2009 · 6 page(s) (285 KB)
English
7
January 20 2013
Logging in required
Embed
No comments yet. You can be the first!
What did others read after this?
Content extract
Extending Toad for Oracle’s Code Xpert with the SonarSource dashboard Olivier Gaudin – SonarSource SA Toad for Oracle’s Code Xpert utility (part of the Toad Professional Edition) is one of the best PL/SQL code analyzers available on the market, embedding the know-how of leading PL/SQL experts such as Steven Feuerstein. However, although there is the option to store data in the Code Xpert repository for point-in-time reporting, it is still primarily a static reporting tool and therefore cannot report dynamically on code quality trends as part of an overall quality strategy in a company, without manually querying the repository tables. SonarSource is a company whose main objective is democratization of source code quality management. To reach this objective, the development of Sonar, an open source platform to manage source code quality, started two years ago. Sonar enables the collection, analysis and reporting of quality metrics on source code. Its functionality is articulated
around 7 strengths: 1. 2. 3. 4. 5. 6. 7. a flexible and powerful data collection engine a synthetic project dashboard, showing every axis of quality analysis (coding rules, comments density, potential bugs’ detection, code duplication, unit tests, standards metrics and code complexity) a centralized configuration using quality profiles with associated alerts a TimeMachine to follow trends and compare versions several tools to chase defects a consolidated dashboard showing all projects at a glance extensibility through a powerful API and a plugins forge Originally built for Java, Sonar has been extended to include the PL/SQL language through a commercial plugin. In this article, I am going to explain how Sonar leverages Toad’s Code Xpert unlocking its full potential in order to provide a full code quality management product. Running code analysis with Toad’s Code Xpert covers several axes of code quality management However, this is not sufficient if you are required to have a
global approach. What do I mean by that? If you want to manage your projects portfolio globally, follow the evolution throughout time, get alerts and then maybe delegate some remediation work, you are left with a lot of manual work to consolidate data, compare projects or versions. That is where Sonar comes into play with the following features: 1. Quality Profile management A quality profile is the set of rules that you choose to apply when you run code analysis on projects. In an enterprise environment, you would certainly expect that several quality profiles are defined and get associated depending on the nature of the project. Every rule defined in a quality profile is managed in Sonar. Priority, activation and configuration are handled centrally in the tool. In Sonar, the set of rules is coupled to thresholds on metrics in order to trigger alerts. Therefore it becomes possible to mission Sonar to proactively notify you if a project reaches more than 30% of rules violation for
example. 2. Central reporting Sonar centralizes reporting at two levels. Firstly at the project level where it enables its user to get a comprehensive dashboard (that extends to any directory) enabling to view all metrics at a glance to evaluate axes that need to be worked on. On top of the metrics covered by Code Xpert, Sonar also reports on duplicated code and comments. Secondly, at the projects portfolio level to be able to be able to get the big picture projects portfolio. The configurable dashboard enables to compare projects and quickly understand where risk lies. This dashboard is cross language (Java and PL/SQL in this case) 3. Metric evolution At every analysis, measures are recorded into the Sonar database and add to historical data. Sonar has a TimeMachine that enables to go back in time, compare versions and monitor evolution. 4. Chasing tools Sonar embarks a collection of chasing tools to track down the defects. Amongst them: files cloud, hotspots, drill downs
The treemap The files cloud The hotspots The drill downs 5. The resource viewer The resource viewer enables to display the source code “tainted” with a specific type of defect. All defects of the selected type are highlighted within the code. Moreover, the plugin embarks a PL/SQL code extractor that enables the analysis of any Oracle Forms application. The Sonar PL/SQL plugin is now at version 1.5 and currently covers 4 quality axes out of 6 possible. Here is the list of planned short-term evolutions: • Integration of SQLScan • Integration of File complexity (McCabe) • Integration of Unit tests Here are a few links to help you find out more about Sonar and the PL/SQL plugin: • Sonar web site: http://sonar.codehausorg • Sonar in action: http://nemo.sonarcodehausorg • Sample PL/SQL project : http://nemo.sonarsourceorg/project/index/nloracledeveloper:utplsql • To download a limited version of the plugin : http://www.sonarsourcecom/plugins About the author
