SonarQube Interview Questions and Answers (2024)
We will explore SonarQube questions asked in interviews.
What is SonarQube?
Why to use SonarQube?
What is difference between SonarQube And SonarLint?
Is SonarQube Replacement for Checkstyle, PMD, FindBugs?
What is difference between Sonar Runner and Sonar Scanner?
What is sonarqube quality profile?
What is sonarqube quality gates?
What is the use of Sonarqube database?
Describe the architecture of the Sonar.
Q: What is SonarQube?
Ans:
SonarQube is an open-source framework developed by SonarSource for continuous inspection of code
quality to conduct automated reviews of 20 + programming languages with static code analysis to identify
bugs, code bad smells and
security vulnerabilities.
Q: Why to use SonarQube?
Ans:
SonarQube increases productivity by allowing development teams to detect and muzzle duplication and
redundancy of code. SonarQube makes it easier for team members to reduce application size, code
complexity, time and cost of maintenance,
and make code easier to read and understand.
Q: What is difference between SonarQube And SonarLint?
Ans:
SonarLint:
- SonarLint exists only in the IDE (IntelliJ, Visual Studio and Eclipse).
- Its aim is to provide immediate feedback as you type in your code.
- It focuses on what code you add or update for this function.
- SonarLint is an agent that allow us to connect with this SonarQube and execute the analysis remotely.
- SonarQube is a central server which performs full analysis (triggered by the different SonarQube scanners).
- The purpose is to give your code base a 360 ° view of the quality. To this end, it periodically analyzes all of the source lines of your project.
Q: Is SonarQube Replacement for Checkstyle, PMD, FindBugs?
Ans:
By default for Java projects, Sonar will run CheckStyle, FindBugs and PMD, as well as a few other
"plugins" such as Cobertura . The main added advantage is that it stores the history in a database.
These 3 tools are used by Sonar as plugins and the data from all three of these tools is applied with a value that displays graphs.
Q: What is difference between Sonar Runner and Sonar Scanner?
Ans:
The old name for "Scanner" is "Runner."
All you need to know about the different SonarQube Scanners is available in the Scanners section of the official documentation.
You can use below option,if you are stuck to Java 7:
- SonarQube Runner (sonar-runner) up to version 5.5 of SonarQube
- SonarQube Scanner (sonar-scanner) 2.6.1
Q: What is sonarqube quality profile?
Ans:
Quality Profiles are a core component of SonarQube, since they are where you define a set of rules that, when violated, should
raise issues on your codebase (example:
methods should not have a Cognitive Complexity higher than 15). Quality Profiles are defined for each
language.
Checkout our related posts :
Q: What is sonarqube quality gates?
Ans:
Quality Gates are the best way to ensure standards are met and governed across all the
organization's projects. Quality Gates can be described as a collection of threshold measures set on
your project such as Code Coverage, Technical
Debt Measure, Number of Blocker / Critical Issues, Security Rating / Unit Test Pass Rate and more.
Q: What is the use of Sonarqube database?
Ans:
Sonar is a code quality checking tool. The database could be any relational database such as Oracle,
MySQL etc. And it is used to store the results of the analysis which can be viewed with the tool's UI.
Q: Describe the architecture of the Sonar.
Ans:
The core engine of the platform, Squid, is supported by additional code analyzers that Sonar organizes
together to measure quality.
The diagram below shows the top-level components of the platform and how they interact:
SonarQube Architecture consist of mainly 4 components:
- Sonar Scanner
- Source Code
- Sonar Analyzer
- SonarQube Database