[Webinar] Clean Code Principles and Practices Part.II: Mastering Clean Code

Hello everyone!

We are hosting a webinar on September 20th, entitled “Clean Code Principles and Practices Part. II: Mastering Clean Code”. This webinar will follow up on the topic addressed during our June webinar, so don’t miss it!
Join Peter McKee, Head of Developer Relations as he digs deeper into Clean Code practices and walks you through setting up SonarLint and SonarCloud to show how these tools can help you improve your code quality.

Title: Clean Code Principles and Practices Part.II - Mastering Clean Code.
Date and time: Wednesday, September 20th, 5pm CEST / 10am CDT
Speaker: Peter McKee

Who should attend this session: IT Leadership, Developers, and DevOps in Java, Python, JavaScript, .Net & DevOps

Register now!

Interested in the topic but can’t make it to the live webinar? Register here to receive the recording of the session.

Also, if you want to refresh your memory, you can find all the information about the Part. I under this Community Post.

Thanks!

Hi all,

Thank you to everyone who attended our webinar yesterday! You’ll find below all the questions and answers that were given during the webinar:

Q: Do SonarQube and SonarCloud have feature parity with regard to PR decoration?
A: Yes, both support GitHub, GitLab, Azure DevOps, and BitBucket with PR/MR decoration. However, it’s worth noting that SonarCloud only supports the SaaS versions of those platforms. SonarQube supports both cloud and self-managed versions.

Q: When working with an existing codebase, would SonarQube analyze the entire file or just the updated lines?
A: It depends on the context. For PRs, only the changed files are analyzed. For branches, the full project is analyzed.

Q: Can PRs be decorated with Code Coverage?
A: The overall coverage percentage is included in the PR analysis results posted to your DevOps platform. However, if you’re looking for line-by-line coverage data, you’ll need to reference the PR analysis in SonarQube or SonarCloud.

Q: My organization uses both SonarLint and SonarQube, I commonly get the complaint that the code was clean in SonarLint, but then SonarQube raises additional issues once the pull request is completed. What’s going on here?
A: To some extent, this may be normal. Not all rules are run in SonarLint - some rules would slow down the IDE unacceptably. To dig further into this, please visit us in the community https://community.sonarsource.com

Q: How does SonarQube licensing work? Does it count all lines or just the new ones added after you start using it?
A: SonarQube is licensed by analyzed lines of code. License usage is based on the LOC in the largest branch or PR

Q: Will Sonar work with our self-hosted GitLab?
A: SonarQube will. SonarCloud will not. For more, see the docs

Q: We follow Clean as You Code organizationally. In that context, an issue we come across is our coverage numbers taking a hit when a line of code is modified. For example, when a variable is renamed or the formatting changes. Is there a way to break out “new” vs. “modified”?
A: All added and edited code is considered “new” for Clean as You Code purposes. Broad but shallow changes such as whitespace corrections can be painful in this context and are a good example of the rare case when you might want to give yourself a pass on strict adherence.

Q: Can SonarQube anlayze .NET core?
A: Yes, absolutely! You can analyze .NET on either SonarCloud or SonarQube. You’ll want to use the SonarScanner for .NET to get started.

Q: Can SonarQube analyze JSON?
A: Sorry, we don’t have any rules for JSON.

Q: How do we get SonarCloud to ignore 'TODO’s?
A: You can either mark the individual issues “Won’t Fix” or remove the rule from your profile.

Q: Can code be analyzed with multiple default profiles?
A: The default profile for each language in a project is automatically applied during analysis.

Q: How can I run SonarLint in a terminal?
A: SonarLint is an IDE plugin. It’s not possible to run it standalone.

Q: We’d like to use different Quality Profiles for feature branches than for the same branch. How do we configure that?
A: The same profile is used for all analyses of a project, both branches and pull requets. We feel it’s important to apply the same consistent standard throughout. Why would you not want the same level of strictness applied consistently?

Q: Can SonarQube detect bad architecture issues?
A: That’s an area we’re actively working on. We’ve already delivered 3 rules for Java with more in the works.

Q: Can you control which version of a language is applied in analysis? For instance, can analysis only apply rules for Java 8 and not the latest version?
A: Sure! You can target language versions for many of the languages we analyze; just check the docs for the right analysis parameter to use. For Java, it’s sonar.java.source

Q: How often are new rules added to the default Quality Profile?
A: It varies by language, but for flagship languages, you’ll see new rules every few weeks on SonarCloud and in each release for SonarQube.

Q: Are there plans to add SonarCloud support for Active Directory?
A: SonarCloud integrates with other cloud providers. If you need Active Directory integration, you should consider using SonarQube.

Q: Is SonarQube a code quality tool or a security tool?
A: Sonar tools are Clean Code tools. That encompasses both quality and security, as well as maintainability, reliability, accessibility, and so on.

Q: Are there plans for extending the set of supported languages?
A: We’re hoping to add support for Flutter / Dart soon. Beyond that, we don’t currently have clear plans.

I appreciate your work on this, and am sharing details with our world-wide developer team. I missed the Part I webinar, is there a chance I could get a link to that video, too?

1 Like

Hi Mark,

You’ll find the information and the Q&A transcript of the Part 1 webinar under this Community Post.
The recording is also now available on YouTube.

Thank you for sharing!

Thank you, I found a veritable plethora of resources on your YouTube channel.

2 Likes