
What is Sonar?
Natan Ferreira
- 0
- 110
It’s a code analysis tool that helps in writing clean and secure code.
Writing clean and secure code is a challenge. While manual code reviews are an option, leveraging a code analysis tool like Sonar is an excellent idea. This allows us to maintain clean and secure code, gaining several advantages:
- Lower maintenance;
- Rework less;
- Minimize Risks;
Some companies that use it include

Support

Sonar products
There are three Sonar products that we can use, and they all share the same goal of identifying issues to keep the code clean and secure:

It is installed in the IDE and performs real-time code analysis directly within the IDE to identify issues.

It can be installed on the company’s server for teams to use and can be integrated into the pipeline.

It’s a cloud-based solution that can be integrated into the pipeline.
In this article, we will explore SonarLint and SonarQube.
Quality Gate
It indicates whether the code has reached a standard good enough for release. Green means it’s good, and red means it needs adjustments because it’s not good enough for release.

Image representing code ready for release.

Sonar Flow

I’ll summarize the workflow.
While coding, the code can be analyzed in real-time within the IDE, as shown in the flow. After pushing to the remote repository, the pipeline runs, and the code is analyzed in SonarQube or SonarCloud. The Quality Gate checks the code quality. If it doesn’t meet the quality standard, the task goes back to the developer for necessary adjustments. After the adjustment and another push to the remote repository, another analysis is performed. If it now meets the quality standard, the code can proceed to production.
Sonar Lint
In the following example, I demonstrate how to install SonarLint in IntelliJ.

In my case, I already have it installed.
It resides in the upper right corner and also underlines the code when it detects any issue.

Clicking on the icon provides more information about the issue, including examples of how to resolve it.

After resolving the issue, the icon turns green, indicating that everything is fine in this file.

Sonar Qube
The installation is simple, and for testing purposes, it can be done using Docker. After installation, it’s necessary to create a project, and through the command line, we can send the code for analysis.

Example of usage in SonarQube
After the code analysis, we can identify the issues.

Clicking on the issue provides more details.


Monitoring
We can also monitor the quality.

Security
It’s essential to note that the OWASP project is present in Sonar, which is crucial for promoting secure code.

Updates
In recent versions, there have been changes in issue types and severity.


Conclusion
The use of Sonar greatly helps in building clean and secure code. This brings many advantages such as less maintenance, rework less, minimizes risks, and ensures code security and readability. Another advantage is that we can monitor quality.
Author
-
I am a seasoned Full Stack Software Developer with 8+ years of experience, including 6+ years specializing in Java with Spring and Quarkus. My core expertise lies in developing robust RESTful APIs integrated with Cosmos Db, MySQL, and cloud platforms like Azure and AWS. I have extensive experience designing and implementing microservices architectures, ensuring performance and reliability for high-traffic systems. In addition to backend development, I have experience with Angular to build user-friendly interfaces, leveraging my postgraduate degree in frontend web development to deliver seamless and responsive user experiences. My dedication to clean and secure code led me to present best practices to my company and clients, using tools like Sonar to ensure code quality and security. I am a critical thinker, problem solver, and team player, thriving in collaborative environments while tackling complex challenges. Beyond development, I share knowledge through my blog, NatanCode, where I write about Java, Spring, Quarkus, databases, and frontend development. My passion for learning and delivering innovative solutions drives me to excel in every project I undertake.