What is SonarQube?
SonarQube is an open-source platform used for static code analysis and checks for the code quality in an software applications. It helps to identify the bugs, code smells, Security vulnerabilities and technical debt in software development lifecycle.
It supports multiple programming languages and easily integrates with the CI/CD tools and pipeline and helps to maintain clean, secure and maintainable codebase.
- Bugs
- The bugs are logical or runtime errors.
- Code Smells
- These are generally maintainability issues such as duplicate codes or very long methods.
- Security vulnerabilities
- It includes the know risks or issues in the code base such as SQL injections.
- Security hotspots
- It requires the manual code checks and reviews.
In an enterprise application, we have a large code base and sometimes, we need to temporarily restrict some methods or calls from executing, and we generally comment on the code. But, when we try to deploy the code, the Jenkins pipeline (if SonarQube is configured) may fail while scanning for code quality checks. We may see errors stating “Remove this comment on code”.
//NOSONAR COMMENT
We can resolve this code smell using // NOSONAR: evictCache(companyId). The SonarQube will skip the scanning for code that is commented with the // NOSONAR tag.
This helped me fix the SonarQube issue in my Spring Boot project. Clear and useful—thanks!