sonar-maven-checks

- Plugin for Sonar -
Lars K.W. Gohlke

supported by

initiale use-case

software aging

make it visible

status quo

software projects have many dependencies,
which are evolving continuously

 
software ages, without any notice

why is this a problem?

  • software consists of loose coupled modules
  • coupling with versions
  • modules evolving in different directions
  • results in incompatibilities
    • e.g. database fails
    • e.g. data mapping crashes
    • e.g. unresolved security issues

Still unsolvable problems for us nowadays?

solutions

  • option 1: checking manually
  • option 2: notifying of updates
  • option 3: automatic updates

info: option 2 is implemented

option 1:

checking manually

  • time-consuming
  • tedious
  • easy to be overseen

 

option 2:

notifying of updates

  • plugin for sonar
  • updates as violations

sonar

sonar is an open platform
to manage code quality.

architecture

sonar plugin

based on versions maven plugin http://mojo.codehaus.org/versions-maven-plugin

versions maven plugin


$ mvn versions:display-dependency-updates
[..]
[INFO] The following dependencies [..] have newer versions:
[INFO] org.projectlombok:lombok ..................... 0.11.6
[INFO] org.testng:testng ............................ 6.8.1
[..]
                        

screenshots - violations

screenshots - violation details

screenshots - quality profile

screenshots - violation config

limitations

  • only applicable with sonar-maven-plugin
  • not mit maven2

plugin architecture

more maven plugins integratable

information

option 3:

automatic updates

wrapping this pretty
$ mvn versions:use-next-versions

ideas:

  • iterative CI runs with new version
  • commit after last successful run
  • whitelists/blacklist filter

Let the machines do the work!

automatic updates

Who joins?

Questions?

contact

THE END

BY Lars K.W. Gohlke / www.lgohlke.de