Is SonarQube sufficient for static code reviews? [closed] - sonarqube

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 12 days ago.
Improve this question
My applications are based on Java, Kotlin and React.
Besides SonarQube there are other popular tools like:
Amazon CodeGuru helps you improve code quality and automate code reviews by scanning and profiling Java and Python applications. CodeGuru Reviewer can detect potential defects and bugs in your code.
Synopsys Coverity Static Analysis identifies critical software quality defects and security vulnerabilities in code and any lapses in industry compliance standards.
PMD is most useful when integrated into your build process. It can then be used as a quality gate, to enforce a coding standard for your codebase
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task.
SpotBugs is a program which uses static analysis to look for bugs in Java code.
Considering the power all these tools resides in SonarQube. Should I use only SonarQube or combination of these are required?
I study various static code analysers and am looking for a recommendation.

All static analyzers are different based on their own communities. Some analyzers have different checks or logic that none of the others have. Even if 2 analyzers have the same check, one could work better than the other, or one may be easier to run locally before submitting to a CI for a more in-depth review.
I recommend to enabling as many different analyzers as you can as long as they let you turn checks on/off and disable violations that you disagree with. Customizing these tools to the style of your project is what ultimately matters.

Related

Automated debugging tools [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
I have recently discovered the amazing world of automated debugging, where your tool try to automatically isolate the part of the code that causes a bug. Since then, I have found some tools, like these:
delta debugging (implementation in DD.py) using scientific methodology applied to debugging.
static and dynamic program slicing extracting a subprogram trace highlighting the variables you want to observe.
git-bisect using bisection applied to code history and mixed with delta debugging to quickly find what change caused the bug.
I'm interested into finding more algorithms for automated debugging, which can automate some part (or all?) of the debugging process and where a pratical working implementation exists, particularly:
approaches such as delta debugging (which can precisely pinpoint where and why a bug happens in the code by using a systematic/automated approach).
is there a software that can automatically generate a minimal program that reproduces a bug from a full program?
NB: some tools I cited are mainly geared towards Python but I am looking for automated debugging tools on any language, what is interesting me is the approach and algorithms, not the specific implementation, but I require an implementation (even a proof of concept) because I would like algorithms which have already been practically applied to real problems (ie, they work, that's just not computer science philosophy).
Clarification: I'm not looking for automated testing tools (which automatically test to find a new bug), but automated debugging approaches where you have a specific bug you want to find the origin in your code.
I have found a few softwares that can generate a minimal program that reproduces a bug:
DD.py has in fact two functions: dd() to find the minimal change that introduced a bug, and ddmin() which finds the minimal configuration (ie, minimal test case).
Delta, a program specifically tailored for that purpose.
I also found a course on Udacity called Software Debugging which is presented by Andreas Zeller, the original author of delta debugging.
Side note: these are also somewhat related tools (although they are mainly unit testing tools, they can be used in combination with automated debugging so it's kind of related):
coveralls
coverage
automated unit test generator Pythoscope
I am still looking for alternative approaches to automated debugging.

Any scrum/agile project management tools we can use? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
Please recommend a scrum/agile project management tool. First, it should be able to be installed or deployed on my local computer. Additionally, it should be free, no need for complete unlimited usage, just that it can support 5 users and some scrum project functions, such as "kanban".
I found some answers of other questions like mine. Some of the tools which have been recommended are too old, so please recommend newer tools for me. And if it has a nice look that would be better, something like scrumwise or targetprocess.
Must haves:
local applications
free
kanban
I would suggest using Eylean board as it is the most visual scrum board compared to the competitors. And according to scrum you need to have a visible and transparent process inside your team. Also this software allows mixing other methodologies as well.
It is free of charge for personal use.
Given that you're wanting a local application, I'm assuming that your team is all located in the same place.
If so, I'd advise against using tools. As the agile manifesto says: "We value Individuals and Interactions over processes and tools". I'd urge you to consider co-locating your team(s), improving communication, using cards, physical boards and information radiators.
Hope that helps.
Try Yodiz, you can have up to 3 free users and it's one of the most intuitive with amazing UX. Every month they add more features to their platform. A few of the important features they have are following.
Collaboration Tools (Chat, Discussion, in-line comments)
Board, they have slick boards to manage your user stories and tasks.
User story management is as easy as it gets. Awesome backlog with priority and filtering
features.
Import/Export data to or from Jira, Pivotal and many other systems.
Three (3) free users with full features.
Report, they have detailed reporting, that makes progress and time tracking so easy.
Over all it's great tool. It's worth to give it a try.
http://www.simple-kanban.com
This seems like it meets your requirements. There are other possibilities if you will accept a hosted solution rather than a local install.

