https://backend-engineering-strategy-tools.github.io/site/tags/code-quality/Recent content in Code-Quality on Backend Engineering Strategy ToolsHugo -- gohugo.ioen-usMon, 01 Jan 2024 00:00:00 +0000https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/code-quality/Mon, 01 Jan 2024 00:00:00 +0000https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/code-quality/<p>Static analysis catches bugs and code smells before they reach production. Architecture analysis catches structural decay before the codebase becomes unmaintainable. SonarQube does the former; Structure101 does the latter.</p> <h2 id="sonarqube">SonarQube </h2><p>A code quality and security platform. SonarQube runs static analysis on your codebase and reports bugs, code smells, security hotspots, and test coverage in a web dashboard. It supports 30+ languages; the Java and Kotlin analysis is particularly deep. Integrates into CI pipelines via the SonarScanner — a quality gate can fail the build if new code introduces issues above a configured threshold.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Run analysis (from project root, after configuring sonar-project.properties)</span> </span></span><span style="display:flex;"><span>sonar-scanner <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> -Dsonar.projectKey<span style="color:#f92672">=</span>my-project <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> -Dsonar.sources<span style="color:#f92672">=</span>src/main <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> -Dsonar.tests<span style="color:#f92672">=</span>src/test <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> -Dsonar.host.url<span style="color:#f92672">=</span>https://sonarqube.example.com <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> -Dsonar.token<span style="color:#f92672">=</span>$SONAR_TOKEN </span></span></code></pre></div><p><strong>Quality gates</strong> define the conditions a project must meet — for example: no new critical bugs, test coverage on new code ≥ 80%, no new security hotspots unreviewed. A gate failure blocks the PR merge or CI pipeline. The built-in &ldquo;Sonar Way&rdquo; gate is a sensible default; most teams customise it over time.</p> <p>SonarQube Community Edition is free and covers the core analysis features. Enterprise Edition adds branch analysis, portfolio views, and security reports.</p> <h2 id="structure101">Structure101 </h2><p>An architecture analysis tool for Java projects. Structure101 visualises the dependency structure of a codebase as a layered graph and identifies violations — circular dependencies between packages, classes depending on layers they shouldn&rsquo;t reach, packages with too many inbound dependencies. It is particularly useful for large, long-lived Java codebases where architectural boundaries have eroded over time.</p> <p>The key report is the <strong>tangle</strong> metric: a tangle is a group of packages with circular dependencies, and the tangle percentage measures how much of the codebase is affected. A clean architecture has zero tangles. Structure101 shows exactly which dependencies create each tangle, making it possible to systematically break them.</p> <p>It integrates with build systems (Maven, Gradle) to enforce architecture rules in CI — build fails if the tangle percentage exceeds a threshold, or if a dependency violates a defined layering rule.</p> <h2 id="resources">Resources </h2><ul> <li><a class="link" href="https://docs.sonarsource.com/sonarqube/" target="_blank" rel="noopener" >SonarQube documentation</a></li> <li><a class="link" href="https://www.sonarsource.com/open-source-editions/sonarqube-community-edition/" target="_blank" rel="noopener" >SonarQube Community Edition</a></li> <li><a class="link" href="https://structure101.com/documents/" target="_blank" rel="noopener" >Structure101 documentation</a></li> </ul>