============
SonarQube
============

=> SonarQube is used for code quality check.

=> Using sonarqube we can perform code review (static analysis).

=> Using SonarQube we can identify developer mistakes in the code.

=> SonarQube software developed by using Java language.

=> Using SonarQube s/w we can perform code review for 30+ programming languages.

=> SonarQube is available in 2 flavours

		1) Enterprise Edition (licensed)

		2) Community Edition (free)

=============
Sonar Issues
=============

1) Bugs (Ex: NullPointerException)

2) Vulnerabilities (Ex: using sensitive data directley (pin, pwd, atm num, ssn))

3) Code Smells (Ex: un-used imports, un-used method params)

4) Duplicate Code Blocks

5) Code Coverage (Ex: Junits execution status)


====================
Sonar Server Setup 
====================

=> We can setup Sonar Server in 3 ways...

Approach-1 : Take one Linux vm in aws cloud and install sonar server 

Approach-2 : Setup Sonar Server as a docker container

Approach-3 : Sonar Cloud

@@@ Sonar setup : https://github.com/ashokitschool/DevOps-Documents/blob/main/06-Sonar-Setup-Docker.md


Default Username : admin
Default pwd : admin


============================================
Integrate Sonar server with Java Maven App
============================================

-> Configure Sonar Properties under <properties/> tag in "pom.xml"

 <properties>
		<sonar.host.url>http://3.110.182.92:9000/</sonar.host.url>
		<sonar.login>admin</sonar.login>
		<sonar.password>admin@123</sonar.password>
  </properties>

=> Right click on project -> Run As -> Maven Build -> Execute below goal

			sonar:sonar

-> After build success, go to sonar dashboard and verify the results.	


==========================
Working with Sonar Token
==========================

-> Go to Sonar Server Dashboard -> Click on profile -> My Account -> Security -> Generate Token 


<properties>	
		<sonar.host.url>http://3.111.219.207:9000/</sonar.host.url>
		<sonar.login>sqa_830a529b9dec2f6dcfa85debe352bf72289293ee</sonar.login>
</properties>


================
Lessons learnt
================

1) Don't create Random class object inside method, create at class level and re-use that.

2) Declare private constructor for AppConstants class

3) Remove unwanted curley braces in lambda expresions

4) Remove Commented Code

5) Remove unused import statements and unsed method parameters

6) Declare constants for repeated String literals

7) Remove Duplicate Code

8) Handle NullPointerExceptions properly

9) Don't use StringBuffer bcz it is therad safe. Instead of that use StringBuilder class which is not thread safe hence multiple threads can access at a time.