SonarQube 是 Checkstyle、PMD、FindBugs 的替代品吗? [英] Is SonarQube Replacement for Checkstyle, PMD, FindBugs?

问题描述

我们正在从头开始开发一个网络项目，并正在研究以下静态代码分析工具.

We are working on a web project from scratch and are looking at the following static code analysis tools.

• 约定(Checkstyle)
• 不良做法 (PMD)
• 潜在错误 (FindBugs)

该项目建立在 Maven 之上.我没有为此使用多种工具，而是在寻找一个灵活的解决方案并遇到了 SonarQube.

The project is built on Maven. Instead of using multiple tools for the purpose, I was looking at a single flexible solution and came across SonarQube.

我们真的可以使用 SonarQube 实现 Checkstyle、PMD 和 Findbugs 的结果吗?

Is it true that we can achieve the results from Checkstyle, PMD and Findbugs with SonarQube?

推荐答案

Sonar 将默认为 Java 项目运行 CheckStyle、FindBugs 和 PMD，以及一些其他插件"，例如 Cobertura(代码覆盖率).然而，主要的附加价值是它将历史存储在数据库中.然后您可以看到趋势.您是改进代码库还是反其道而行之?只有有记忆的工具才能告诉你.

Sonar will run CheckStyle, FindBugs and PMD, as well as a few other "plugins" such as Cobertura (code coverage) by default for Java projects. The main added value, however, is that it stores the history in a database. You can then see the trend. Are you improving the code base or are you doing the opposite? Only a tool with memory can tell you that.

您应该在 CI 系统中运行 Sonar，以便即使需要一些时间来执行的事情(例如 CPD – 复制粘贴检测器)也可以运行.你会有你的历史.而使用 Eclipse 插件，例如，您会更快地检测到违规行为 - 这很棒 - 但是如果它开始花费太长时间，您会倾向于减少运行它的频率，或者运行较少的质量插件""(如跳过 CPD 或跳过代码覆盖分析).而且你不会有历史.

You should run Sonar in your CI system so that even things that take some time to execute (such as CPD – copy paste detector) can run. And you'll have your history. Whereas with an Eclipse plugin, for example, you'll detect violations sooner – which is great – but you will be tempted to run it less often if it starts taking too long, or run less "quality plugins" (such as skipping CPD or skipping code coverage analysis). And you won't have history.

此外，Sonar 生成 视觉 报告，仪表板"样式.这使得它非常容易掌握.使用 Jenkins 中的 Sonar，您将能够向开发人员和您的管理人员展示过去几周和几个月内执行的工作对代码库质量的影响.

Also, Sonar generates visual reports, "Dashboard" style. Which makes it very easy to grasp. With Sonar in Jenkins, you'll be able to show developers and your management the effects of the work that was performed on the quality of the code base over the last few weeks and months.

这篇关于SonarQube 是 Checkstyle、PMD、FindBugs 的替代品吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！