Top SonarQube Interview Questions (2021) | CodeUsingJava
















SonarQube interview questions for experienced as well as freshers


  1. Describe SonarQube?
  2. What are the main components of SonarQube Platform ?
  3. Why should we use SonarQube ?
  4. Why does SonarQube need a database?
  5. How to Delete a project from SonarQube?
  6. Difference between New Integer vs valueOf?
  7. Mention basic steps for SonarQube processing ?
  8. What are rules in SonarQube?
  9. What languages does SonarQube support?
  10. What are the main components of SonarQube Platform ?
  11. How to configure Sonar to exclude files from Maven pom.xml?
  12. Does Sonar support multiple language in same project?

Describe SonarQube?

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.Sonar does static code analysis, which provides a detailed report of bugs, code smells, vulnerabilities, code duplications.
SonarQube reduces the risk of software development within a very short amount of time. It also detects bugs in the code automatically and alerts developers to fix them before rolling it out for production. It helps to highlight the complex areas of code that are less covered by unit tests.


What are the main components of SonarQube Platform ?

The SonarQube platform consists of three components:
SonarQube


Why should we use SonarQube ?

7 sections of code quality: Architecture and Design
Unit tests
Duplicated code
Potential bugs
Complex code
Coding standards
Comments

Why does SonarQube need a database?

SonarQube needs to talk to the database in order to save the results of the analysis.
The SonarQube Runner needs to talk to both the database and the web server. The SonarQube Runner is recommended as the default launcher to analyze a project with SonarQube.This means all the oasswords should go to the databse.


How to Delete a project from SonarQube?

  • Login as administrator.
  • Go to Administration -> Projects -> Projects Management.
  • Select the Project(s) you want to DELETE.
  • Click on Delete button at top right corner.

SonarQube

SonarQube

Difference between New Integer vs valueOf?

Integer valueOf(int i) Returns a Integer instance representing the specified int value. If a new Integer instance is not required, this method should generally be used in preference to the constructor Integer(int), as this method is likely to yield significantly better space and time performance by caching frequently requested values.
Here is how the cache is initialized:
public static Integer valueOf(int i) {
    final int offset = 20;
    if (i >= -20 && i <= 21) { // must cache
        return IntegerCache.cache[i + offset];
    }
    return new Integer(i);
}


Mention basic steps for SonarQube processing ?

Developer develops code and sends its code into repository system like SCM, git.
An automatic build is fired in Continuous Integration Server and execution of SonarQube Scanner happens for SonarQube analysis.
Report is sent to SonarQube Server for processing.
SonarQube Server processes the report and stores the analysis report results in the SonarQube Database and displays the results in the UI.
Developers review, comment, challenge their Issues to manage and reduce their Technical Debt through the SonarQube UI.

What are rules in SonarQube?

SonarQube executes rules on source code to generate issues.
There are four types of rules: Code Smell (Maintainability domain)
Bug (Reliability domain)
Vulnerability (Security domain)
Security Hotspot (Security domain)

SonarQube


What languages does SonarQube support?

SonarQube includes support for the programming languages Java (including Android), C#, C/C++, JavaScript, TypeScript, Python, Go, Swift, COBOL, Apex, PHP, Kotlin, Ruby, Scala, HTML, CSS, ABAP, Flex, Objective-C, PL/I, PL/SQL, RPG, T-SQL, VB.NET, VB6, and XML.

What does SonarQube mean ?

Sonar is a web-based performance analysis tool for Java projects based on Maven. This covers a wide range of quality control points including:
  • Possible Bugs
  • Duplications
  • Architecture & Development
  • Coding Codes
  • Complexity
  • Unit Testing, etc.
SonarQube (formerly Sonar) is an open-source framework developed by SonarSource for continuous inspection of software performance to conduct automated reviews in 20 + programming languages with static code analysis to find bugs, software smells, and security vulnerabilities.

SonarQube Interview Questions

Why should SonarQube be used ?

There are two ways you can delete a project:
  • If you have admin rights, then you can delete the project from its configuration actions.
  • You can also remove a project from the "Project Management" tab if you are a SonarQube administrator.


SonarQube Tutorials

What does SonarQube And SonarLint differ ?

  • SonarQube has a server associated with it.
  • SonarQube is a central server that processes full analyses which is triggered by the various SonarQube Scanners. Its purpose is to give a 360° vision of the quality of your code base. For this, it analyzes all the source lines of your project on a regular basis.
  • SonarQube is a server where you can host your projects and execute analysis

  • Sonar lint works more like a plugin.
  • SonarLint lives only in the IDE (IntelliJ, Eclipse and Visual Studio). Its purpose is to give instantaneous feedback as you type your code. For this, it concentrates on what code you are adding or updating.
  • SonarLint is an agent that allow us to connect with this SonarQube and execute the analysis remotely.

Both SonarLint and SonarQube rely on the same static source code analyzers - most of them being written using SonarSource technology. SonarQube also performs scans with 3rd party analyzers like findBugs, checkstyle, PMD etc where as SonarLint does not include those. SonarLint will not inherit those custom rules from SonarCube, secondly Sonar does not work on Test classes.

Is SonarQube Replacement for Checkstyle, PMD, FindBugs ?

  • Sonar will run CheckStyle, FindBugs and PMD, as well as a few other "plugins" such as Cobertura by default for Java projects. The main added value, however, is that it stores the history in a database.
  • Sonar uses these 3 tools as plugins and aggregates the data from all three giving addition value by showing graphs and such from these tools. So they are complementary to sonar.

SonarQube Runner vs Scanner ?

"Runner" is the old name for "Scanner".

What are SonarQube's Quality Profiles ?

  • Quality Profiles are a core component of SonarQube, since they are where you define sets of Rules that when violated should raise issues on your codebase.
  • Quality Profiles are defined for individual languages.

What are SonarQube's Quality Gates ?

Quality gate compliance is calculated as part of the analysis. Quality Gates can be defined as a set of threshold measures set on your project like Code Coverage, Technical Debt Measure, Number of Blocker/Critical issues, Security Rating/ Unit Test Pass Rate and more.To pass the Quality Gates, the project should pass through each of the thresholds set.

What is role of database in SonarQube ?

  • Architecture and Integration of SonarQube explains what happens with the installation of Sonar code scanner.
  • The database can be any relational \ database like Oracle, MySQL. and it is used to store the analysis results that can be displayed using the UI of the tool.


Define Sonar Architecture ?

Here we will have a look at sonarqube architecture.
sonar_architecture
SonarQube Architecture can be classified in four components

1. Sonar Scanner
2. Source Code
3. Sonar Analyzer
4. SonarQube Database
Architecture of SonarQube

How to use maven commands to evaluate the project's source code ?

Use maven commands to evaluate the project's source code