at Synchrony

What is SonarQube?

SonarQube® is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.

Cognitve Complexity

A Sonar exclusive metric formulated by combining Cyclomatic Complexity precedents with human assessment which yields method complexity scores that align well with how developers perceive maintainability.

DEV Pipeline

QA Pipeline

sonarqube-st.app.syfbank.com

sonarqube.app.syfbank.com

SonarQube at Synchrony

Quality Profiles

QA

DEV

Tips & Tricks

Know which Quality Profile is active

Ensure your test coverage file is generated

Use your Sonar project config to exclude files

Exclude translation strings and mock data

Install SonarLint extension for VS Code

Bonus Docker

sonarqube and sonar-scanner-cli

docker run --platform linux/amd64 --net host --rm \
    -e SONAR_HOST_URL="http://localhost:9000" \
    -e SONAR_SCANNER_OPTS="-Dsonar.token=$YOUR_TOKEN 
        -Dsonar.projectKey=$PROJECT_KEY” \
    -v ${PWD}:/usr/src \
    sonarsource/sonar-scanner-cli
Made with Slides.com