Difference between revisions of "Testing Tools: Visual Code Grepper, Coverity, SonarQube"
| Line 32: | Line 32: | ||
=== SonarQube === | === SonarQube === | ||
is an open source comprehensive code quality assurance tool that conducts static and dynamic analysis on over 30 programming languages. Its key features include code smell detection, security vulnerabilities, and analysis of code duplications. Through continuous inspection, it provides recommendations on code formatting, computes metrics for code quality, and offers static code analysis to detect errors in programs. The dynamic code analysis component covers aspects such as code coverage, memory error detection, fault localization, security analysis, concurrency errors, program slicing, and performance analysis. Utilizing SonarQube brings several benefits, including early detection of code issues, improved code maintainability, enhanced security through vulnerability detection, and the reduction of technical debt, making it an essential tool for developers aiming to ensure robust and high-quality code in their projects. | is an open source comprehensive code quality assurance tool that conducts static and dynamic analysis on over 30 programming languages. Its key features include code smell detection, security vulnerabilities, and analysis of code duplications. Through continuous inspection, it provides recommendations on code formatting, computes metrics for code quality, and offers static code analysis to detect errors in programs. The dynamic code analysis component covers aspects such as code coverage, memory error detection, fault localization, security analysis, concurrency errors, program slicing, and performance analysis. Utilizing SonarQube brings several benefits, including early detection of code issues, improved code maintainability, enhanced security through vulnerability detection, and the reduction of technical debt, making it an essential tool for developers aiming to ensure robust and high-quality code in their projects. | ||
[[File:12.png]] | |||
[[File:13.png]] | |||
[[File:14.png]] | |||
[[File:15.png]] | |||
[[File:16.png]] | |||
[[File:17.png]] | |||
[[File:18.png]] | |||
== References == | == References == | ||
Revision as of 19:37, 16 January 2024
Summary
This documentation gives insights about Visual Code Grepper, Coverity, and SonarQube- some testing tools used in software development for various purposes. Visual Code Grepper helps with code search and pattern matching. Coverity is a static application security testing (SAST) tool that identifies vulnerabilities in source code. SonarQube is a platform for continuous inspection of code quality, providing insights into code issues, security vulnerabilities, and more.
Requirements
- Operating system: Windows
- Git: https://github.com/nccgroup/VCG (Visual Code Grepper v2.3.2)
- sonarqube-10.3.0.82913.zip
Description
Visual Code Grepper (VCG)
is an open source tool designed for searching and analyzing source code. It helps developers locate specific code patterns, snippets, or identifiers within their codebase. VCG supports multiple programming languages like C, C++, C#, VB, PHP, Java, PL/SQL, and COBOL and allows users to perform complex searches using regular expressions.The config files can be used to carry out additional checks for banned functions or functions which commonly cause security issues.This tool is useful for code maintenance, refactoring, and understanding code structures in large projects.
Step 1
Clone the git repository using git clone https://github.com/nccgroup/VCG.git in the command prompt of Windows.Change the directory to VCG\VCG-Setup\Release and run setup.exe.Install the VCG app in your system.
Step 2
Open the VCG app and from the dropdown list select the desired programming language.In the File menu,select the targetted File or directory.
Step 3
Go to scan menu,and there you can find different type of scan.Select Full Scan if you want to scan all components.Optionally we can select Code Breakdown which will list and graph all scan results.
Coverity
developed by Synopsys, is a commercial robust software analysis tool designed to identify and rectify security vulnerabilities, defects, and code quality issues in source code during the development process. Leveraging advanced static analysis techniques, it thoroughly examines the codebase for potential risks, offering insights into critical areas such as memory leaks, buffer overflows, and other common programming errors.Using sophisticated algorithms and a deep understanding of programming languages (like Apex, C/C++, C#, CUDA, Java#, JavaScript, PHP, Python, .NET Core, ASP.NET, Objective-C, Go, JSP, Ruby, Swift, Fortran, Scala, VB.NET, iOS, Android, TypeScript, Kotlin), it identifies issues such as null pointer dereferences, resource leaks, and concurrency problems, allowing developers to address potential problems before they manifest into critical issues. The tool not only helps developers enhance the overall reliability and security of their software but also facilitates early bug detection, ultimately contributing to the creation of more robust and efficient applications.
SonarQube
is an open source comprehensive code quality assurance tool that conducts static and dynamic analysis on over 30 programming languages. Its key features include code smell detection, security vulnerabilities, and analysis of code duplications. Through continuous inspection, it provides recommendations on code formatting, computes metrics for code quality, and offers static code analysis to detect errors in programs. The dynamic code analysis component covers aspects such as code coverage, memory error detection, fault localization, security analysis, concurrency errors, program slicing, and performance analysis. Utilizing SonarQube brings several benefits, including early detection of code issues, improved code maintainability, enhanced security through vulnerability detection, and the reduction of technical debt, making it an essential tool for developers aiming to ensure robust and high-quality code in their projects.
File:12.png File:13.png File:14.png File:15.png File:16.png File:17.png File:18.png
References
https://github.com/nccgroup/VCG
https://www.crestdatasys.com/blogs/an-introduction-on-using-sonarqube/
https://www.devopsschool.com/blog/what-is-sonarqube-and-how-it-works-an-overview-and-its-use-cases/