Introduction
Understanding how your code is checked and secured can be tricky without knowing the right terms.
Here, we explain important terms about code quality, security checking, and improvement. Enhance your SonarQube knowledge and make code management easier. Let's learn together to make coding better and more secure.
SonarQube Terms
A
Analyzer: A client application that examines the source code to generate snapshots.
B
Bug: An issue indicating a flaw in the code that, if left unresolved, is likely to cause a breakdown, potentially at a critical juncture. Immediate attention is required to rectify this.
C
Clean Code: Code with characteristics that make your software reliable, secure, and easy to maintain.
Code smell: A maintainability-related issue in the code that, if not addressed, will hinder developers' ability to modify it effectively, potentially leading to increased complexity and additional errors.
D
Database: Stores configuration and snapshots.
I
Issue: When a code segment violates a rule, an entry is recorded in the snapshot, which can pertain to either a source file or a unit test file.
L
Lines of Code (LOC): This pertains to the count of physical lines containing characters other than whitespace, tabulation, or comments. Lines of Code (LOCs) are computed by summing up the LOCs for each analyzed project.
M
Measure: The metric value assigned to a specific file or project at a particular point in time. For instance, having 125 lines of code in class MyClass or a duplication line density of 30.5% in a project myProject can serve as a quantifiable indicator.
Metric: A form of measurement where metrics exhibit different values or measures that can change over time. Examples include lines of code, complexity, and more. A metric can be categorized as either qualitative, such as duplication line density or test coverage, or quantitative, like lines of code or complexity.
N
New code definition: A set of changes or a specific timeframe that you're closely monitoring for the introduction of new issues in the code. Ideally, this would be since the previous version, but if a versioning system like Maven is not used, you may need to define a time period, such as 21 days since a specific analysis, or reference a specific branch.
Q
Quality Profile: A collection of guidelines where each snapshot adheres to a unique quality profile.
R
Remediation Cost: Can also be referred to as cost. The projected duration needed to resolve vulnerabilities and reliability-related issues.
Rule: A coding standard or best practice that should be observed. Failure to comply with these rules can result in issues and problem areas. Adherence to these guidelines can be used as a metric to assess the quality of code files or unit tests.
S
Server: A web-based interface that allows users to explore snapshot data and make adjustments to the configuration.
Snapshot: A collection of metrics and problems identified within a specific project at a particular point in time. A snapshot is created for every analysis conducted.
Security hotspot: Security-critical code segments that require manual review. This process will either confirm that there is no threat or identify vulnerable code that needs to be addressed.
T
Technical Debt: The anticipated timeframe needed to address all maintainability issues and code quality concerns.
V
Vulnerability: A security-related issue that represents a potential entry point for malicious actors.