[Webinar] Clean Code and Java: a stort of monsters, heroes and victories APAC/EMEA

Hello everyone,

We will be hosting our first webinar of 2024 as a live session for APAC audiences, on Wednesday, January 24th! Benefits of Clean Code for Java languages, hints and good practices, tune in to learn more during this session!

Title: Clean Code and Java: a story of monsters, heroes, and victories
Date and time: 2024-01-24T08:00:00Z
Speaker: Jonathan Vila Lopez, Developer Advocate for Java

Who should attend this session: Developers and IT Decision Makers

Register now!

Interested in the topic but can’t make it to the live webinar? Register here to receive the recording of the session.

See you there, and happy Holiday season!

Hello everyone,

Thank you to all who attended our session today! You can find below the questions that have been asked during the webinar:

Q: If new vulnerabilities emerge in the market, how can we add a rule to scan these vulnerabilities in a custom quality profile in SonarQube as well as SonarCloud?

A: We always try to be up to date with known vulnerabilities, and we frequently release new versions of our products. But if you would like to implement your own rules to tackle some uncovered vulnerabilities you could do that with a custom plugin, that you could then add to your local SQ instance (not available for SonarCloud). Here you can find more information on custom plugins.
You can always report a new vulnerability that we do not cover on our community forum, and we could eventually implement support for it.

Q: What is the url for the list of rules per language?

A: You can find all the rules, divided by language, here.

Q: What are some key strategies and best practices for ensuring good code quality?

A: With our Clean as You Code approach we help developers improve their code quality while they go through their daily development. Our set of rules for the different languages enhances the developer experience, suggesting how their code could be improved, while also providing knowledge and useful insights on why an issue was found and how it can be fixed.
We believe this is the best approach for a codebase to reach the state of Clean Code, that is, code whose attributes make your software reliable, secure, and maintainable.

Q: We would like to use java records. But when we use records with arrays then we have to implement hash and equals methods. But the records are not compared with equals so we end up adding unused code. Any tips?

A: Thank you for the question. It would be easier to diagnose by seeing a sample of the code as well as the specific rule that is triggering the issue. If you think you found a False Positive reported by Sonar, please let us know on our community forum!
There you can find a lot of solutions to different problems users may face, and if you don’t find an answer to your issue, you can report it, and we will try to fix it!

Q: How efficient are Sonar services for Python projects? Does it support Sonar suggestions while we code in the PyCharm editor?

A: SonarQube has support for Python, as well as SonarLint. Yes, SonarLint highlights issues in your code and thus when you open the rule related to the Issue, it then gives you a suggested approach on how you fix that issue. Remember also to run SonarLint in connected mode and bind the Python project you have on SonarQube together with the project you have locally on your IDE and it will allow you to sync the quality profile (set of rules) associated with that project.
Since Taint Analysis-based issues are only detected after a Sonarscanner analysis is done and then reported on SonarQube itself, running SonarLint and SonarQube in connected mode also allows you to sync these Taint analysis Issues detected to your code on your IDE, and you will be able to then view these issues on your IDE via SonarLint.

1 Like