us. 🧵

Naiyernaiyer
2024-12-03

Someone tell that I don’t need to override `hashCode`, `equals` and `toString` methods for Java records.

Torstein Krause Johansenskybert@hachyderm.io
2024-10-30

Impressive Sonarqube. Impressive 🙈

#sonarqube #cicd #security

SonarQube quality gate failed, -0.0% ... is less than 100%. Which makes no sense.
2024-10-28

Is it a trend that cloud services have less features than their on-premise counterparts? Today I am struggling with the #Azure container registry cache, which does not support pulling new tags automatically, which makes it unusable for #Renovate. #Bitbucket cloud does not have the feature to delete PRs. Same was when #SonarQube became #SonarCloud - so many useful features where suddenly missing.

#DevOps #cloud #dev

Johnny GraberJGraber
2024-10-15
2024-10-14

Concerning 🛡️ “Intel Broker claims a major data breach at #Cisco allegedly stealing source codes, confidential documents, and credentials from global firms like #Verizon AT&T, #Microsoft and more. Data is now for sale on Breach Forums.”
What Was Allegedly Stolen?

As seen by the Hackread.com research team, Intel Broker has listed a massive amount of data that was allegedly stolen in the breach, including:

Source Code: Projects from #GitHub, #GitLab, and #SonarQube, critical to Cisco’s development efforts.
Hard-Coded Credentials: Sensitive information like login details embedded in source code.
Certificates and Keys: SSL certificates, and public and private keys crucial for secure communications.
Confidential Documents: Internal documents and information classified as “Cisco Confidential.”
API Tokens and Storage Buckets: #AWS private buckets, #Azure storage buckets, and API tokens that could be used to access critical systems.
Other Sensitive Information: Jira tickets, Docker builds, and Cisco premium products are also listed.

hackread.com/intel-broker-cisc #Infosec

2024-10-07

#BSI WID-SEC-2024-3083: [NEU] [mittel] #SonarSource #SonarQube: Schwachstellen ermöglichen Manipulation von Dateien und Offenlegung von Informationen

Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in SonarSource SonarQube ausnutzen, um Dateien zu manipulieren und vertrauliche Informationen offenzulegen.

wid.cert-bund.de/portal/wid/se

CoreSeccoresec
2024-09-15

Ich habe mir ein installiert und der funktioniert ganz gut mit nur in meine Pipelines muss ich den noch integrieren

2024-08-22

It's a shame, that every platform is making swift developers pay. In the past, you only had to pay the "Apple tax" to Apple (like the 99 bucks for the Apple Developer Program). But today, even projects like SonarQube make iOS devs pay. Most popular languages are supported out of the box. The Community Edition supports Java, C#, Kotlin, and even Scala and VB.NET. But do you want to check your swift codebase? Sure, if you pay for the commercial edition. That's not cool.
#swift #ios #sonarQube

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst