In our SonarQube Quality Gate, we have added the Cyclomatic Complexity metric to throw a ‘warning’ if it is greater than 20 and ‘error’ if it is greater than 1000. In this blog, we will look at an issue with using Cyclomatic Complexity metric which we bumped into earlier this week and the action plan for resolution. If the code changes does not meet quality standards, the code check-in is rejected. This provides developers an early feedback of their code changes. We have integrated SonarQube with our CI/CD Pipeline and configured Quality Gates - hence with every code check in we perform a static code analysis of the changes. You use tools that find errors, OK.We have been using SonarQube for inspecting code quality of our applications for a long time now. Secondly, even if you use IntelliJ IDEA, ReSharper, and SonarLint/SonarQube and they find the same errors as PVS-Studio in your code, I have bad news for you. Both our customers' feedback and our own experience of checking open source projects confirm this. In other words, if you use one of the these products in the header, you will most likely find a bunch of NEW errors when running PVS-Studio which haven't been detected by other products. But frequently, diagnostics with the same descriptions even behave differently. The concepts of many errors lie on the surface. "But you have similar diagnostics!" - you would say. Will the Coliseum photo be of use if "gods make" you build the same one? To copy diagnostics from other products just by their description in the documentation is the same as to construct a similar building by a photo. We have 10, 20 and even more exceptions for each diagnostic when it mustn't trigger. The value of static code analysis, the value of its diagnostics is not where to issue a warning. Blind copying without understanding the point leads nowhere. Well, here comes the answer.įirstly, we DO NOT make PVS-Studio by copying diagnostics of competitors. And yes, I intentionally stated ReSharper, as there are some questions to our C# analyzer as well. I even have two responses to this objection. I just can't help but write a small reply note to this comment. We've run PVS-Studio recently and it found errors, already highlighted by IntelliJ IDEA!"
The most frequent objection to the suggestion to try PVS-Studio sounds something like this: "C'mon, why do we try PVS-Studio? We use IntelliJ IDEA, ReSharper, SonarLint and SonarQube.
In addition to the positive feedback, as it happens, we had to handle objections. Interest in static analysis is growing strongly in the last few years, so the audience perceived PVS-Studio enthusiastically. Recently I've returned from the JPoint conference, where we first presented our new PVS-Studio analyzer for Java. As the saying goes, a competently asked question contains half the answer. Sometimes people ask the question, which addresses a certain topic but is actually about another thing.
0 kommentar(er)
