SonarQube in Action, the Book - Interview with the Authors

by olivier gaudin|

    It’s official... “SonarQube in Action” is available in stores - Thanks to the efforts of two community members, fanatics of software quality and advocates of SonarQube and its continuous inspection model. The book’s objective is to provide insight on how to effectively use SonarQube in a quality management process, and it systematically explores the Seven Axes of Quality (design, duplications, comments, unit tests, complexity, potential bugs, and coding rules). It targets software development professionals, including engineers, Q/A and testers as well as project/product managers and team leaders.

    Interview with the authors, G. Ann Campbell and Patroklos P. Papapetrou:

    What is your background?

    Ann: I'm an English major, a former reporter, a self-taught coder, and a Computer Science graduate. After graduating with my English degree, I fell into reporting, and eventually transitioned from the newsroom to the web side to support and integration to coding the C back-end. Once I realized that programming was what I wanted to do for a living, I went back to school to formalize my education. I did it partly because when you're self-taught, you don't know what you don't know, and partly so there would never be any question that I was qualified. I've been at it for 15 years now. I learned on Perl (the Llama book!), and my first compiled language was C, but these days I usually work in Java. I miss the bare elegance of C, but I do like Java's String functions.

    Patroklos: I'm a software engineer (mostly Java, but also javascript, scala and python), addicted to software quality and a team leader with more than 15 years of experience in agile development. I believe and invest in people and team spirit seeking quality excellence.

    How and for how long have you been using SonarQube?

    Ann: Since 2010. We came across it earlier, but it wasn't until the first SonarQube Jenkins plugin offered shallow "Maven-ization" of our Ant projects that it was an option for us. Today we've got as much of our code - Java, C#, COBOL, and JavaScript - under nightly analysis as I can get my hands on.

    Patroklos: I did my first baby steps with SonarQube during the first months of 2010. I merely used version 1.12 and then upgraded to v.2.0. It's almost 4 years! Woaoh! I haven't thought about that before! At the beginning I was trying to familiarize myself with the meaning of metrics and how do they affect software quality. Very quickly SonarQube (Sonar at the time) became the first and last thing I was looking at my screen. It is fully integrated to our development process with automated nightly builds (thank you Jenkins) and recently we started to make Code reviews using SonarQube.

    Are you part of the community?

    Ann: Are you kidding? I've been a community gadfly since I started using SonarQube!

    Patroklos: Yes. I'd consider myself as an active member of both user and dev mailing lists. Apart from helping people getting the best from SonarQube, I've contributed to several plugins such as Widget Lab, SCM Stats, Thucydides etc.

    Why did you decide to write a book about SonarQube?

    Ann: Because I could! When Patroklos told me he was going to write SonarQube in Action & needed a co-author, I jumped at the chance! It was a childhood ambition to be an author, but some part of me also hoped I could make a lasting contribution to the larger community by sharing my experience and insights.

    Patroklos: Well, to be honest I didn't have any intention to write a book (about SonarQube). One day another publisher (not Manning) approached me and asked me if I wanted to write one. I was flattered, but didn’t have the time to do it justice, so I turned it down. But although I didn’t write that book, I didn’t forget the idea. When my schedule cleared, I approached Manning about writing SonarQube in Action. A few short months after that, Ann and I were on our way.

    Who is the book targeting and what's the audience?

    Ann: Ideally, the book would be read by every member of a development team: project managers, testers, coders, &etc. The first part of the book is about the metrics - what they are, what they mean, and why you care. Part 2 is about organizing your effort. It tries to answer the "now what?" after your first analysis. Part 3 is about how you can configure SonarQube to get the most out of it, with the final chapter outlining plugin development for those who want to go even further.

    Patroklos: SonarQube is a great (personally I believe it's the best) tool for managing source code quality. However it’s not always easy to get the best out of it, especially if you're not familiar enough with quality metrics. The "SonarQube in action" book fills that gap and explains how SonarQube can make a difference for development teams. Through real life examples, it discusses the seven quality axes and all the quality management features it offers. It's not a user or administration guide. It provides the steps to adopt Continuous Inspection, to understand the importance of the core quality metrics and how they affect source code quality.

    Anything else to share with your readers?

    Ann: I've seen some real coding horrors in my day: variables named things like please_work, miles-long strings of spaghetti, bone-headed mistakes you can't believe someone actually had the gall to check in. I could go on and on. Probably most folks reading this could too. As a coder, you know when you're looking at bad code, but when that code came from one of the most senior developers in the company, no one wants to believe you. SonarQube takes what has been subjective ("Oh my God! He's making it throw an NPE on purpose!"), and makes it objective. It removes personalities and biases and lays out the facts for everyone to see.

    Whether or not you buy the book, you should be using SonarQube. I think - I hope - there will come a day when quality scores are regularly included in software requirements and specs. As a consumer, I need quality software. Deserve is an over-used word these days, but I think it's fair to say that when you put your trust in a software vendor - in an application - you deserve to have it rewarded with a quality offering. I think the users of my software deserve that. And SonarQube helps me deliver.

    Patroklos: Every chapter is organized in such a way that you can read it separately from the rest. We do suggest that you read chapter 1, especially if you’re not an experienced SonarQube user, because it’s an overview of SonarQube and introduces some basic ideas you may need when reading the rest of the book. If you decide to read the book sequentially, you’ll find that each chapter is connected to the previous one, and the chapters flow smoothly, without gaps. But again, you can skip any chapter and come back later if you want to.

    We did our best to ensure that this book will become a reference for you whenever you need to learn or remember anything about SonarQube or its computed metrics.