Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Make your code shine with Static Analysis and S...

Avatar for chintan khetiya chintan khetiya
December 14, 2022
Technology
0
270

Make your code shine with Static Analysis and SonarQube

Here we will cover different static lint checks for code analysis for the Kotlin Jetpack Compose. That will helps any developer team size to validate the code quality before having the code review. On another side, Sonarqube help to identify the code quality in depth. That will identify the Code smells, Duplication, vulnerabilities, Major issues, Blocker issues, security Issues, and more. Ultimately the goal of the developer should be to make a flag PASS on SonarQube. That indicates your code is aligned with best practices and easy to adopt by any other team members.

Approach:

What is code review and Why it is required?
Code Review Terminologies
Static Code Analysis in Jetpack Compose 👨‍💻
SonarQube Code Review automation for Android and Flutter 👨‍💻
Summary & Conclusion
Q&A

Avatar for chintan khetiya

chintan khetiya

December 14, 2022
Tweet

Other Decks in Technology

See All in Technology
Кто отправит outbox? Валентин Удальцов, автор канала Пых
Avatar for Lamoda Tech lamodatech
0
240
【TiDB GAME DAY 2025】Shadowverse: Worlds Beyond にみる TiDB 活用術
Avatar for Cygames cygames
0
610
2025/6/21 日本学術会議公開シンポジウム発表資料
Avatar for Keisuke Fujii keisuke198619
2
470
25分で解説する「最小権限の原則」を実現するための AWS「ポリシー」大全
Avatar for opelab opelab
8
2k
Amazon Bedrockで実現する 新たな学習体験
Avatar for Kazuki Maeda kzkmaeda
1
330
OTFSG勉強会 / Introduction to the History of Delta Lake + Iceberg
Avatar for Databricks Japan databricksjapan
0
120
監視のこれまでとこれから/sakura monitoring seminar 2025
Avatar for FUJIWARA Shunichiro fujiwara3
10
2.7k
ひとり情シスなCTOがLLMと始めるオペレーション最適化 / CTO's LLM-Powered Ops
Avatar for Mitsuki Ogasahara yamitzky
0
320
新規プロダクト開発、AIでどう変わった? #デザインエンジニアMeetup
Avatar for 弁護士ドットコム bengo4com
0
490
AI技術トレンド勉強会 #1 MCPの基礎と実務での応用
Avatar for Nisei Kimura nisei_k
1
240
TerraformをSaaSで使うとAzureの運用がこんなに楽ちん!HCP Terraformって何?
Avatar for Minoru Nakabayashi mnakabayashi
0
290
DenoとJSRで実現する最速MCPサーバー開発記 / Building MCP Servers at Lightning Speed with Deno and JSR
Avatar for Okuto Oyama yamanoku
1
240

Featured

See All Featured
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
22k
Side Projects
Avatar for Sacha Greif sachag
455
42k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
107
19k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
52
2.8k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
68
11k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
48
5.4k
The Language of Interfaces
Avatar for Des Traynor destraynor
158
25k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
267
13k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
36
2.7k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.6k

Transcript

  1. Make your code shine with Static Code Analysis and SonarQube

  2. Chintan Khetiya Software Specialist @Synoverge @khetiyachintan Pranay Patel SDE Android

    @MutualMobile @pranaypatel_

  3. #DevFestAhm #DevFest2022

  4. 1. What is manual code review? This talk

  5. 1. What is Manual Code Review? 2. What is Static

    Code Analysis? This talk

  6. 1. What is Manual Code Review? 2. What is Static

    Code Analysis? 3. Why Static Code Analysis? This talk

  7. 1. What is manual code review? 2. What is static

    code analysis? 3. Why Static Code Analysis? 4. How to do Static Code Analysis? This talk

  8. 1. What is Manual Code Review? 2. What is Static

    Code Analysis? 3. Why Static Code Analysis? 4. How to do Static Code Analysis? 5. Static Code Analysis In Jetpack Compose 󰞵 This talk

