Code analysis is again mentioned in the latest several suggestions on code review: 6. Try to use static code analysis tools to improve the review efficiency. I have talked about code analysis and code check many times before. For details, refer to: code review microblog discussion collection.
# Agile practice # daily code automatic check in English is daily code inspection. When paying attention to code quality, it is necessary to manually check code review. However, 100% code review requires a lot of work, and not all organizations deserve it, automatic Tool inspection requires only a small amount of manual configuration, and 99% of organizations are worth using. This practice does not cost much, and the results are not small.
# Cmme and agility # commonalities: Peer mutual check, peer review, also known as peer review. Peer mutual check is a specific practice of the third-level ver process domain of cmme, it is required to define which work products adopt the same-level mutual check form, conduct mutual check at the same level, solve the problems found, and analyze the results. In agile practices, the related requirements for code are either paired programming or code review.
Recommended alternative code review with sonar see http://t.cn/zHFfH8a
Code review efficient combination recommendation
Sonarqube was recently updated on his computer to share the specific practices. This article first introduces the simplest practice: Use Jenkins to pull code without compiling and scan only. 1, first download the latest sonarqube, see the current version of the http://www.sonarqube.org/downloads/ is 4.4 download decompress, do not worry about starting. I don't know why, sonarqube4.4 does not include the latest Rule Engine recommended by sonarqube. 2. On the same download page, download sonarqube runner v2.4 and decompress the package. All default configurations are used and do not need to be modified. 3, download sonarqube's latest recommended Java analysis engine, see http://docs.codehaus.org/display/SONAR/Java+Plugin. Download the latest Java Plugin v2.4 and put it under \ sonarqube-4.4 \ extensions \ plugins, where \ sonarqube-4.4 is the installation directory of sonarqube, and then remove surefire, jacco, under the same directory, and squid for Java plugins and findbugs, that is, only the Java Plugin v2.4 is left, and the rest are removed. 4. For quick trial, use the default sonarqube database and select the appropriate environment directory under the bin directory to start sonarqube. 5. Use the Windows batch command of Jenkins to start sonar. Therefore, there are no special requirements for the Jenkins version. Of course, using the latest Jenkins version is the best. The author's Jenkins is v1.556. 6. Create a job in Jenkins, select "build a free-style software project" 7, and add the source code in source code management. I use SVN and select subersion, input repository url8. In the build trigger, the author selects build periodically and inputs H ***, which means to execute 9 every day when Jenkins is idle. In the build part, select Add build step, select execute windows batch command, enter sonarqube runner v2.4 installation location \ bin \ sonar-runner.bat10 in the Command box, configure the project, create a file named sonar-project.properties under the source code root directory to be analyzed (consistent with the repository URL), at least including:
# Required metadata, Keqiang: agilejerrypomodoro is the keysonar of my project. projectkey = Keqiang: agilejerrypomodoro # agilejerrypomodoro is the author's project name sonar. projectname = agilejerrypomodorosonar. projectversion = 0.5.0 # path to source directories (required), from the source code root directory as the benchmark sonar. sources = SRC
11. Add the sonar-project.properties to SVN. 12. Create job13 in Jenkins and access http: // localhost: 9000 to see the sonarqube result description. 1: The above uses the default sonarqube rule set: sonar way, there are a total of 115 rules. This is the best rule that sonarqube has accumulated over the years. Sonarqube has clearly declared: "We highly recommend that you limit your quality profiles to from the sonarqube engine because we believe they are faster, more accurate (fewer false positives and false negatives ), and more usable (they have better descriptions, etc ). "NOTE 2: Squid, surefire and jacco have been rolled into this Java Plugin. from Java Plugin v2.4
The above actions can be completed in at most one hour. For Java, you can get the most advanced code check results in the industry. Learning clean code through the results is a step-by-step approach.
One of the sonarqube4.4 + Jenkins code check instances
