SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

OverOps Details SonarQube Integration

March 19, 2020

OverOps introduced a new integration with static analysis tool SonarQube. The plugin allows mutual customers, including some of the largest banks in the United States, to leverage the combined power of static and runtime analysis to detect critical code issues before they get to production. As pressure to move fast increases, OverOps and SonarQube enable application teams to ensure the quality of their software, and release code with confidence, avoiding costly production outages.

"In today's software delivery landscape, quality and development velocity are frequently at odds, and the stakes for errors in production have never been higher," said Krish Subramanian, Chief Analyst, Rishidot Research. "Static and dynamic analysis are both essential to an effective shift left strategy and to preventing major outages. The combination of products like OverOps and SonarQube in a CI/CD environment is a powerful way to ensure both quality and speed simultaneously."

Static code analysis tools like SonarQube have emerged as a critical component in many organizations' shift left quality initiatives. By examining an application's source code against a given set of rules or coding standards before a program is run, SonarQube users are able to detect code vulnerabilities and code smells, ensuring adherence to commonly accepted coding guidelines. OverOps complements this approach by analyzing code as it executes to identify critical runtime errors and capture rich event data and variables from the point of failure. The new plugin feeds this data into the SonarQube platform, allowing users to enhance their existing quality gates and arm developers with the complete context needed to resolve these issues quickly.

"While traditional testing methods do a good job of catching many errors, they are restricted by their reliance on foresight. You can only detect what you build a test case for, missing out on all the runtime activity that happens in the background," said Chen Harel, co-founder and VP of Product at OverOps. "OverOps' integration with SonarQube ensures that all critical issues with the greatest potential for impact in production are caught and addressed long before they are able to reach your users."

When SonarQube users install the OverOps plugin, it automatically creates an OverOps event rule for Java code based on new, critical, resurfaced and unique runtime errors. When a quality gate fails a release based on these criteria, users can view the issues directly within their SonarQube dashboard and immediately gain insight into the severity of the issue. OverOps also provides a direct link to the event analysis containing the full context behind the error, including the stack trace, variable state, system state and more without requiring foresight or code changes. With this rich data, developers can quickly reproduce the most critical runtime issues, resolve them and promote the code without significant impact to release schedules.

Terms of Use | Copyright 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement