Skip to content

Category: SonarQube

Quickstart: Try Static Analysis with SonarQube and Docker

Recently I started a new contract and was in the rare position of joining a team before the developers! Without a team producing work, I wanted to think about ways to get the team off to a good start. My last post was about static analysis with Sonarqube. I love static analysis tools they are like an additional tester in your team and when the results are taken in the context of the wider effort they can be really valuable. Below I want to show you how to set up a quick proof of concept Sonarqube server to discuss with…

Static Analysis for .NET Core Projects using SonarQube

Static analysis is a way of automatically analysing code without executing it. As a development team, this is really powerful as once the static analysis software is up, running and integrated with your deployment pipelines you can gain an extra tester in your team with little ongoing maintenance! While some of the issues static analysis software finds are not always high value (code styling for example) some are issues your engineers are less likely to notice such as obscure security flaws and out of date dependencies. SonarQube; A Static Analysis Tool SonarQube is a static analysis tool that I have been using and…