Build World-Class Apps with SonarQube Enterprise Edition

by clint cameron|

The Challenge

A small, nimble development team can neatly and efficiently deliver without too many project management hiccups. However, there can come a point where there are just too many parts and pieces to track with project-level metrics. You reach a point where it’s difficult to consistently and efficiently track progress toward delivery. After all, the overall quality of your app is only as good as the weakest part. In this scenario, the stakes are higher and yet important measurements and indicators can be elusive. For example, how do you answer a fundamental question like “my app consists of five separate projects, each with their own code quality rating AND what is the overall rating of the application”?

Figuring out how to obtain the answers to these types of questions doesn’t need to keep you up at night. SonarQube Enterprise Edition (EE) includes visualization tools aimed at these use cases. The SonarQube Application and Portfolio features are visual containers that allow you to organize and track projects around your business objectives. 

Lessons From the Shipyard

If we think of an application as a set of building blocks, then files and projects are the basic elements. You combine the right elements here and there and you have a product portfolio. How your organization manages this process is the difference between success and failure. Best practices have changed from the days of monolithic apps. Modern shipbuilding is a great analogy. Back in the day, you laid a keel and built up from there. Months or even years later, you launched with great fanfare and hoped it would actually float as it slid off the rails.

Haphazard ship launch

Nowadays, we still launch with a champagne bottle however, the process is much more complex, orchestrated and component-based. Let’s build the observation deck at the same time as the engine room and assemble it all the like the world’s most complicated jigsaw puzzle! By managing the quality of the components and the output simultaneously, we can efficiently build and deliver a range of products in less time. 

All these same challenges are present in modern software development. The key to success is managing the process while understanding quality and delivery readiness (aka releasability) metrics. At all times, we need a ‘view’ of the big picture. Will the final product be effective and safe to use and ready to deliver on time?

“Raise your quality standards as high as you can live with, avoid wasting your time on routine problems, and always try to work as closely as possible at the boundary of your abilities. Do this, because it is the only way of discovering how that boundary should be moved forward” ― Edsger Dijkstra

Awesome Apps Come From Talented Devs and Great Tools

While SonarQube can’t help you find great developers, it is the right tool to help you build awesome apps! First, let’s look at the SonarQube Application feature. With an Application, you’re able to aggregate all the projects that ship together into a single view.

You can think of an Application as a custom view aligned with the software application(s) you deliver to your end-users. With this view, you can track the quality of your New Code period as well as the overall code in the application. A passing Quality Gate means your application is releasable from a code quality standpoint. 

Additionally, three detailed security reports let you know where you stand at all times against threats from OWASP and SANS vulnerabilities.

Managing the Building Blocks

Delivering awesome applications is great of course and that doesn’t happen without solid building blocks. One could argue that what really matters are the building blocks and that applications are just the result of putting things together in the right order. To that end, the SonarQube Portfolio feature helps you track the quality of these bread and butter elements.

A SonarQube Portfolio is similar in nature to an Application, just with a different objective. A Portfolio allows you to visualize projects around organizational or business objectives. For example, you can create a Portfolio to track all your front-end projects or all the projects for a geographical location. With a Portfolio, you get an instant, dynamic view of key health factors. Healthy Portfolios mean healthy building blocks for applications. 

Portfolios give you a lot of flexibility. In fact, you can nest Portfolios and Projects to create more complex views and better align measurement with what’s important to your organization. 

Furthermore, Portfolios give you the ability to track team participation and adherence to delivering clean code as part of the organization’s commitment to quality. Achieving the cleanest code possible can only be realized if Code Quality & Security is fully adopted as an organizational philosophy. The Portfolio feature allows you to track that. Portfolio views make it easy to track whether your organization is following the Clean as You Code methodology.

Share the Good Vibes with Higher-ups

SonarQube helps your development teams deliver cleaner code so we want you to share the gains. SonarQube Enterprise Edition also includes executive-level reporting capabilities. These reports work hand-in-hand with the Portfolio feature to give you insight into key metrics such as reliability, maintainability and releaseability. Additionally, security-focused reports allow you to track project and Portfolio security metrics against the OWASP Top 10 and SANS Top 25 standards. You can generate reports on an ad-hoc basis or subscribe to a weekly emailed report.

Management Flexibility with Applications vs. Portfolios

A one size fits all approach doesn’t work at the enterprise level so that’s why SonarQube EE offers dedicated tools focused on important use cases. Applications are focused on your ‘external’ delivery. They give you insight so you can ensure that your output (your apps) will delight end users. Portfolios compliment Applications by focusing on ‘internal’ delivery and give you insight that as an organization, everyone is following with the Clean Code philosophy. 

The beauty of Applications and Portfolios is that you can set them up to ensure Code Quality consistency for different, but equally important goals!

Thanks for reading and happy, clean coding!

Pick a topic to discover more:

Learn more about Applications and Portfolios

Learn more about SonarQube Enterprise Edition

Read the Clean as You Code blog article