• Cast Software Vs Sonar Con Tu
• Cast Software Vs Sonar Con 2
• Cast Software Vs Sonar Con 3

Sonar (originally an acronym for sound navigation ranging) is a technique that uses sound propagation (usually underwater, as in submarine navigation) to navigate, communicate with or detect objects on or under the surface of the water, such as other vessels. Software Updates 02/14/17. Offering the unique ability to identify productive areas prior to making the first cast, Lowrance SpotlightScan Sonar helps anglers save valuable time on. Weather/Entertainment; NMEA 2000; VHF/AIS. IK Multimedia iRig Mic Cast podcasting mic for smartphones. The Sonar LE software which is included with this mic can be.

In my (huge) company we mostly use two tools for code analysis:

• Sonar(Qube) - in the development, tightly integrated with CIs, known and loved my developers.
• CAST - required by the processes. No continuous measurements, only a couple of times a year, for instance on major releases. CAST analysis is completely decoupled from the development, done by a separate team (we just send the delivery package to analyse).

I'm on the dev side as you may guess, I (somewhat) know Sonar/PMD, but not CAST. In any case I'm not quite happy with the frequency of the CAST analysis, but It is probably not the process I could influence or change.

So I was thinking if it maybe would be possible to implement in Sonar similar rules as in CAST. Surely not all and not everything but at least something that there would be no big surprises from the CAST analysis of releases.

I googled all over, looking for something like 'PMD rules for Sonar/PMD' but could not find anything.

My question ist for those who have experience with both Sonar and CAST:

Is it possible to implement CAST analysis rules (or a certain approximation thereof) in Sonar?

3 Answers

I know both tools, CAST and SonarQube.The answer to your question will be technology dependant: which languages are you using for your developments? Are you using any framework?

Cast Software Vs Sonar Con Tu

Don't tell me just J2EE, because this covers a lot of different languages: Java, JavaScript, JSP, HTML, ... not talking about frameworks (Spring, Hibernate, Struts, ...) and each solution will have different analyzers for these languages with different rules.

The main thing between CAST and SonarQube is that both use lexical analyzis to identify violations to programming best practices, but CAST also identify links between components (reason why it's slower). So CAST will have some metrics like fan-in/fan-out and some additional rules (that they name architectural or structural), like avoid direct access from presentation layer to data layer. Also, it comes with some xml files to analyze framework components.

This kind of rules could represent an additional 20%, but again this is very language dependant. And also of the versions of both tools as the number of rules may be different between releases.

And no, I think that not all of these 'architectural' rules would be possible to implement with SonarQube. However, they are not all very critical so you don't miss so much.

I suppose you company use CAST as some Quality Gate? In that case, I would recommand to work with the guys using CAST in order to identify which CAST rules are critical for them and could trigger a NoGo or KO. Just post these rules here, and I am sure you will get some good comments about it.

Do not hesitate to ask for further precision.Regards.

I believe that the set of available rules in SonarQube should cover 99% of the rules you're checking with CAST. If you can't find a valuable rule from CAST in the SonarQube's set, feel free to inquire on stackoverflow.

We use sonarqube in our development envinronment in the company, but in my project the client uses CAST as SQ tool. Almost all CAST rules are covered by sonar rules, for those that are not, we write it using XPATH based on squid java plugin (Sonar 3.8+ if I remember well).

With XPATH we covered the 99% of the CAST rules, we write 30 rules more or less. You can find more information about in this link, there are a tool for test de XPATH rules based on AST representation of a class too (linked in the link below).

By the way, our project is based on Java, Oracle Web Center Sites, spring, cxf and JPA/hibernate

Hope helps, cheers

Not the answer you're looking for? Browse other questions tagged code-analysissonarqubepmdstatic-code-analysis or ask your own question.

Cast Software Vs Sonar Con 2

SonarQube (formerly Sonar)^[1] is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments,bugs, and security vulnerabilities.^[2][3]

Cast Software Vs Sonar Con 3

SonarQube can record metrics history and provides evolution graphs. SonarQube provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).^[4][5][6]

Overview[edit]

SonarQube includes support for the programming languages Java(including Android), C#, PHP, JavaScript, TypeScript, C/C++, Ruby, Kotlin, Go, COBOL, PL/SQL, PL/I, ABAP, VB.NET, VB6, Python, RPG, Flex, Objective-C, Swift, CSS, HTML, and XML.^[7] Some of these are only available via a commercial license.

SonarQube is available for free under the GNU Lesser General Public License. An enterprise version for paid licensing also exists, as well as a data center edition that supports high availability.^[8][9]

SonarQube integrates with Eclipse, Visual Studio, and IntelliJ IDEA development environments through the SonarLint plug-ins, and also integrates with external tools like LDAP, Active Directory, GitHub, and others. SonarQube is expandable with the use of plug-ins.^[10][11]

Reception[edit]

In 2009, SonarQube received the Jolt Awards under testing tools category.^[12][13]

See also[edit]

References[edit]

1. ^Freddy Mallet (20 March 2013). 'SONAR is becoming SONARQUBE'. SonarQube project mailing list. Retrieved 3 July 2013.
2. ^'Methods and Tools issue'(PDF). 2010-03-01. Retrieved 2017-08-29.
3. ^Campell/Papapetrou, Ann/Patroklos (2013). Sonar (SonarQube) in action. Greenwich, Connecticut, USA: Manning Publications. p. 350. ISBN978-1617290954.
4. ^Buijze, Allard (2010-02-26). 'Measuring Code Quality With Sonar'. Retrieved 2017-08-29.
5. ^Odendaal, René (2009-06-24). 'Continuous Integration on SAP using Subversion, Maven, Hudson, Nexus and Sonar'. Retrieved 2017-08-29.
6. ^Smart, John (2010-03-14). 'How can you improve, harmonize and automate your development process using tools like Maven, Hudson, and Nexus?'. Retrieved 2017-08-29.
7. ^'Multi-Language SonarQube'. Retrieved 2017-11-25.
8. ^'License SonarQube'. www.sonarqube.org. Retrieved 2018-03-28.
9. ^'Plans & Pricing SonarSource'. www.sonarsource.com. Retrieved 2018-03-28.
10. ^Mariano (2009-11-17). 'Creating a Sonar Plugin for software development metrics'. Archived from the original on March 24, 2010. Retrieved 2017-08-29.Cite uses deprecated parameter deadurl= (help)
11. ^Hazrati, Vikas (2010-03-30). 'Monetizing the Technical Debt'. Retrieved 2017-08-29.
12. ^'Jolt Awards Winners'. 2009-03-18. Archived from the original on February 1, 2010. Retrieved 2010-04-13.Cite uses deprecated parameter deadurl= (help)
13. ^'Jolt Productivity Award #2: Testing and Debugging'. 2010-12-01. Retrieved 2010-12-09.

External links[edit]