Oops!! how could I missed it!!
this is the spontaneous reaction generally developer had when a quality/security report generates and they got lots of bugs related to quality gaps. Sometimes it is so embarrassing to have such silly mistakes.
Quality and secure delivery is the key to success for developers but it happens as most of the time developer do code with a constructive mindset.
So, what is the way out of it!!
Here we have a plugin “SonarLint” for IDE which does static analysis and finds out bugs at compile time level. A developer gets early feedback on code and fixes it before check-in to the code repository.
SonarLint works offline and detects quality issues spontaneously that helps to act proactively.
The quality control mechanism of SonarLint supports all necessary and required rule database. Suggestions and bug descriptions are very meaningful. Certainly, it will help a developer to increase the code quality and decrease the review effort of a reviewer.
As per a survey, early detection tool can improve code quality by 65%.
Salient features and requirements of SonarLint:
- It requires version Java 8.
- Analyse code with a rich rule set and description to detect vulnerabilities in early development time.
- It lets you analyze bugs and code leak on the fly basis.
- SonarLint works at offline just as another plugin in IDE.
- In connected mode, it supports Sonarqube Server (Version needed >=5.6) as well.
- Levels of severity: critical, blocker, major, minor, info.
- It supports Java, JS, PHP and Python code.
- In IDE perspective, it supports IntelliJ IDEA, Eclipse, Visual Studio, VS Code and Atom.
Ways to configure it:
Here we are taking Eclipse as an IDE to demonstrate the configurations.
There are generally two ways to install it in local eclipse IDE. The SonarLint plugin is available in Eclipse marketplace, search sonarLint here: Help->Eclipse marketplace (recommended)
Then follow the installation instructions to get a SonarLint plugin.
- By update sites, You can also download it directly from here and install it as Help->Install new software->add -> Archive as shown in below.
After installation, a process will enable the standard ruleset to analyze quality gaps. it is very simple to integrate and use.
The code analysis process is just right clicking away on a project. Click on sonarLint -> analyze, it will analyze the code against rule database and generate a report on the fly.
Go to the Window-> Show View-> select sonarLint view, to get the detailed information of bug detected.
Below snapshot is to show an example of its usage and behavior in a java code snippet. Here we have taken a simple class and intentionally wrote the code with several bugs.
After code analysis, it will detail out all the findings in SonarLint report view. A blue line in code editor indicates the sonarLint findings.
At the end of this article, it is expected that developer can configure sonarLint in IDE and further to this SonarLint plugin will help to identify and fix the code quality gaps in the very early development stage.
For more information please refer here Official Plugin Page