We are evaluating SonarQube as a code quality tool. Sonar can:
1. Check coding style. This will free developers to review code for design issues and let the automated tool do the nitpicking about spacing, braces, line length, etc. 2. Do static analysis similar to Klocwork or Coverity. In the best case, it the errors it finds will prevent a lot of debugging. Klocwork does a similar thing, but with lots of false positives. Sonar has a reputation for having fewer false positives. 3. Report statistics like cyclomatic complexity. There is not much an automated tool would do with the statistics, but it might point to code that could use refactoring or more unit tests. During the evaluation phase, we would like to determine if Sonar tells us useful things about the code (for example, does it find bugs), if it generates a lot of false positives, and if it is reasonably easy to use. Based on the evaluation, we will make a recommendation about whether to buy a license for the Sonar C++ checker. If we do purchase it, Sonar results would be visible, just like Jenkins build output, Gerrit reviews, etc. We would hope to automatically run Sonar as a verification build from Gerrit. The conditions that would constitute a build failure would have to be determined by the community. Probably we would run it as a build that always passes, then enable rules that are almost always problems to fail the build. The evaluation license has some restrictions on making everything visible. If you would like to try out Sonar, please contact me directly through email, and I will send you the login information you need to try it out. Thanks, Bill. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20150223/663c427b/attachment.html>
