Improve Your Code with SonarQube
One main feature of high-quality code is functional correctness. For many companies, it is even part of their compliance rules and policies: Only if software is fully functional, it can meet your organization’s quality and security standards.
SAP Continuous Integration and Delivery is a service on SAP Business Technology Platform that helps you implement continuous integration in your own development. It offers predefined pipelines for SAP-specific scenarios that, with each commit, build, test, and deploy your code changes. With its new Compliance stage, you can add an optional SonarQube scan to your development pipeline.
SonarQube is a tool for Static Application Security Testing (SAST), which inspects an application’s source code to detect code quality issues. It evaluates your code against a set of rules, the so-called quality profiles, and suggests fixes for the issues found. You can either use the global default quality profiles or configure your own according to your corporate needs. You can also configure quality gates by selecting metrics for your own code quality and security conditions and setting the pass/fail threshold. SonarQube comes in a cloud-hosted version called SonarCloud as well as a self-hosted on-premises version, which are both supported by SAP Continuous Integration and Delivery. Depending on your use case, you can choose between different SonarQube editions – get the one that fits you best and integrate it into your SAP Continuous Integration and Delivery pipeline.
With the continuous integration and delivery service and its new Compliance stage, you can continuously evaluate your code’s quality and ensure your applications’ software compliance. Discover code issues earlier in the development process than ever before – as we all know: The earlier a problem is discovered, the less expensive it is to fix.
Are you interested? In my next blog post, I will explain how exactly to integrate SonarQube scans into your development pipeline.