Boost your C/C++ Analysis with SonarQube & CPPDepend

Enhance Your C/C++ Code Analysis with the CppDepend SonarQube Plugin

Welcome to our comprehensive guide on integrating the CppDepend SonarQube plugin to enhance your C++ code analysis process. The CppDepend SonarQube plugin offers a seamless integration with SonarQube, a widely used platform for continuous inspection of code quality. By incorporating the powerful features of CppDepend into your SonarQube workflow, you'll benefit from improved code maintainability, reduced technical debt, and valuable insights into your codebase. Read on to learn more about the benefits of using the CppDepend SonarQube plugin and how to easily integrate it into your development process.

CppDepend offers a unique code query language called CQLinq, which allows developers, designers, and architects to treat the codebase like a database and create custom rules.

CQLinq enables users to merge data from code metrics, dependencies, API usage, and other model information to establish highly sophisticated rules.

Through CQLinq, CppDepend introduces the ability to effortlessly tailor code quality rules for SonarQube, and it facilitates two methods of collaboration with SonarQube:

  • CppDepend alongside the C++ SonarQube Community Plugin: This recommended integration allows you to take advantage of both CppDepend and the SonarQube Community Plugin's features. For guidance on this integration, refer to the SonarQube Community Integration documentation.
  • CppDepend Plugin in Standalone Mode: With this option, there's no need to install an additional C++ SonarQube plugin. For instructions on implementing this integration, consult the Standalone SonarQube Integration documentation.

CppDepend and SonarQube rule-sets are complimentary

Both CppDepend and SonarQube are static analyzers that offer a rule-based system to detect problems in C/C++ code. However the CppDepend default Rules-Set has very few overlap with the SonarQube rules

Basically the SonarQube rules are good at analyzing what is happening inside a method, the code flow while the CppDepend code model, on which the CppDepend rules are based, is optimized for a 360 view of particular higher-scale areas including OOP, dependencies, metrics, breaking changes, mutability, naming...

Concretely SonarQube rules can warn about problems like a reference that doesn't need to be tested for nullity because in the actual scope it cannot be null, while CppDepend can warn you about too complex classes or components, and offer advices about how to refactor to make the code cleaner and more maintainable.

Another point that makes the CppDepend ruling system unique is how easy it makes to write custom rules. With CppDepend a rule is a LINQ query, that queries a code model dedicated to code quality, edited live in Visual Studio, compiled and executed live at edition time.
Concretely, this piece of code below is a fully functional rule, could it be simpler?

// <Name>Classes must start with an I</Name>
warnif count > 0 
Application.Types.Where(t => t.IsClass && !t.SimpleName.StartsWith("C"))

When defining a custom rule with CppDepend, the user doesn't need to create a Visual Studio project, create a source file, step into the edit/compile/debug cycle, maintain a binary dll that requires effort to be shared, versioned and integrated.
With CppDepend custom rules are raw texts, embedded as XML CDATA into the CppDepend project or rule files. Also, the documentation and how-to-fix guidelines can be embedded in the rule source code as comments.

Also each CppDepend rule can present its issues with extra data that will help understanding the problem and fix it.
Moreover each rule can embed two C# formulas that attempt to estimate both the cost to fix the issue and the annual cost to let the issue unfixed, also called the technical-debt and the annual interest of the issue. Since these formulas rely on what really matter at fix time, this makes the debt estimations smart.

Finally, with CppDepend each rule is run in a few milli-seconds even on a large code base. As a consequence all rules can be passed in a few seconds (typically 2 or 3 seconds on a real-world code base), both in Visual Studio and in the Continuous-Integration system.
As a benefit, after each compilation and also at check-in time, the developer instantly knows about the new and fixed issues since the baseline, and the impact in terms of technical debt fixed or created.

CppDepend offers a wide range of features. It is often described as a Swiss Army Knife for C and C++ developers.

Start Free Trial