After getting our Gitlab CICD running again, we decided to use SonarQube for analysing our code and JaCoCo for the Code Coverage report. Our Gitlab Pipeline sends SonarQube our code and the code coverage report generated thanks to JaCoCo.
Here are some screenshots from our Job in the Pipeline.
And
And here SonarQube with Code Coverage
We decided to focus on Vunerabilities and Cognitive Complexity. Vulnerabilites are part of security metrics and Cognitive Complexity part of Complexity. SonarQube describes them as following:
- Security:
Issues in this domain mark potential weaknesses to hackers.
- Complexity:
How simple or complicated the control flow of the application is. Cyclomatic Complexity measures the minimum number of test cases required for full test coverage. Cognitive Complexity is a measure of how difficult the application is to understand
Here you can see our slight improvements after refactoring.
Cognitive Complexity
Vulnerabilites
So after following those measures, we made our code a bit more secure and less complex. Using these measurements helps us quite a lot, because it is faster and done automatically. With such tools we can gain more experience and understand our own code better.
On a sidenote. Codacy does not work with Gitlab for free. So if you have Gitlab and do want to use Codacy you need make your project public and pay for Codacy. That is why we didn’t use it in our CICD
The react Project 