SonarQube software development process? Certified?

SonarQube
#1

We are using SonarQube in developing a safety critical software component. This software is developed compliant to ISO-26262 and A-SPICE Level 2.

We have to classify all tools used in our software development process.

Can someone help us and answer these questions?

  • Is is assured (with tests?), that the SonarScanner does detect ALL artifacts in the given project-directory and that SonarQube does apply ALL specified rules?

  • Is SonarQube developed following any software development process or QM process and is a certificate available for download?

#2

Hi,

Welcome to the community!

First, thanks for giving us your context! It may inform our future direction.

… do you mean unit tests? (If so, probably yes.) Or are you talking about some sort of outside certification? (If so, definitely no.)

I know this isn’t what you’re looking for, but we do have our own internal and continually evolving process based on agile methodologies.

Sorry, no.

 
:woman_shrugging:
Ann

#5

Thanks, Ann!

… do you mean unit tests? (If so, probably yes.)
Better than nothing :wink:

Can you tell me, where I could find the tests (or even test-reports)? Then we maybe can avoid writing tests for SonarQube on our own.

Or are you talking about some sort of outside certification? (If so, definitely no.)
I know this isn’t what you’re looking for, but we do have our own internal and continually evolving process based on agile methodologies.

You’re right, this does not help. But this is what I expected.

Dirk

#6

Hi Dirk,

There’s our analysis of SonarQube’s open core here on SonarCloud. Admittedly, that doesn’t include testing of the commercial features. I can similarly point you to the repo of the open core, to get the tests themselves. But again, that doesn’t include the commercial features.

Does it help if I show you that the complete code base has 85.6% coverage?

Selection_999(021)
Selection_999(021)1136×805 123 KB

 
Ann

#7

Thanks, Ann!

I found some related unit-tests for the sonar-scanner. We will review them and will link them in our tool classification. Then we will discuss with our safety manager, if these measures are sufficient.

The coverage won’t help us, as it does not tell anything of the quality of the unit tests. You can reach a hight coverage without one assertion. :wink:

#8

Btw: our projects have to look like this to reach the quality gates :wink:

grafik
grafik648×1051 39.8 KB

#9

Hi,

You’re absolutely right! In fact you may be interested to know that, we have it on our road map to start measuring the quality of tests this year.

 
:smiley:
Ann

#10

@Datz we are in the same need, wanted to learn from your experience Sonar and ISO 26262
How can I reach you?