C/C++ Plugin for SonarQube
CppDepend provides a code query language named CQLinq to query the code base like a database. Developers, designers and architects could define their custom rules.With CQlinq we can combine the data from the code metrics, dependencies, API usage and other model data to define very advanced rules.
Thanks to CQLinq, CppDepend brings to SonarQube the possibility to customize easily the code quality rules, and provides two ways to collaborate with SonarQube:
- CppDepend side by side with the C++ SonarQube community plugin: It's the recommended integration because you benefit from the features of both CppDepend and the SonarQube community plugin.
To achieve this integration you can refer to the SonarQube community integration documentation. - CppDepend plugin in a standalone mode: In this case no need to install another C++ SonarQube plugin.
To achieve this integration, you can refer to the standalone SonarQube integration documentation.
CppDepend and SonarQube rule-sets are complimentary
Both CppDepend and SonarQube are static analyzers that offer a rule-based system to detect problems in C/C++ code. However the CppDepend default Rules-Set has very few overlap with the SonarQube rules
Basically the SonarQube rules are good at analyzing what is happening inside a method, the code flow while the CppDepend code model, on which the CppDepend rules are based, is optimized for a 360 view of particular higher-scale areas including OOP, dependencies, metrics, breaking changes, mutability, naming...
Concretely SonarQube rules can warn about problems like a reference that doesn't need to be tested for nullity because in the actual scope it cannot be null, while CppDepend can warn you about too complex classes or components, and offer advices about how to refactor to make the code cleaner and more maintainable.
Another point that makes the CppDepend ruling system unique is how easy it makes to write custom rules.
With CppDepend a rule is a LINQ query, that queries a code model dedicated to code quality,
edited live in Visual Studio, compiled and executed live at edition time.
Concretely, this piece of code below is a fully functional rule, could it be simpler?
// <Name>Classes must start with an I</Name>
warnif count > 0
Application.Types.Where(t => t.IsClass && !t.SimpleName.StartsWith("C"))
When defining a custom rule with CppDepend, the user doesn't need to create a Visual Studio project, create a source file, step into the edit/compile/debug cycle, maintain a binary dll that requires effort to be shared, versioned and integrated.
With CppDepend custom rules are raw texts, embedded as XML CDATA into the CppDepend project or rule files. Also, the documentation and how-to-fix guidelines can be embedded in the rule source code as comments.
Also each CppDepend rule can present its issues with extra data that will help understanding the problem and fix it.
Moreover each rule can embed two C# formulas that attempt to estimate both the cost to fix the issue and the annual cost to let the issue unfixed,
also called the technical-debt and the annual interest of the issue.
Since these formulas rely on what really matter at fix time, this makes the debt estimations smart.
Finally, with CppDepend each rule is run in a few milli-seconds even on a large code base.
As a consequence all rules can be passed in a few seconds (typically 2 or 3 seconds on a real-world code base), both in Visual Studio and in the Continuous-Integration system.
As a benefit, after each compilation and also at check-in time, the developer instantly knows about the new and fixed issues since the baseline, and the impact in terms of technical debt fixed or created.