ANALISIS QUALITY CODE MENGGUNAKAN SONARQUBE DALAM SUATU APLIKASI BERBASIS LARAVEL

Authors

  • Ajeng Febriana Rahmawati Universitas Kristen Satya Wacana
  • Yeremia Alfa Susetyo Fakultas Teknologi Informasi, Universitas Kristen Satya Wacana

DOI:

https://doi.org/10.24246/itexplore.v2i2.2023.pp99-103

Keywords:

analisis kode, standarisasi pengkodean, pelanggaran kode, SonarQube

Abstract

Analisis Kode Statis (Static Code Analysis) masuk ke dalam metode white box testing yang digunakan pada pengembangan aplikasi. Analisis ini dilakukan dengan cara mengevaluasi source code untuk mendeteksi pelanggaran kode apa saja yang terdapat dalam project aplikasi open source To Do List berbasis website menggunakan Laravel dan Vue.js. Proses analisis kode statis bertujuan memberikan pemahaman serta memastikan basic code pada project telah memenuhi standarisasi pengkodean yang telah ditetapkan. Teknik pengujian source code dilakukan melewati proses scanning pada project dengan standarisasi pengkodean yang telah ditetapkan dan diatur dalam Quality Gate SonarQube sebagai acuan untuk seberapa tinggi kualitas kode yang harus dilalui. Hasil analisis yang diperoleh melalui tool SonarQube menunjukkan pelanggaran kode yang ditemukan secara keseluruhan pada project To Do List dengan beberapa kategori issues, yaitu 4 bug, 2 security hotspots, 31 code smell, dan 117 duplicate lines of code dengan density sebesar 18,3% yang membutuhkan total waktu estimasi pengerjaan untuk perbaikan pelanggaran kode sebanyak 2 jam 35 menit.

Downloads

Download data is not yet available.

References

D. Marcilio, R. Bonifacio, E. Monteiro, E. Canedo, W. Luz, and G. Pinto, “Are static analysis violations really fixed? a closer look at realistic usage of sonarqube,” in IEEE International Conference on Program Comprehension, May 2019, vol. 2019-May, pp. 209–219. doi: 10.1109/ICPC.2019.00040.

D. Marcilio, C. A. Furia, R. Bonifácio, and G. Pinto, “SpongeBugs: Automatically generating fix suggestions in response to static code analysis warnings,” Journal of Systems and Software, vol. 168, Oct. 2020, doi: 10.1016/j.jss.2020.110671.

A. Habib and M. Pradel, “How many of all bugs do we find? A study of static bug detectors,” in ASE 2018 - Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, Sep. 2018, pp. 317–328. doi: 10.1145/3238147.3238213.

K. Liu et al., “Mining Fix Patterns for FindBugs Violations,” IEEE Transactions on Software Engineering, vol. 47, no. 1, pp. 1–24, 2020, [Online]. Available: https://github.com/mojohaus/nbm-maven-plugin

A. Mahandis Shama and D. W. Chandra, “Implementasi Static Application Security Implementasi Static Application Security Testing Menggunakan Jenkins CI/CD Berbasis Docker Container Pada PT. Emporia Digital Raya,” Jurnal Ilmiah Informatika (JIF), vol. 9, no. 2, pp. 1–5, 2021.

G. B. Imbugwa, L. J. P. De Araújo, M. Khazeev, E. Enombe, H. Saliu, and M. Mazzara, “A case study comparing static analysis tools for evaluating SwiftUI projects,” in Journal of Physics: Conference Series, Dec. 2021, vol. 2134, no. 1. doi: 10.1088/1742-6596/2134/1/012022.

C. Vassallo, S. Panichella, F. Palomba, S. Proksch, H. C. Gall, and A. Zaidman, “How Developers Engage with Static Analysis Tools in Different Contexts,” 2019.

C. Vassallo, S. Panichella, F. Palomba, S. Proksch, A. Zaidman, and H. C. Gall, “Context Is King: The Developer Perspective on the Usage of Static Analysis Tools,” 2018. [Online]. Available: https://gsuite.google.com/products/forms/

V. Lenarduzzi, N. Saarimäki, and D. Taibi, “Some SonarQube Issues have a Significant but SmallEffect on Faults and Changes. A large-scale empirical study,” Journal of Systems and Software, pp. 1–28, Aug. 2019, doi: 10.1016/j.jss.2020.110750.

M. I. Shiddiq, “IMPLEMENTASI WHITE BOX TESTING BERBASIS PATH PADA FORM LOGIN APLIKASI BERBASIS WEB,” Jurnal Siliwangi, vol. 8, no. 1, pp. 1–6, 2022.

