SonarSource developed SonarQube as an open-source platform to continuously inspect or analyze developers’ code. It analyzes or scans all the static code written by developers and provides detailed reports on Bugs, Vulnerabilities, Code smells, code duplicates, and Security issues.<\/p>\n
No matter whatever programming languages you have written your code, SonarQube supports 25+ programming languages through built-in rule sets. You can also extend that rule set using various plugins. You can find all the supported languages from this reference: Rules Sonarsource<\/a>\u00a0<\/span><\/p>\n So far, we have discussed SonarQube and its benefits. Now, let\u2019s examine why we should use It.<\/p>\n As you know, developers are doing too much coding in their lives for many reasons, such as achieving project timelines and deliveries and fixing bugs on products to fulfill client requirements and make production stable. In that case, devs don\u2019t look back on the quality of the code and fix the issues hurriedly. Also, leads do not have the time to review code fixes, and they directly move the buggy or non-quality code to the product, which leads to the failure of production performance at any time and, alternatively, creates impacts on costs for clients.<\/p>\n Ideally, this is a very wrong impression of developers and against the best practices that affect the developer\u2019s career.<\/p>\n To avoid such scenarios and maintain good code quality, we have great free tools in the IT industry. One of them is SonarQube, which improves and delivers the best code quality on production each time devs change or add new code.<\/p>\n We have seen the benefits and features of SonarQube. Now, it’s time to implement it into your system and leverage its features. Let\u2019s start with what we require and how to set it up.<\/p>\n Before starting the setup of SonarQube, you need to check the below prerequisites in your system:<\/p>\n There are two options for downloading Sonar Scanner, you can choose any one There are two options for downloading Sonar Scanner, you can choose any one Below are commands that can be run from your cmd or terminal, either on Windows or Another OS. To set the SonarQube bin folder path cho on the platform, run the following command.<\/p>\n #For Windows(cmd):<\/strong> #For other OS (terminal):<\/strong> If you are running SonarQube using a Docker image, you do not need to set up the above command.<\/p>\n Now SonarQube will be run on localhost<\/a> and\u00a0log in using default credentials (login: admin, password: admin)<\/p>\n Once you are logged in, we need to set up an analysis project.<\/p>\n As you now have more knowledge of SonarQube and Scanner to improve your code quality and implement best code practices, there is also one package or extension available to check errors and issues in your local IDE before committing your code and before running SonarQube. Yes, you are right. We are discussing the SonarLint extension, which is available for almost all IDE editors.<\/p>\n Here, we are going to explain how to use SonarLint<\/a> in VS Code<\/a>. This will allow you to have clean code in advance before pushing it to your branch.<\/p>\n 1. Open your VS Code IDE and click on the \u201cExtensions\u201d menu from the left side pane 3. Now click on install, and it will start installing in your VS code. Once it’s done, it will show you the page where you will find all the details and it\u2019s.<\/p>\n 4. Once it\u2019s installed, it will auto-enable in your current working directory project, as shown below in the \u201cPROBLEMS\u201d section, with its pre-resolution suggestion.<\/p>\n When you click on any problem, it will redirect you to the problem, which will be like<\/p>\n Now you are an expert developer, so you know how to fix it!!! Please fix it and commit it. So you don\u2019t have to wait till you commit your code and run SonarQube.<\/p>\n Using this SonarLint, you can identify your issues and errors priorly and fix them. This will reduce your time, and you do not have to wait for the Sonar Scanner output. With this, productivity will increase, and there will be fewer chances to have bugs on production levels.<\/p>\n This quick tutorial document will help you kickstart SonarQube integration in your project by leveraging its core functionality.<\/p>\n Now that you have learned and integrated SonarQube, we can move on to writing test cases, which will help you test your code and ensure its quality.<\/p>\n Software development necessitates unit testing, which ensures a high-quality product by testing each software component. Developers can quickly find and fix bugs before the product goes into production by using the Unit testing method. The correction of the isolated code is the primary objective of this unit testing.<\/p>\n The first level of testing, known as unit testing, involves examining each individual module or component of your code to prioritize and address bugs before they are released to production.