Это видео недоступно.
Сожалеем об этом.
SonarQube - Code Quality and Code Security - Code Quality Gates
HTML-код
- Опубликовано: 14 авг 2024
- Sonarqube is a tool with that you can check your Flutter and Dart application it allows you to get metrics and critical figures for your project.
#Sonarqube #Dart #Flutter
If you want to see me live coding from time to time, then I am glad to invite you over on Twitch!
/ maxexplaines
If you like our work and want to support us, feel free to join us on Patreon.
/ flutterexp
Relevant Links
SonarQube: www.sonarqube....
Support for Dart: community.sona...
Plugin for Dart & Flutter: github.com/ins...
SonarScanner: docs.sonarqube...
Timetable
00:00 Small Joke :)
00:31 Intro to Sonarqube
02:00 SonarQube for Dart?
02:53 How SonarQube helps us
04:00 Download and Setup Sonarqube Server
06:47 Setup SonarQube Server
08:02 SonarQube Scanner
08:47 Support for Dart & Flutter
10:11 Scan our first Project
12:32 Key Metrics in SonarQube
16:00 Recap
Join this channel to get access to perks:
/ @flutterexplained
** New Mentorship Program to boost your Flutter career **
gumroad.com/pr...
**BOOKS I RECOMMEND**
geni.us/flutte...
geni.us/clean-...
** RUclips OPTIMIZATION PLUG-INS I USE **
TUBEBUDDY: www.tubebuddy....
VIDIQ: vidiq.com?afmc=7jl
**ALL THE RUclips EQUIPMENT I USE**:
Our current RUclips gear
💻 MacBook Pro: geni.us/mac-book
📹 Lumix FZ1000: geni.us/fz-1000
🎙 Samson Mic: geni.us/samson...
🎉 ACCESSORIES:
Satechi USB-C Adapter: geni.us/P9R0
SD Card for 4k Videos: geni.us/PTAc
Disclaimer Flutter Explained (Max & Mahtab) are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to www.amazon.com.
** Social Medias **
Website: flutter-explai...
Say hi to Max
Twitter: / flutter_exp
GitHub Max: github.com/md-...
LinkedIn: / max-weber-9889a3ba
Discord: / discord
Say hi to Mahtab
Twitter Mahtab: / mahtab_dev
GitHub Mahtab: github.com/mt-...
Hey guys,
For those who followed the tutorial but couldn't run it, here's what the problem might be and how to solve it:
At the moment I'm talking about (31/08/2021) there is flutter plugin version 0.3.2, and I tried using it in sonarqube 9.0, and unfortunately this sonar version has problems for this plugin.
So the version that runs normally will be exactly the same as the video= Sonarqube 8.8 and flutter plugin 0.3.1
Hope it helps more people, thanks for the tutorial, it was awesome! I'm Brazilian and your English was perfectly paced and calm, I understood 100% of everything you said, thank you!
Thank you for the support here, I pinned your comment so hopefully everyone who needs it gets access to it. 🙂
@@FlutterExplained many thanks! 🙏🏻
I'm using sonarqube for one of my microservices. I'm upgrading the code on to spinnaker and getting failed tests so this helps to understand what each thing does on the dashboard.
Extremely perfect. Thank you so much!!! Still works perfectly
Great video -- I also have the sonar scanner running on my flutter project on an azure pipeline. The part which isnt very clear is whether the scanner is also checking the external plugins that are used within the flutter app: for example, a camera plugin. I ran the scanner on my current work flutter project and I was a bit surprised that there were no security vulnerabilities, etc. From the web report generated by the scanner, there are many sections: duplication, size, complexity, issues, coverage, etc -- and when I click on the Overview tab within those sections, it just jumps into a code, with very little info. For example, I click on Code Smells inside of Maintainability, and how shows one particular bloc file, with New Code Smells: 0. My flutter project has over 200 files, and 100+ folders. So, it isnt small and probably has some flaws.
Does all the sonarqube features require the non-community licence? I noticed that the enterprise edition provides the security reports. Any insights before I try the 14 day trial?
I've tried on Sonar Qube Enterprise Edition, with plugin version 0.5.1 and can't get security reports, does anyone know if is this a problem with the extension? or some extra configuration needs to be made?, documentation does not mention at all.
Code coverage % is always displayed as zero. Any inputs on how to fix this?
Thanks, for such detailed guide, added it to my CI/CD flutter project. Waiting for native support for dart from sonar team.
If you do not like to wait in the meantime there is also a very promising new project around a community plugin that you could check out: github.com/insideapp-oss/sonar-flutter
@@FlutterExplained yes, I use it just now, and it works pretty well, but official support will be great
Thank you for this fantastic video, 😆
Glad you enjoyed it and could make good use of it!
if i add .jar file into plugin and again run this command 'C:\sonarqube\bin\windows-x86-64\StartSonar.bat' so it's return error
thank you , so much
Always welcome
imho SonarQube will be relevant only if and when will support github actions
Thanks for your honest opinion. I guess the Scanner is already implemented inside of GitHub Actions. I am not sure though if it works already with a failing quality gate. I will investigate a little bit :)
This is officially supported: github.com/marketplace/actions/official-sonarqube-scan
I played with SonarQube some days ago, but not in production yet.
