Top SonarQube Interview Questions (2020) | CodeUsingJava

SonarQube interview questions for experienced as well as freshers

What does SonarQube mean ?

Sonar is a web-based performance analysis tool for Java projects based on Maven. This covers a wide range of quality control points including:
  • Possible Bugs
  • Duplications
  • Architecture & Development
  • Coding Codes
  • Complexity
  • Unit Testing, etc.
SonarQube (formerly Sonar) is an open-source framework developed by SonarSource for continuous inspection of software performance to conduct automated reviews in 20 + programming languages with static code analysis to find bugs, software smells, and security vulnerabilities.

SonarQube Interview Questions

Why should SonarQube be used ?

There are two ways you can delete a project:
  • If you have admin rights, then you can delete the project from its configuration actions.
  • You can also remove a project from the "Project Management" tab if you are a SonarQube administrator.

SonarQube Tutorials

What does SonarQube And SonarLint differ ?

  • SonarQube has a server associated with it.
  • SonarQube is a central server that processes full analyses which is triggered by the various SonarQube Scanners. Its purpose is to give a 360° vision of the quality of your code base. For this, it analyzes all the source lines of your project on a regular basis.
  • SonarQube is a server where you can host your projects and execute analysis

  • Sonar lint works more like a plugin.
  • SonarLint lives only in the IDE (IntelliJ, Eclipse and Visual Studio). Its purpose is to give instantaneous feedback as you type your code. For this, it concentrates on what code you are adding or updating.
  • SonarLint is an agent that allow us to connect with this SonarQube and execute the analysis remotely.

Both SonarLint and SonarQube rely on the same static source code analyzers - most of them being written using SonarSource technology. SonarQube also performs scans with 3rd party analyzers like findBugs, checkstyle, PMD etc where as SonarLint does not include those. SonarLint will not inherit those custom rules from SonarCube, secondly Sonar does not work on Test classes.

Is SonarQube Replacement for Checkstyle, PMD, FindBugs ?

  • Sonar will run CheckStyle, FindBugs and PMD, as well as a few other "plugins" such as Cobertura by default for Java projects. The main added value, however, is that it stores the history in a database.
  • Sonar uses these 3 tools as plugins and aggregates the data from all three giving addition value by showing graphs and such from these tools. So they are complementary to sonar.

SonarQube Runner vs Scanner ?

"Runner" is the old name for "Scanner".

What are SonarQube's Quality Profiles ?

  • Quality Profiles are a core component of SonarQube, since they are where you define sets of Rules that when violated should raise issues on your codebase.
  • Quality Profiles are defined for individual languages.

What are SonarQube's Quality Gates ?

Quality gate compliance is calculated as part of the analysis. Quality Gates can be defined as a set of threshold measures set on your project like Code Coverage, Technical Debt Measure, Number of Blocker/Critical issues, Security Rating/ Unit Test Pass Rate and more.To pass the Quality Gates, the project should pass through each of the thresholds set.

What is role of database in SonarQube ?

  • Architecture and Integration of SonarQube explains what happens with the installation of Sonar code scanner.
  • The database can be any relational \ database like Oracle, MySQL. and it is used to store the analysis results that can be displayed using the UI of the tool.

Define Sonar Architecture ?

Here we will have a look at sonarqube architecture.
SonarQube Architecture can be classified in four components

1. Sonar Scanner
2. Source Code
3. Sonar Analyzer
4. SonarQube Database
Architecture of SonarQube

How to use maven commands to evaluate the project's source code ?

Use maven commands to evaluate the project's source code