FREE Delivery in the UK.
Only 2 left in stock (more on the way).
Dispatched from and sold by Amazon.
Gift-wrap available.
SonarQube in Action has been added to your Basket
+ £2.80 UK delivery
Used: Like New | Details
Condition: Used: Like New
Comment: 100% Money Back Guarantee. Brand New, Perfect Condition, FAST SHIPPING TO UK 2-9 business days, all other destinations please allow 4-14 business days for delivery. Over 1,000,000 customers served.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

SonarQube in Action Paperback – 14 Nov 2013

See all formats and editions Hide other formats and editions
Amazon Price New from Used from
"Please retry"
£17.60 £17.76
£31.99 FREE Delivery in the UK. Only 2 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.

Frequently Bought Together

SonarQube in Action + Jenkins: The Definitive Guide
Price For Both: £61.98

Buy the selected items together

Product details

  • Paperback: 392 pages
  • Publisher: Manning Publications; 1 edition (14 Nov. 2013)
  • Language: English
  • ISBN-10: 1617290955
  • ISBN-13: 978-1617290954
  • Product Dimensions: 18.7 x 2 x 23.5 cm
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 741,988 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, and more.

Product Description

About the Author

G. Ann Campbell has 15 years of experience in Perl, C, C++, Java, and Web technologies on variously sized and organized teams, and has spent far too much time doing code quality the hard way without SonarQube.

Patroklos P. Papapetrou is a Java architect, an experienced software developer, and an agile team leader. He is also an active SonarQube community member and contributor.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

4.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See the customer review
Share your thoughts with other customers

Most Helpful Customer Reviews

Format: Paperback Verified Purchase
Good coverage of both the mechanics of using SonarQ as well as reasoning about which, from the large number of available metrics, are worth most attention. Similarly some useful discussion around strategies for improving code quality. Well worth the money.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on (beta) 7 reviews
3 of 3 people found the following review helpful
An ideal reference for an ideal tool 20 Jan. 2014
By Jerry Tan - Published on
Format: Paperback
SonarQube in Action is an ideal reference for using this tool to start measuring and managing technical debt in your projects. It examines how the tool enables Continuous Inspection of your software, and how it empowers you to view your code through the prism of the Seven Axes of Quality, which are: potential bugs; coding rules; tests; duplications; comments; architecture and design; and complexity.

The book is divided into 3 parts. Part 1 explores the metrics for each of the seven axes. Part 2 describes strategies for integrating the tool into your software development lifecycle. Finally, Part 3 examines administrative details as well as customizing and extending the tool.

Ideally, you should already be familiar with software quality metrics. For instance, the first time LCOM4 is discussed, you find the acronym just plops into your lap without much by way of introduction. Later in the book, however, it is explained in more detail, along with many other metrics, such as RFC (Response for Class) and DIT (Depth in Tree).

What I liked are the minutiae of procedural details in accomplishing a task, so it's very easy to follow along as you're exploring features of the tool that are under discussion.

Having said that, however, I can also see how this might become a potential liability over time as certain details become dated. As the tool evolves between versions, or as underlying platforms get upgraded, this increases the likelihood that certain details on how to perform a task may change.

For instance, as I was following the instructions for installing and running the tool, I had to tinker a bit and deviate from the text.

Ultimately, I had to resolve an issue by explicitly creating the "Temp" directory, even though the book said you didn't need to do that because the tool would create it for you. When I took a closer look, however, I noticed the book's instructions were for Windows 7, while I was using Windows 8.

But that's exactly my point.

Another thing I liked are the best practices which the authors share on how to use the tool to make the metrics it measures more meaningful for your own projects.

For instance, just because you now have a whole slew of metrics at your disposal on a dashboard, doesn't necessarily mean you have to freak out and try to fix everything all at once.

I also liked the practical advice the authors share on how to socialize the practice of Continuous Inspection with your peers - as well as garnering support from management - to ensure you secure the buy-in that will be absolutely critical for successful adoption.

What will always remain much more elusive and challenging, however, is the tougher nut to crack when your shop has already adopted a software quality metric tool other than SonarQube.

In those cases, it seems the most you can do is stress how much more comprehensive SonarQube is as it encompasses seven different aspects ("axes" in SonarQube-speak) of software quality - whereas other tools typically fall short of offering this breadth of coverage.

