LeanIX now provides an out-of-the-box integration to SonarQube for code quality management. Available as of today, the integration to LeanIX Value Stream Management (VSM) offers engineering managers faster methods to reduce technical debt and uncover structural problems inside software artifacts.
SonarQube is a code review tool for automated static code analysis rules and the detection of bugs, vulnerabilities, and code smells in source code. Used by 200,000+ developers worldwide and offering static code analysis across 27 programming languages, SonarQube integrates with existing workflow for continuous code inspection across project branches and pull requests.
In addition to GitHub, Azure Pipelines, Jenkins, Kubernetes, and other key tools in the software development stack, the integration to SonarQube adds to LeanIX MI’s ever-growing ecosystem.
Reducing technical debt
In detail, the integration between LeanIX VSM and SonarQube makes it possible to track code analysis and related violation rules (e.g., bug, vulnerability, code smell, etc.) over time in LeanIX. This allows engineering managers and development teams to compare insights on violations and code smell with DORA metrics and the bounded context of software artifacts. This helps teams establish a baseline to assess and make investment decisions.
To put this integration into context, here are two examples:
- On a service-level, engineering managers can determine how many violations exist and, depending on the service’s recent delivery performance, refactor if needed.
- On an organization-level, engineering managers can quickly detect whether a certain rule is violated, how often, and which services in a landscape are affected. Examples might include identifying, mitigating, and tracking a deprecated license version posing a security risk.
Granular analysis of rules in SonarQube itself is enabled via direct links within LeanIX.
Uncovering structural problems
The integration streamlines the process of uncovering and visualizing the structural problems appearing in all company software artifacts. This also makes it simpler for engineering managers to see whether issues occur repeatedly throughout landscapes. In turn, development teams can be empowered to avoid this type of issue to improve the quality and reliability of software overall.
Always up to date
All prevailing issues are updated following each deployment to ensure an up-to-date overview of the quality and security of the code base of all software artifacts.