<\/p>\n One method of testing, known as unit testing, is typically carried out by developers. However, quality assurance engineers also perform unit testing despite developers’ reluctance to test.<\/p>\n By providing the necessary inputs to the test script and asserting that the actual output matches the expected results, the developers create unit tests.<\/p>\n Now that we’ve covered the fundamentals of unit testing let’s take a look at its advantages.<\/p>\n The following are some of the best unit testing tools and frameworks, some of which we will use in our NodeJs test case integration:<\/p>\n – Mocha<\/a> – a JavaScript test framework running on Node.js and in the browser. This is the unit testing workflow, which will help you better understand how it works.<\/p>\n Now that we’ve seen the advantages, drawbacks, and workflow, let’s try putting it into your system so we can generate more ideas. First things first: what we need and how to set it up.<\/p>\n Before starting, you need to check the below prerequisites in your system:<\/p>\n – JAVA (Oracle JRE 11 or OpenJDK 11), you can also find more [details<\/a>] Assuming that all the above prerequisites are installed in your system now, you need to install two more npm packages by using the following steps.<\/p>\n 1) Install globally OR<\/p>\n 2) install in the current directory Which will be shown in your package.json file in the dependencies object below<\/p>\n After that, you need to add a test script in your package.json file in the script object.<\/p>\n “test”: “mocha –exit –colors src\/test\/**\/*.ts”, We can also write test cases for third-party API-called functions as well by using the Chai plugin. Now let\u2019s look at the following steps for installing Chai:<\/p>\n 1) Install globally OR<\/p>\n 2) install in the current directory Which will be shown in your package.json file in the dependencies object below<\/p>\n Run the below command in the terminal in your project root directory to start the sonar scanner:<\/p>\n npm run test<\/p>\n npm, run coverage \/\/ will show your code coverage report on Sonar. To do this, add the script below to your package.json script object.<\/p>\n “coverage”: “nyc –reporter=lcov npm run test”<\/p>\n npm run Sonar<\/p>\n Once the command runs successfully, your dashboard will look like this:<\/p>\n <\/p>\n In short, when businesses conduct software testing well from the beginning of product development, they can ensure bug-free and high-quality software. Teams test the program’s individual modules using this testing strategy. This strategy allows teams to achieve certain advantages, such as early detection of bugs and correction of the code before costly resolutions in the SDLC. The earliest form of testing that focuses on the code is called unit testing.<\/p>\n Businesses must engage in unit testing from the beginning of the software development lifecycle (SDLC) to guarantee quality and bug-free software.<\/p>\n As a result, defects are discovered, analyzed, and fixed when a straightforward automated test could have detected them.<\/p>\n<\/span>Benefits of SonarQube<\/span><\/h2>\n
![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/07-10-2024_Node-JS-02.jpg\")
<\/p>\n\n
\nReduces complexity, possible vulnerabilities, and code duplications, as well as optimizes the life of applications.<\/li>\n
\nReduces the scale, cost of maintenance, and risk of the application; as such, it eliminates the need to spend more time changing the code<\/li>\n
\nCode quality control is an inseparable part of the software development process.<\/li>\n
\nDetects errors in the code and alerts developers to fix them automatically before submitting them for output<\/li>\n
\nDetermines where the code criteria are breached and enhances the quality.<\/li>\n
\nThere is no restriction on the number of projects to be evaluated.<\/li>\n
\nRegular feedback on quality problems helps developers to improve their coding skills.<\/li>\n<\/ol>\n<\/span>Why SonarQube?<\/span><\/h2>\n
![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-0.png\")
<\/p>\n<\/span>Time to set up and use SonarQube<\/span><\/h2>\n
\n
<\/span>Download SonarQube<\/span><\/h3>\n
\nGet the LTS version from [Download<\/a>]<\/span>
\nUsing Docker image<\/a><\/p>\n<\/span>Sonar Scanner<\/span><\/h3>\n
\nUsing following this link – sonar<\/a> scanner<\/a>
\nUsing npm package\u00a0<\/a><\/p>\n<\/span>Follow the steps to run SonarQube<\/span><\/h3>\n
\nC:\\sonarqube\\bin\\windows-x86-64>StartSonar.bat<\/p>\n
\nC:\\sonarqube\\bin\\[OS]>sonar.sh<\/p>\n\n
\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-1.png\")
<\/li>\n
\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-2.png\")
<\/li>\n
\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-3.png\")
<\/li>\n
\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-4.jpg\")
\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-5.png\")
<\/li>\n
\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-6.png\")
<\/li>\n
\nTo do so, you need to add the dependency package below to your project.
