Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How SonarQube A, B C,D and E Rating Calculated?

Tags:

sonarqube

On Project Dashbord you see below on different attributes.

"D" Security Rating on New Code is worse than A

"enter image description hereC" Reliability Rating on New Code is worse than A

Do we have measure criteria documented ?

like image 678
RoshanKumar Mutha Avatar asked Jun 20 '17 12:06

RoshanKumar Mutha

People also ask

What does SonarQube measure?

SonarQube measures code quality based on different metrics. The most important metric is the code coverage metric. In this case, no tests have been written, which means you have no code coverage. The cool thing about SonarQube is that it indicates the number of lines that aren't covered by tests.

How do you find Cyclomatic Complexity in SonarQube?

It is the Cyclomatic Complexity calculated based on the number of paths through the code. Whenever the control flow of a function splits, the complexity counter gets incremented by one. Each function has a minimum complexity of 1. This calculation varies slightly by language because keywords and functionalities do.

How does SonarQube calculate duplicated code?

SonarQube detects duplications in files and projects and also across projects. SonarQube reports duplication by line, block, and file. If you've lived through this type of situation, you already know that duplicate code is one of the highest risk factors for bug propagation.

What is reliability rating in SonarQube?

Reliability Rating – A-E, depending on the presence of minor, major, critical, or blocker bugs. Reliability remediation effort – Effort to fix all bug issues. The measure is stored in minutes in the DB. An 8-hour day is assumed when values are shown in days.

1 Answers

Documented? Why, yes. Yes they are: https://docs.sonarqube.org/display/SONAR/Metric+Definitions

Specifically, Security and Reliability ratings are based on the severity of the worst open issue in that domain:

  • E - Blocker
  • D - Critical
  • C - Major
  • B - Minor
  • A - Info or no open issues

For Maintainability the rating is based on the ratio of the size of the code base to the estimated time to fix all open Maintainability issues:

  • <=5% of the time that has already gone into the application, the rating is A
  • between 6 to 10% the rating is a B
  • between 11 to 20% the rating is a C
  • between 21 to 50% the rating is a D
  • anything over 50% is an E

The size of the code base is calculated by the number of lines where

The value of the cost to develop a line of code is 0.06 days.

like image 65
G. Ann - SonarSource Team Avatar answered Oct 29 '22 21:10

G. Ann - SonarSource Team
Sign in to Comment

Related questions

How do I make Hudson/Jenkins fail if Sonar thresholds are breached?
Groovy/Grails plugin for Sonar
Sonarqube authorization - how to authorize with sonar-maven-plugin when sonar.forceAuthentication is enabled
sonar jdbc properties are not supported anymore in sonarqube 5.3 version
What is NPath Complexity and how to avoid it?
automatically add curly brackets to all if/else/for/while etc. in a java code-base
Can't run Sonar Server caused by Elasticsearch cannot running as root
Adding a new project to Sonar v.2.9
Duplicated block of Code in Sonar for import statements in Java
Access quality gate status from sonarqube api
importing javascript xml junit tests to SONAR using jstestdriver fails
The Sonar way to define a constant
Property 'sonar.jacoco.reportPath' is deprecated. Please use 'sonar.jacoco.reportPaths' instead
Where is a Scala profile for SonarQube?
sonarqube "new code" definition
How do I correctly integrate Maven, Jenkins, Sonar and Cobertura?
SonarQube + Lombok configuration
SonarQube Findbugs "needs sources to be compiled"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!