  9. 1. What is Manual Code Review? 2. What is Static

    Code Analysis? 3. Why Static Code Analysis? 4. How to do Static Code Analysis? 5. Static Code Analysis in Jetpack Compose 󰞵 6. Automate your code analysis using Sonarqube This talk

  10. Write Clean Code

  11. Reliable

  12. Secure

  13. Maintainable

  14. Modular

  15. Manual code review!

  16. What is manual code review?

  17. Peer code review!

  18. Self code review!

  19. What are the cons of manual code review?

  20. When you can avoid the code review?

  21. Any tools to avoid manual process?

  22. [Ahmedabad] Pranay Patel SDE Android @MutualMobile Static Code Analysis with

    Jetpack Compose

  23. What is static code analysis?

  24. What is static code analysis? • A method of debugging

    that is done by automatically examining the source code without having to execute the program.

  25. What is static code analysis? • A method of debugging

    that is done by automatically examining the source code without having to execute the program. • Identify the patterns in the code and detect possible issues in the quality of the code.

  26. Why Static Code Analysis?

  27. • Write bug-free code. Why Static Code Analysis?

  28. • Write bug-free code. 😅 Why Static Code Analysis?

  29. • Write bug-free code. • Following common code practices Why

    Static Code Analysis?

  30. • Write bug-free code. • Following common code practices •

    Better resource utilization Why Static Code Analysis?

  31. How to do Static Code Analysis?

  32. Static code analysis in Jetpack Compose with hands-on

  33. Twitter's Jetpack Compose Rules A set of custom ktlint rules

    to ensure that your composables don't fall into common pitfalls, that might be easy to miss in code reviews. https://twitter.github.io/compose-rules/

  34. • Set of Compose static checks to start with same

    patterns. • Detect as many potential issues as we can • Show errors prior to code review Why Twitter's Jetpack Compose Rules?

  35. kotlinter-gradle Painless Gradle plugin for linting and formatting Kotlin source

    files using the awesome ktlint engine. https://github.com/jeremymailen/kotlinter-gradle

  36. kotlinter-gradle • Twitter compose rules using Kotlinter

  37. kotlinter-gradle • Twitter compose rules using Kotlinter • Easy to

    set up

  38. kotlinter-gradle • Twitter compose rules using Kotlinter • Easy to

    set up • Fast with ktlint engine

  39. // Root build.gradle.kts plugins { id("org.jmailen.kotlinter") version "3.12.0" apply true

    } buildscript {...} subprojects { apply(plugin = "org.jmailen.kotlinter") } Install kotlinter-gradle Step 1:

  40. // Root build.gradle.kts plugins { id("org.jmailen.kotlinter") version "3.12.0" apply true

    } buildscript { dependencies { classpath "com.twitter.compose.rules:ktlint:<version>" } } Install Twitter Compose Rules Step 2:

  41. ./gradlew formatKotlin: format Kotlin source code according to ktlint rules

    or warn when auto-format not possible. ./gradlew lintKotlin: report Kotlin lint errors and by default fail the build. kotlinter-gradle adds these gradle tasks
  42. None

  43. Lets run ./gradlew lintKotlin in project! See actions in project

  44. Manual commands! 🤔

  45. Automate process! if ! ./gradlew lintKotlin ; then printf 1>&2

    "\nlintKotlin found problems, running formatKotlin; commit the result and re-push" $GRADLEW formatKotlin exit 1 fi Step 1: Create shell script using gradle tasks

  46. Git Hooks tasks.register("installGitHook", Copy::class) { from("${rootProject.rootDir}/scripts/git-hooks") into("${rootProject.rootDir}/.git/hooks") fileMode = 7

    * 64 + 7 * 8 + 7 } Step 2: Install pre-commit git hook https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks

  47. Install Hooks Step 3: ./gradlew installGitHook ${rootProject.rootDir}/.git/hooks

  48. Back to Demo

  49. ✅ Set of Compose static checks to start with same

    patterns. ✅ Detect as many potential issues as we can ✅ Show errors prior to code review It’s helps. right?