Automatic refactoring tools? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
Is there a tool that will scan your code and suggest which refactoring to perform, based on duplicate code segments that it finds?
Let's say I'm specifically interested in C#/Java, but I'm open for tools in other languages as well.
We use Teamcity with duplicate finder
I haven't used it, but Clone Doctor might work for you.
For Java you have static code review tools to search for violations of a set of chosen rules, with some of the rules covering code duplication. Checkstyle has rules to find duplicate code and duplicate string literals. Another option is the PMD's Copy/Paste Detector.
These tools don't do refactoring themselves, but can help you find code that might need changes.
For Haskell, there's hlint, which proposes concrete refactorings (i.e. the resulting code), which is possible because of referential transparency.
For your need, Designite could be a useful tool. This is a software design quality assessment tool. It takes C# code, analyzes it and detects design smells in the code. At the same time, it also provides a few but important OO metrics.

Scrum Project Managment w/ Trac Integration [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
Currently we use Trac to manage all of our tickets (bugs, enhancements, and new projects). It lacks a nice ability to map out the projects, releases and do time estimations. Is there a good scrum project management system that would integrate with Trac to use the tickets we are already making?
Instead of looking for something that could integrate with Trac, maybe you could use a Trac based solution. Trac has some plugins for Scrum but I'd suggest to check out Agilo which is a nice Scrum oriented and polished version of Trac. This might be one of the best options in your case.
would i be incorrect to assert that you should go through http://trac-hacks.org first and then elaborate here what, if anything, you didn't like about the plugins you found there? otherwise it's not possible to really say what is the best approach, when it is unknown whether you've scanned through the easiest paths.
I work at a company that has completely embraced agile in our engineering organization, but we've done just fine using Jira for our issue management, even though it doesn't have any specific scrum features. Our product manager keeps user stories (fleshed out with acceptance criteria) in his own organized backlog. When the team picks them up for a sprint, he creates a Jira case and we put the case number on our board, along with all of the tasks (which aren't in Jira).
When bugs or feature requests come up (reported by customer support, netops, etc.), the PM prioritizes them just like any other user story. If they're of an immediate nature, he'll put them straight onto the board, but he's hesitant to do so, knowing that's really a redirection of resources. We leave some slack in our sprints to allow for such things, but if things get to hairy, we let him know that we'll have to drop a story, or not do the bugs.

Software Design Implementation - Issue/Module/Bug/Feature Tracking Solution [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
The company is growing and we're starting to implement more and more complex software designs. I feel a need for some tracking software... I just don't know if it exists.
I currently maintain a Google Doc Folder (shared by our 3 developers) with a well-organized doc for each module. A doc is also created per major upgrade to a module or modules. For all other "tracking"... we have interal forums.
I want the following:
I want get an immediate printout of all Project_01 features or bug fixes on a particular project with the option to hide or show developer comments that have been implemented in the last X number of days.
This clearly suggests a web-based system where developers enter issues, bugs, and features with appropriate tagging. Entries should be commentable, taggable, dated, editable and reporting should be based upon tags, dates, developers, projects, etc.
I figure I'm going to be perceived as naive by the grizzled veterans floating around here, though I've been running this business for 4 years (so I've been around). I don't think we have the resources to absorb the overhead of implementing something like CMMI... but then again, I don't really know what's best.
My personal evolution to using Google Docs per Application Module + internal phpbb forums for everything else has been pretty nice compared to the way we started out (marker boards, Microsoft Word docs). I just feel like I can go a long ways towards exceeding client expectations if I had the ability to track features/bugs/issues better with superior on-demand reporting.
Thoughts?
Update: Went with MediaWiki integrated with Mantis
Take a look at fogbugz. It looks like it meets all your requirements.
Also, take a look at this other SO question: Free/Cheap Task/Bug Management software
I've good experiences with mantis. http://www.mantisbt.org
Yes, FogBugz and Trac are recommended.
I hope it helps.
I find this comparison of issue tracking systems either interesting or overwhelming.
I think with 3 developers, in the same building, you probably can get by without software tools. But, adopting something now, before you're so big/complex that you can't survive without it may save a lot of future pain.

Resources