Nonetheless, it will be an uphill battle to unseat an incumbent with vested interests in your shop.

One thing I would have liked to see - but which is missing - is a discussion on the merits of static versus dynamic analysis. While SonarQube is a static analysis tool, it seems to me at least one of the Seven Axes of Quality which it measures would conceivably benefit from a discussion of the merits of dynamic analysis vis-à-vis static analysis, and that's the axis pertaining to integration testing coverage.

Another thing I would have liked to see is a much more detailed discussion on how to extend the tool by developing your own plug-in's, specifically to add support for new languages using the SSLR (SonarSource Language Recognizer).

While the book does devote a section to plug-in development, there is very little detail on how to use the SSLR to parse a new source language - though the authors do hint that it's possible this section may be expanded further in future editions of the book.

If so, that would be a welcome and important addition.

On a more personal note, I'd also like to say that the authors will - on rare occasion - indulge in a bit of light-hearted commentary in order to enliven the discussion of what would otherwise just be technical matters that - while chock-full of utility - can sometimes become a bit cut-and-dry if it just continuously drones on and on monotonously. To that end, there is one particular moment of levity where Uri Geller makes an unexpected cameo appearance.

And there a handful of other nuggets just like that - sprinkled judiciously here and there throughout the text - which adds a memorable touch when you stumble upon them.

In closing, the 2 authors are active members of the SonarQube (formerly Sonar) open source community, and their expertise clearly shows throughout these pages. Their level of mastery of the subject matter is impressive, and serves to make this book a trusted reference.

I recommend this book to anyone interested in SonarQube and software quality metrics.
1 of 1 people found the following review helpful
A great resource to help improve coding deliverables! 16 Jan. 2014
By Craig S Connell - Published on
Format: Paperback
My initial interest in this book stemmed from the fact that we had just installed SonarQube and were beginning to collect some project data but had yet to really use any of the information. I hoped that I would learn some effective ways to set up projects in SonarQube, interpret the data, and then put that information to good use and I have not been disappointed.

The first thing that you notice is that the authors are passionate about the topic - not only about SonarQube itself, but also the art of writing quality code and understanding how best to analyze and test it. Having both been coders they are able to provide information not only on how to do something but why you should do it and provide meaningful examples to back it up. Their style is very approachable, almost as if they are speaking to you and trying to walk you through the topic. I found it took me longer to get through the book than I expected as I tended to sit with it while I was actually working in SonarQube, evaluating projects, and improving code. Every chapter seemed to hold a nugget that I needed to apply or tell someone else about.

The book is not intended as an administrative manual (although it does have administration and configuration points), but instead a resource that discusses common software design, development, and testing problems and provides you with the information you need to both understand the challenges you face as well as how to apply SonarQube components. I loved the fact that the authors did not just walk me through an endless list of plugins and simply describe what those components do, but provided you with the information you need to understand the problems all software teams face and then discuss ways that SonarQube may help you. Essentially, they are teaching you how to fish. When I was done I felt like I had a much better understanding of what many of the components were telling me and how to take action on that information.

There were some areas in the book where some of the screenshots were not up to date or some of the component description was a little dated, but in fairness they tended to mention areas where they know or expected there would be changes.

The end result is that I found this to be an informative, well written book that will help me and our engineering department (both software and test engineers) to collectively design, write, and deploy better code and automation tests. Our software engineers, test engineers, leads, and managers will all benefit from a more well thought out SonarQube setup and a better understanding of what the various components meant and how best to apply them. Our team is excited about what we can do with SonarQube, we just need to finish applying what was learned in the book and then I need to spend some time showing them what I learned.
The first 7 chapters are already worth the money. If you haven't installed SonarQube already, you will install it. 24 Jan. 2014
By R.M. Morrien - Published on
Format: Paperback
Reviewer background:
This is a review from an experienced SonarQube user. I have no relation to the project, I've just been using the open source product over the last few years. I have a lot of experience in Maven based Java projects being build in a Continuus Integration system. This book attracted my attention because I have a personal interest for improving existing code quality. This normally starts for me by automating the building of software using Continuus Integration tools. Code analysis has become a requirement in my opinion of a Continuus Integration system. In the past I used several separate tools like PMD and Checkstyle, but when I discovered SonarQube (Sonar) a few years ago I have been using that instead.