  50. Any other option for Code Review Automation

  51. Chintan Khetiya Software Specialist @Synoverge Speaker Image Placeholder Code Review

    Automation with for Android and Flutter [Ahmedabad]

  52. is a self-managed, automatic code review tool that systematically helps

    you deliver Clean Code.

  53. Detects Bugs, Vulnerabilities, Code Smell, Duplication and many more Why?

  54. Perform continuous code inspections Why?

  55. Analyses 30+ languages Why?

  56. Support CI pipeline and DevOps platform Why?

  57. Ensure code meets high-quality standards. Why?

  58. • Assign Bugs • Invite developers • Track bug by

    active/inactive status • Check list of rules • Track project all the time to maintain the quality • Get Code quality Report at single Dashboard Why?

  59. What if I run without Sonar

  60. Found New Bug

  61. SonarLint provides immediate feedback in your IDE as you write

    code so you can find and fix issues before a commit. Solution Stages

  62. SonarQube’s PR analysis fits into your CI/CD workflows Solutions Stages

  63. None

  64. ड े वलपम ें ट क े साथ भी, ड

    े वलपम ें ट क े बाद भी

  65. Quality Gates keep code with issues from being released to

    production. Always know your code health Passed Failed

  66. Types of Issues Code Smell 03 A maintainability issue that

    makes your code confusing and difficult to maintain. Vulnerability 02 A point in your code that's open to attack. Bug 01 A coding mistake that can lead to an error or unexpected behavior at runtime.

  67. SonarQube helps you find AND fix

  68. 1 BLOCKER 3 MAJOR 5 INFO 2 CRITICAL 4 MINOR

    Issue Severity

  69. BLOCKER: Bug with a high probability to impact the behavior

    of the application in production. Example: a memory leak, or an unclosed JDBC connection

  70. CRITICAL: Either a bug with a low probability to impact

    the behavior of the application in production or an issue that represents a security flaw. Example: An empty catch block or SQL injection

  71. MAJOR: A quality flaw that can highly impact the developer's

    productivity. Example: An uncovered piece of code, duplicated blocks, or unused parameters are examples of MAJOR issues

  72. MINOR: A quality flaw that can slightly impact the developer's

    productivity. Example: Lines should not be too long, and "switch" statements should have at least 3 cases

  73. INFO: Neither a bug nor a quality flaw, just a

    finding.

  74. Shall we jump to process?

  75. Prerequisite & Environment Configuration

  76. None
  77. None
  78. None
  79. None

  80. Configuration

  81. None
  82. None
  83. None
  84. None

  85. Configuration Flutter

  86. None
  87. None
  88. None

  89. It’s time for Demo

  90. None

  91. Key Learnings • What is manual code review? • What

    is static code analysis? • How to implement with Compose? • Code analysis using Sonarqube • Understand the types and stages of issue • How to automate code review process? • Sonar for Android and Flutter • Hands-On

  92. Sample Code 1. https://github.com/pranaypatel512/JetKite 2. https://github.com/khetiyachintan/Sonar-For- Android 3. https://github.com/khetiyachintan/Sonar-For- Flutter

  93. • https://docs.sonarqube.org/latest/ • https://plugins.gradle.org/plugin/org.sonarqube • https://github.com/insideapp-oss/sonar-flutter/releases/ • https://docs.sonarqube.org/latest/setup/get-started-2-minutes/ • https://techmusings.optisolbusiness.com/sonarqube-with-flutter

    -e294e48018f2 • https://www.youtube.com/watch?v=846xAH40oUM Helpful Links

  94. Hope you have!

  95. Chintan Khetiya Software Specialist @Synoverge @khetiyachintan Pranay Patel SDE Android

    @MutualMobile @pranaypatel_
  96. None