Olivier Gaudin is co-founder and director of SonarSource S.A; an IT company created in November 2008 and based in Plan-les-Ouates, Switzerland. He has 12 years experience in IT, mainly in the banking industry and experience heading Development and Application support departments. He has a strong background in SQL and has been involved in CMMI and ITIL implementations and have an acute awareness of quality and reliability of processes
around 7 strengths: 1. 2. 3. 4. 5. 6. 7. a flexible and powerful data collection engine a synthetic project dashboard, showing every axis of quality analysis (coding rules, comments density, potential bugs’ detection, code duplication, unit tests, standards metrics and code complexity) a centralized configuration using quality profiles with associated alerts a TimeMachine to follow trends and compare versions several tools to chase defects a consolidated dashboard showing all projects at a glance extensibility through a powerful API and a plugins forge Originally built for Java, Sonar has been extended to include the PL/SQL language through a commercial plugin. In this article, I am going to explain how Sonar leverages Toad’s Code Xpert unlocking its full potential in order to provide a full code quality management product. Running code analysis with Toad’s Code Xpert covers several axes of code quality management However, this is not sufficient if you are required to have a
global approach. What do I mean by that? If you want to manage your projects portfolio globally, follow the evolution throughout time, get alerts and then maybe delegate some remediation work, you are left with a lot of manual work to consolidate data, compare projects or versions. That is where Sonar comes into play with the following features: 1. Quality Profile management A quality profile is the set of rules that you choose to apply when you run code analysis on projects. In an enterprise environment, you would certainly expect that several quality profiles are defined and get associated depending on the nature of the project. Every rule defined in a quality profile is managed in Sonar. Priority, activation and configuration are handled centrally in the tool. In Sonar, the set of rules is coupled to thresholds on metrics in order to trigger alerts. Therefore it becomes possible to mission Sonar to proactively notify you if a project reaches more than 30% of rules violation for
example. 2. Central reporting Sonar centralizes reporting at two levels. Firstly at the project level where it enables its user to get a comprehensive dashboard (that extends to any directory) enabling to view all metrics at a glance to evaluate axes that need to be worked on. On top of the metrics covered by Code Xpert, Sonar also reports on duplicated code and comments. Secondly, at the projects portfolio level to be able to be able to get the big picture projects portfolio. The configurable dashboard enables to compare projects and quickly understand where risk lies. This dashboard is cross language (Java and PL/SQL in this case) 3. Metric evolution At every analysis, measures are recorded into the Sonar database and add to historical data. Sonar has a TimeMachine that enables to go back in time, compare versions and monitor evolution. 4. Chasing tools Sonar embarks a collection of chasing tools to track down the defects. Amongst them: files cloud, hotspots, drill downs
The treemap The files cloud The hotspots The drill downs 5. The resource viewer The resource viewer enables to display the source code “tainted” with a specific type of defect. All defects of the selected type are highlighted within the code. Moreover, the plugin embarks a PL/SQL code extractor that enables the analysis of any Oracle Forms application. The Sonar PL/SQL plugin is now at version 1.5 and currently covers 4 quality axes out of 6 possible. Here is the list of planned short-term evolutions: • Integration of SQLScan • Integration of File complexity (McCabe) • Integration of Unit tests Here are a few links to help you find out more about Sonar and the PL/SQL plugin: • Sonar web site: http://sonar.codehausorg • Sonar in action: http://nemo.sonarcodehausorg • Sample PL/SQL project : http://nemo.sonarsourceorg/project/index/nloracledeveloper:utplsql • To download a limited version of the plugin : http://www.sonarsourcecom/plugins About the author
Olivier Gaudin is co-founder and director of SonarSource S.A; an IT company created in November 2008 and based in Plan-les-Ouates, Switzerland. He has 12 years experience in IT, mainly in the banking industry and experience heading Development and Application support departments. He has a strong background in SQL and has been involved in CMMI and ITIL implementations and have an acute awareness of quality and reliability of processes
