What is Technical Debt?

(also known as design debt or code debt) is a concept in software development that reflects the implied cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer.

What is YDD?

is also refering to a branch in programming known as YOLO DRIVEN DEVELOPMENT.

YDD Guidelines

• # Do not refactor, it is a bad practice. YOLO
• # Not understanding why or how something works is always good. YOLO
• # Do not ever test your code yourself, just ask. YOLO
• # No one is going to read your code, at any point don't comment. YOLO
• # Why do it the easy way when you can reinvent the wheel? Future-proofing is for weak. YOLO
• # Do not read the documentation. YOLO
• # Do not waste time with gists. YOLO
• # Do not write specs. YOLO also matches to YDD (YOLO DRIVEN DEVELOPMENT)
• # Do not use naming conventions. YOLO
• # Paying for online tutorials is always better than just searching and reading. YOLO
• # You always use production as an environment. YOLO
• # Don't describe what you're trying to do, just ask random questions on how to do it. YOLO
• # Don't indent. YOLO
• # Version control systems are for weak. YOLO
• # Developing on a system similar to the deployment system is for weak! YOLO
• # I don't always test my code, but when I do, I do it in production. YOLO
• # Real men deploy with ftp. YOLO

What is Rubber duck debugging?

is a method of debugging code in which a programmer would carry around a rubber duck and debug their code by forcing themselves to explain it, line-by-line, to the duck.

Continuous Inspection

SonarQube provides the capability to not only show health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality systematically.

Overall health

Your project home page shows where you stand in terms of quality in a glimpse of an eye. This main page also shows you an immediate sense of the good results achieved over time.

Focus on the Leak

The water leak paradigm is a simple yet powerful way to manage code quality: quality of new - changed and added - code should be put under control before anything else.

Enforce Quality Gate

With SonarQube, a developer has everything at hand to take ownership of the quality of his code. To fully enforce a code quality practice across all teams, you need to set up a Quality Gate.

Analyze pull requests

Once you have SonarQube in place, you will quickly want to make sure you add as few issues as possible to your code base.

Dig into issues

The "Issues" page of your project gives you full power to analyze in detail what the main issues are, where they are located, when they were added to your code base and who originally introduced them.

Highlight hot spots

SonarQube treats test coverage and duplications, two of the major software quality problems, as first class citizens. The "Measures" page lets you browse your project in different ways to highlight files that need your attention.

Detect Tricky Issues

Code analyzers are equipped powerful path sensitive dataflow engines to detect tricky issues such as null-pointers dereferences, logic errors, resource leaks, etc...

Detect Bugs

Issues raised by SonarQube are on either demonstrably wrong code, or code that is more likely not giving the intended behavior. Examples include null-pointer dereferences, memory leaks, and logic errors.

Code Smells

"Smelly" code does (probably) what it should, but it will be difficult to maintain. In the worst cases, it will be so confusing that maintainers can inadvertently introduce bugs.

Security Vulnerability

It's probably Pollyanna-ish to think you’ll never be targeted by hackers. When you are, what vulnerabilities will they find in your system? SonarQube helps you find and track the insecurities in your code. Examples include SQL injection, hard-coded passwords and badly managed errors.

Activate The Rules You Need

SonarQube code analyzers include default Quality Profiles that offer strong value with non-controversial rule sets. The default Quality Profiles will work for most projects, but you can easily tune them to fully match your needs.

Explore All Execution Paths

SonarQube relies on several path-sensitive dataflow engines and thus code analyzers explore all possible execution paths to spot the trickiest bugs. Even a simple function containing only 10 different branches might lead to 100 different possible execution paths at runtime.

20+ Programming Languages

With SonarQube comes a code analyzer for each major programming language. Each analyzer provides numerous rules to spot general and language-specific quality issues.

Multi-Language Projects

Applications often use several programming languages at once, for example [C#, C++ and JavaScript] or [Java, JavaScript and HTML]. SonarQube automatically detects these languages and invokes the corresponding analyzers.

Languages Consistency

When switching from one language to another, the user experience remains consistent, with the same way to describe and tag rules, report issues, evaluate remediation effort…

Centralize Quality

One place to provide a shared vision of code quality for developers, tech leads, managers and executives in charge of a few to a few thousands projects and also to act as a toll gate for application promotion or release.

All projects in one place

Getting everyone on a team on the same page about quality is hard enough. What happens when you expand the scope to a department or an entire organization? SonarQube enables you to centralize and scale a single vision of code quality.

Shared rulesets

SonarQube offers a central place to view and define the rules used during analysis of projects. These rulesets are organized in quality profiles. Every member of the organization can see which rules are applied to their project.

Unified Quality Gate

SonarQube provides out-of-the-box a default Quality Gate focusing on the Leak concept. This means that the same requirements will be applied across the board to every project - greenfield and legacy; in-house, out-source and off-shore.

Cross projects services

Most services are available cross projects. For example, as a developer you can use the issues service to get all new issues assigned to you - across projects - so that you can concentrate on your work.

Risk-based views

Executives will use aggregated dashboards which come as part of the Governance product not only to get the big picture about quality of projects but also to assess their risk: Reliability, Security, and Maintainability; as well as the overall Releasability (Quality Gate adherence).

DevOps Integration

SonarQube integrates with the entire DevOps toolchain including build systems, CI engines, promotion pipelines... using webhooks and its comprehensive RestAPI.

Build Systems

For dynamic languages like JavaScript, PHP, Python, … executing an analysis is as easy as feeding SonarQube with a bunch of source files.

CI Engines

Native integrations with build systems let you easily schedule the execution of an analysis from all CI engines: Jenkins, VSTS, TFS, Travis-CI… Don’t worry if your CI engine isn’t listed here, integration effort will be minimum.

Pass/Fail Notification

Once an analysis is done, a report is sent to the SonarQube server to be integrated. At the end of this integration, a standard webhook mechanism lets you notify any external system to do whatever you want: trigger an alarm, update a wallboard, notify a chat room.

Full Web API

As part of the overall development ecosystem, the SonarQube Web API can be used to automatically provision a SonarQube project, feed a BI tool, monitor SonarQube, etc. Morever the list and definition of all the Web API is built in SonarQube.

Promotion Pipelines

Using webhooks, SonarQube can be integrated as a promotion step in your delivery pipelines. This way, you can make sure that only artifacts that pass the Quality Gate will be released and deployed to production.