Menu
On Project Dashbord you see below on different attributes.
"D" Security Rating on New Code is worse than A
"
C"
Reliability Rating on New Code
is worse than A
Do we have measure criteria documented ?
678
SonarQube measures code quality based on different metrics. The most important metric is the code coverage metric. In this case, no tests have been written, which means you have no code coverage. The cool thing about SonarQube is that it indicates the number of lines that aren't covered by tests.
It is the Cyclomatic Complexity calculated based on the number of paths through the code. Whenever the control flow of a function splits, the complexity counter gets incremented by one. Each function has a minimum complexity of 1. This calculation varies slightly by language because keywords and functionalities do.
SonarQube detects duplications in files and projects and also across projects. SonarQube reports duplication by line, block, and file. If you've lived through this type of situation, you already know that duplicate code is one of the highest risk factors for bug propagation.
Reliability Rating – A-E, depending on the presence of minor, major, critical, or blocker bugs. Reliability remediation effort – Effort to fix all bug issues. The measure is stored in minutes in the DB. An 8-hour day is assumed when values are shown in days.
Documented? Why, yes. Yes they are: https://docs.sonarqube.org/display/SONAR/Metric+Definitions
Specifically, Security and Reliability ratings are based on the severity of the worst open issue in that domain:
For Maintainability the rating is based on the ratio of the size of the code base to the estimated time to fix all open Maintainability issues:
The size of the code base is calculated by the number of lines where
The value of the cost to develop a line of code is 0.06 days.
65
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