Audience of the book:
The book has a very wide audience. For every developer (with or without a lot of experience) the first part (part I: chapter 1 to 7) of the book is really useful. The chapters describe different ways to look at the quality of code. This is done by describing the SonarQube vision of code quality, which is called the Axes of Quality. I think this is a must read for any developer, regardless of the developer experience or language preference. It is well written and contains good examples and scenarios to understand the Axes of Quality. I really liked the way the writers have explained this. It addresses for example: Cosing issues, coding standards, code duplication, and for more experienced programmers: improving application design. But I need to address this book does not learn you in detail how to write excellent code, it learns you how to look at written code from a number of different views.

For experienced SonarQube users the book contains expert topics like: creating your own rulesets over multiple projects. I suspect that those needing to do this already have accepted SonarQube in their product line and have lots of time reserved to manage this. My experience is that this time is not reserved and I'm very happy that the default rule sets are very good and require limited tuning.
For managers it has some nice parts about how to interpret numbers. If your manager wants 100% code coverage and 0 technical debt (s)he should read these chapters.
For system administratos there are some chapters explaining how to install the product, how to set up security. This should give a good introduction of the concepts available. For the most up to date information I would personally use the online documentation.

The first part was the introduction of the Axes of Quality.
The second part of the book dives into the subject of improving the code quality: how do you tackle this. A big problem is that SonarQube will give you an overload of quality metrics. Dealing with this overload is described very well. Another good source of best practices combined gives you a very good overview of tactics to create a plan to improve your code. This is where I learned the most from the book. Continuus integration is discussed. You can easily integrate SonarQube into build systems like Jenkins and Bamboo. For me this is a must have for any serious product development. Code review capabilities are explained, there is a complete workflow. I'm not yet convinced this should be driven from SonarQube. This is not a problem of the book. IDE integration is explained. For Java and Eclipse users this is a very useful feature. For non Java / non Eclipse users an alternative is explained.
The third part of the book goes into specific subjects like administering security roles for users. These chapters are interesting, but are not mandatory to read.

Nice details:
The book contains some very nice details you want to remember or use directly. E.g. I learned that you can import integration test results code coverage afterwards into SonarQube.

The book format:
I've read the .mobi version on a Kindle PaperWhite e-reader. The markup is good, the images are not so good on my e-reader. If you have SonarQube experience this is not a problem. If you never used it I would strongly advise you to start using SonarQube immediately, it helps the most. The pdf version contains good images, but I would still advise to click around in the product. You do not have to install it, just open the demo at [...].
Book Size, around 350 pages of which I read 90%, I skipped through Appendix A and B.
a great supplement to the manual 27 Jan. 2014
By Jeanne Boyarsky - Published on
Format: Paperback
“SonarQube in Action” is a book I have been looking forward to reading since the book promotion at CodeRanch. During the promo, I learned that I knew about SonarQube (formerly Sonar) than I realized and that I was ready to learn even more.

The book has two focuses. One is how to use SonarQube well. The other is how to improve quality using SonarQube. This includes how to use the metrics, the quality axis and how it affects teams.

I particularly liked the “related plugins” part of each chapter. The screenshots were good zooming in on the parts to focus on. The lifecycle state diagram for normal and manual rules was useful

This is one of a select group of books that has something for everyone from beginners through power users.

The most important measure of whether this book is good is whether I have a list of things to look into at the end. And I definitely do! Both things I learned and things that it reminded me of. A great read. If you are using SonarQube, you should definitely but this book. It supplements the official documentation nicely by providing a different perspective.

Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.
Non-programmers are welcome into the source code sanctuary! 16 April 2014
By A. Gordon - Published on
Format: Paperback Verified Purchase
The divine place for all programmers – the source code – from now on can be visited by non-programmers – QA people, managers, etc. They just need to start using the SonarQube as a tour guide. This book makes a powerful introduction into the code quality and continuous inspection concepts. I used it for two purposes – to learn the underlying subject of the source code inspection and to learn the SonarQube tool itself. I succeeded in both goals. The book should be read together with “hands-on” experimenting with the software and all underlying technologies. I highly recommend this book to all developers, managers, Agile Scrum Masters who is involved in modern Agile-based software development process.
Were these reviews helpful? Let us know