Hi folks,

In this post I will talk about an interesting tool you can use to monitor the quality of your code base when doing software development. The tool is called SonarQube. SonarQube is an open-source platform created by SonarSource and helps with continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells and vulnerabilities. It supports 17 programming languages.

I really like SonarQube because it can help you write more secure and robust code. It’s web user interface is also quite intuitive to use. It highlights issues and gives suggestions on how to fix them, which is pretty helpful.

You can integrate SonarQube checks into your continuous integration pipeline to do code quality checks automatically when code is merged into certain branches or on pushing code into certain branches of your repository. You can set thresholds for various parameters like bugs, vulnerabilities that can be present in a build before failing the build.

There is a community edition of the software, which is free. There are also other paid versions e.g. Developer, Enterprise and Data Center editions.

Thus, if your team really cares about monitoring code quality, I highly recommend SonarQube. That’s all for now. Till next time, happy software development.

References

SonarQube. Wikipedia. https://en.wikipedia.org/wiki/SonarQube.

Dowloads | SonarQube. https://www.sonarqube.org/downloads/.

Hi folks,

In this post I will discuss a security tip. If your web application uses Git for version control, then there would usually be a .git folder in the project’s root folder. Here’s a quick way to prevent users from accessing details under your .git folder from a web browser.

Implement a 404 redirect for any request starting with /.git.

If you use Apache web server and your project users a .htaccess file, you can do this by adding a simple rule to your .htaccess file as follows:

RedirectMatch 404 /\.git

That’s all for now. Happy software development.