Skip to main content

Code Quality: Integrating SonarQube into the Workspace

· 2 min read
Joel Maykon
Joel Maykon
Senior Software Engineer

SonarQube Analysis

As a Software Engineer, I know that delivery speed should never compromise quality. To ensure that my workspace (with Java, Python, and Angular) maintains standards of excellence, I have just integrated SonarQube as our central monitoring tool.

Why SonarQube?

In a polyglot environment like mine, having a unified view of bugs, security vulnerabilities, and technical debt is fundamental. SonarQube allows analyzing:

  • Java: Identifying violations of Spring Boot rules and concurrency issues.
  • TypeScript: Validating patterns in Angular and security in the front-end.
  • DevOps: Monitoring even Docker files and infrastructure configurations.

Technical Challenges in Integration

An interesting point during configuration was the need to provide compiled binaries for Java analysis. Sonar doesn't just look at the .java file; it analyzes bytecode to find data flow bugs that would go unnoticed in a purely textual analysis.

Next Steps

From now on, every new feature will be subjected to a local scan before the commit. This is part of my Clean Code and Shift-Left Security culture.

To find out how to run Sonar locally on this project, check the Monitoring Documentation.

Joel Maykon continues exploring tools that raise the level of software engineering.