Great, I use it usally in JS and Web Projects but I like the community edition at least to get an basic understanding and a visible indication :). I really hope SonarSource will support it in the future.
I am using sonarqube in docker, now how can I follow these instructions?
Hi folks! I've already follow the tutorial and the coverage don't appear. I need another config?
Thank you for this :)
Thank you for tutorial. But I have problem. I followed tutorial, when I wrote terminal in Android studio I am getting the error.
Project root configuration file: NONE
Amazing 😍😍😍
how is it different from dart code metrics check, does it provide additional code quality standards, or just for a GUI interface. For me and my team its not worth it.
We are always looking for most strict code quality process.
Let us know how we can improve it more
Great question, I had no specific look for now in dart code metrics check and will have now a deeper look. I believe at the moment because it is not fully supported. But in general it is not only about the UI it also includes some deployment and task features into it.
For full supported languages like Typescript / Java etc. it also offers more features like task management, if you enter your passwords or if you have malfunctioning code. Also security it gives you additional insights in security issues.
@@FlutterExplained Ok great, thanks
How can I get a similar home setup, the seat and monitors
This is great video, but i wanna ask. Why my code smell report is 0 Code Smell? i already using same version sonarqube, sonar scanner, and plugin flutter sonar.
Mhhh, it could be that you have awesome code. If we take that appart it could be that the plugin is not correctly working or that your code was not correct scanned. Are the other metrics work ok? Maybe it is a rule setting that you have to adjust.
@@FlutterExplained hi thanks for the reply. But i at my ide i got 48 code smells. When in run sonar scanner i got this error message : ERROR: org.buildobjects.process.StartupException: Could not startup process 'flutter analyze'. Can you pls help me?
Thank you for tutorial. But I have problem. I followed tutorial, when I wrote terminal in Android studio I am getting the error.
'sonar-scanner.bat' is not recognized as an internal or external command,
operable program or batch file
That is a quite typical System Variable problem, did you download and unzipped the sonar-scanner.bat file? Then you will need to add it to your System Environment Variables. I explain that for windows at 8:30. I hope that helps :)
Set Enviroment Variable
Hi, have You fixed Your problem? I have the same and from 3 days I'm trying to fix it.. And yes I have added it to system environment var. How did You fixed it?
Thank you for a very informative video. From what I can see Sonarqube is getting more and more popular. I havent used it yet but I think I will start with the community edition. In the project Im workig we're using over 95 librarier for Python . Does Sonarqube check if libraries are up to date?
Good question, but no I guess it will not check the dependencies :)
Hey! I can confirm we (SonarSource) don't raise any warnings saying your dependencies are not up to date. This is called SCA and we don't provide yet such feature. For Python we have a powerful SAST engine that can find injection vulnerabilities in your code. You can try it for free at SonarCloud.io
can someone please tell me, why earphone when he is recording over a microphone !!!
Sure with pleasure, it is to make sure that my voice is correctly hearable and there are no interference like for example my daughter shouting in the background. Else I would be not sure if the background is silent enough. Hope that answers your question :)
Thanks!
Is it possible to integrate this with codemagic workflow ?
Hello I'm Lena.🙋♀️😉
Welcome Lena :), ich hoffe es geht dir gut. Grüße von K.
Mir geht es gut.👍👌😉😃🤣😊
Und warum heißt du K?🤨🤔
Denke noch an das Video 😉
Wann machst du das Viedeo?
Bin dran :)
Can we define our own rules to sonar? And how complex they may be?
Great question, I have to admit I have never done it myself. But I checked the documentation and it looks like there are a large amount of possibilities.
docs.sonarqube.org/latest/extend/adding-coding-rules/
will these instructions work for M1 mac?
Hi Deva, for me all of them work and they worked well. Feel free to let me know your experience if you have tried it :)
: Error during SonarScanner execution
org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
Please help me to resolve the asap @ Flutter explained
anyone please help me
Starting SonarQube...
Unrecognized option: --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
Iam getting this error.please someone help @FlutterExplained
"The main branch has no lines of code." can not solve this,
Please use McaOS, thanks
Great installation tutorial. Love you direct, no-fluff approach. However, you did not talk at all about SECURITY in this video and code quality was so general and high-level that I did not get a sense of the value SonarQube gives me. Sorry, cannot give you thumbs up with this title. If you change it to SonarQube Local Installation and Top Level Code Quality Features, I would definitely give you a thumbs up. Keep in mind that when you put a title, people come with some expectations - for me that was about security and I mostly wasted my time because you did not cover it.
Hi George, first of all, let me apologise for your lost time and that you did not find the answer you searched for. You made great suggestions, and I will see what I can do so that no more people fall into the same trap.
As an answer to your security concerns, I can tell you that probably something like snyk is better for you than a static code analyser.
snyk.io/
Static Code analysers are more about shallow code security topics and should not take for a holy grail. Like do not commit passwords, there is HTTP instead of HTTPS used etc.
I hope that helps you and sorry again for the inconvenience.
Waaaaw 😅
What happened to the SECURITY part? Sorry, thumbs down :(