“SonarQube 8.9.” https://docs.sonarqube.org/latest/ (accessed Nov. 24, 2023).

“SonarSource – Self-managed | SonarQube | Sonar.”, Accessed: Nov. 24, 2022. [Online]. Available: https://www.sonarsource.com/products/sonarqube/

“Laravel – The PHP Framework for Web Artisans.”, Accessed: Mar. 21, 2023. [Online]. Available: https:// https://laravel.com/

“Vue.js – The Progressive JavaScript Framework.”, Accessed: Nov. 24, 2022. [Online]. Available: https://vuejs.org/guide/introduction.html/

“PostgreSQL.”, Accessed: Nov. 21, 2022. [Online]. Available: https://www.postgresql.org/about/

S. Kawuma, E. Nabaasa, D. B. Sabiiti, and V. Mabirizi, “An Empirical Study of Bugs in Eclipse Stable Internal Interfaces,” Indian Journal of Software Engineering and Project Management (IJSEPM) 1 , pp. 1–7, 2021, [Online]. Available: www.ijsepm.latticescipub.com

K. Filus, P. Boryszko, J. Domańska, M. Siavvas, and E. Gelenbe, “Efficient feature selection for static analysis vulnerability prediction,” Sensors (Switzerland), vol. 21, no. 4, pp. 1–25, Feb. 2021, doi: 10.3390/s21041133.

I. R. Onyenweaku, M. S. Brown, M. Pelosi, and M. H. Shahine, “A SonarQube Static Analysis of the Spectral Workbench,” International Journal of Natural Science and Reviews, vol. 6, no. 16, pp. 1–15, 2021.

B. Barta, G. Manz, I. Siket, and R. Ferenc, “Challenges of SonarQube Plug-In Maintenance,” in SANER ’19 : proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering, 2019, pp. 574–578.

M. J. Salamea and C. Farre, “Influence of Developer Factors on Code Quality: A Data Study,” in Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019, Jul. 2019, pp. 120–125. doi: 10.1109/QRS-C.2019.00035.

I. Tollin, F. A. Fontana, M. Zanoni, and R. Roveda, “Change prediction through coding rules violations,” in ACM International Conference Proceeding Series, Jun. 2017, vol. Part F128635, pp. 61–64. doi: 10.1145/3084226.3084282.

V. Lenarduzzi, F. Lomio, H. Huttunen, and D. Taibi, “Are SonarQube Rules Inducing Bugs?,” in SANER ’20 : proceedings of the 2020 IEEE 27th International Conference on Software Analysis, Evolution, and Reengineering, 2021, pp. 501–511.

F. Lomio, S. Moreschini, and V. Lenarduzzi, “A machine and deep learning analysis among SonarQube rules, product, and process metrics for fault prediction,” Empir Softw Eng, vol. 27, no. 7, Dec. 2022, doi: 10.1007/s10664-022-10164-z.

M. Tufano et al., “When and Why Your Code Starts to Smell Bad (and Whether the Smells Go Away),” IEEE Transactions on Software Engineering, 2018, [Online]. Available: https://projects.apache.org/indexes/quick.html

F. Palomba, G. Bavota, M. Di Penta, F. Fasano, R. Oliveto, and A. De Lucia, “A large-scale empirical study on the lifecycle of code smell co-occurrences,” Inf Softw Technol, vol. 99, pp. 1–10, Jul. 2018, doi: 10.1016/j.infsof.2018.02.004.

M. T. Baldassarre, V. Lenarduzzi, S. Romano, and N. Saarimäki, “On the diffuseness of technical debt items and accuracy of remediation time when using SonarQube,” Inf Softw Technol, vol. 128, Dec. 2020, doi: 10.1016/j.infsof.2020.106377.

N. Saarimaki, M. T. Baldassarre, V. Lenarduzzi, and S. Romano, “On the Accuracy of SonarQube Technical Debt Remediation Time,” in Proceedings - 45th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2019, Aug. 2019, pp. 317–324. doi: 10.1109/SEAA.2019.00055.

Downloads

Published

2023-06-11

How to Cite

Rahmawati, A. F., & Susetyo, Y. A. (2023). ANALISIS QUALITY CODE MENGGUNAKAN SONARQUBE DALAM SUATU APLIKASI BERBASIS LARAVEL. IT-Explore: Jurnal Penerapan Teknologi Informasi Dan Komunikasi, 2(2), 99–103. https://doi.org/10.24246/itexplore.v2i2.2023.pp99-103