\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-7.png\")
\nUse the script below to run the scanner from the command.
\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-8.png\")
\nNow run the below command to run the scanner.
\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-9.png\")
\nThe sonar property file will look like in the root folder:
\nsonar-project.properties
\nsonar.host.url=http:\/\/localhost:9000\/
\nsonar.projectKey=test-nodejs
\nsonar.projectName=test-nodejs
\nsonar.login=****************************
\nsonar.projectVersion=1.0
\nsonar.sources=.
\nsonar.coverage.exclusions=node_modules\/*,app.js,package.json,.scannerwork,.env,public\/*,db\/*,test\/*You define your files in exclusions or in inclusion based on your needs.<\/li>\n
\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-10.png\")
<\/li>\n<\/ol>\n<\/span>SonarLint with SonarQube<\/span><\/h2>\n
<\/span>Steps to download and install SonarLint in VS Code<\/span><\/h3>\n
\n2. Now search \u201csonarlint\u201d, and it will appear in the first place, like below<\/p>\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-11.png\")
<\/p>\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-12.png\")
<\/p>\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-13.png\")
<\/p>\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-14.png\")
<\/p>\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-15.png\")
<\/p>\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-16.png\")
<\/p>\n<\/span>Here are some insights of Unite Testing topic:<\/span><\/h2>\n
<\/span>Unit Testing: what is it?<\/span><\/h2>\n
![\"Life](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-17.png\")
<\/p>\n<\/span>What are its advantages?<\/span><\/h2>\n
\n
![\"Advantages](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-18.png\")
<\/p>\n<\/span>What are the Detriments of Unit testing?<\/span><\/h2>\n
\n
\n– Chai<\/a> – is an assertion library that adds a more expressive language to tests.
\n– Jasmin<\/a> – a behavior-driven development (BDD) framework for testing JavaScript code.
\n– Jest<\/a> – for testing javascript front-end and back-end applications.
\n– There are a lot of unit testing frameworks <\/a>available based on different languages,<\/p>\n<\/span>Workflow<\/span><\/h2>\n
![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-19.png\")
<\/p>\n
\n– Should have NodeJS version 8 or higher installed
\n– SonarQube and Sonar Scanner (refer SonarQube Integration in NodeJs<\/a>) to download and install Sonar Scanner and SonarQube.<\/p>\n<\/span>How to integrate it in NodeJs<\/span><\/h3>\n
\nnpm install mocha -g<\/p>\n
\nnpm install mocha –save-dev OR npm install mocha –save<\/p>\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-20.png\")
<\/p>\n
\nHere is an example of a Test case:<\/p>\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-21.png\")
<\/p>\n
\nnpm install chai -g<\/p>\n
\nnpm install chai –save-dev OR npm install chai –save<\/p>\n![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/undefined-22.png\")
<\/p>\n<\/span>Here is an example of a Test case:<\/span><\/h2>\n
![\"\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/Undefined-23.png\")
<\/p>\n
![\"cta\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/07-10-2024_Node-JS-03.jpg\")
<\/a><\/p>\n![\"Profile](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/10\/hitesh-sapariya.jpg\")
<\/p>\n![\"LinkedIn\"](\"https:\/\/www.solutionanalysts.com\/blog\/wp-content\/uploads\/2024\/08\/link.png\")
<\/a><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"