[Webinar] Clean Code in Java: a story of monsters, heroes and victories

Hello all,

Thanks to everyone who attended our webinar! Here you can find the Q&A of the session:

Q: Is SonarLint able to use the quality gate settings, so that the results that it produces locally are in sync with the results that will be obtained from the Quality Gate?

A: Yes! Sonarlint can be used “offline” which means that it will use its internal set of rules. However, if you connect SonarLint to your SQ instance, then Quality Profiles will sync and you will have the same set of rules between SonarLint and SQ. And you will get the result of the Quality Gate directly in your IDE.

Q: Do we have a GitHub repo with default rules or more advanced rules which we can add to the IDE?

A: You will find more info on Sonar rules here: https://rules.sonarsource.com/

Q: We still use Java 8, is it a problem?

A: We encourage you to move to Java 17 (LTS) as Java 8 was released 9 years ago (18 Mar 2014).

Java 8 is supported, you just need to pass the good parameters to the analysis. You can see more information here: Java

Q: Did you manage to overcome the “tech debt will be dealt with next sprint” ad vitam æternam issue? And if so, how?

A: No, in a few cases a whole rewrite was implemented, but that was a critical decision. Better to focus on new code, and if needed use the strangler pattern to rewrite some parts.

Q: Do you provide free educational licenses for institutions?
A: SonarLint is always free and can be installed for the IDE from https://www.sonarsource.com/products/sonarlint/ide-login/. SonarQube Community Edition is always free for use. The SonarQube commercial versions offer a trial. SonarCloud also has a free trial. If you need to use a product beyond the trial duration, please use the Contact Us (Contact) button on our website and we can work directly with you.

Q: Does SonaLint detect duplicated code across my project?
A: Code duplication requires the analysis of the full project whereas SonarLint focuses on a file-by-file basis. The best wat to go is to use the metrics computed by SonarQube or SonarCloud at the end of the analysis

Q: Does SonarQube support Java 21?

A: Full support for Java 21 should be available in Q1 2024 but you can always give a try to scanning your Java 21 project already

Q: Are Quick Fixes available on Sonar products?

A: SonarLint is able to provide quick fixes directly within your IDE. You can see more information here: Introducing quick fixes in SonarLint!

Q: What is your opinion about comments in code?

A: They should be used only in those cases the self-explanatory code can not go. Providing the context to understand complex code, or to document APIs

Q: Where can we read more about cognitive load?

A: You can refer to this link to have more info about the cognitive load: https://rules.sonarsource.com/java/tag/brain-overload/

Q: Can you provide any timeline to support self-hosted Gitlab in SonarCloud ?

A: For now, SonarCloud is made to connect with Cloud-based apps. Please refer to our timeline here to stay up to date: https://portal.productboard.com/sonarsource/1-sonarcloud/tabs/1-considering-core-features

Q: Can we host SonarQube internally on our own infra?

A: Indeed SonarQube is on-premise software that you can host on your own infrastructure

Q: How do I integrate SonarCube with a cloud-based code repo?

A: You just need to connect your SQ from the administration > DevOpsPlateform Integration, and set the DevOps of your choice

Q: How can I convince my team that we need to upgrade to Java 17?

A: One thing you can check is the EOL and End of Support Date for Java 8 to stay secure as vulnerabilities in older versions that are not fixed can cause harm.

Here are all the resources mentioned during the session:

2 Likes