Synechron TSQL Plugin Static Code Analysis Tool for SQL Server October 2015

Synechron TSQL Plugin Static Code analysis tool for SQL Server October 2015

Synechron TSQL Plugin – Static Code analysis tool for SQL Server:

Transact SQL (TSQL) is a query language that is being used by most of the RDBMS systems. Within Synechron, the applications use Microsoft SQL Server as the back end. The need of the hour was to build some custom tool that can bring in maturity for all the SQL scripts that the developers code and validate whether they follow and abide to industry standards.

The plugin created, integrates with another open source code project called as “SonarQube”. It is a third party static code analysis tool that works with .NET, Java, JavaScript, PHP and other high level programming languages. This tool has replaced the current manual activities that were not standard across the development teams.

SonarQube was adopted keeping in mind the following goals –

Firstly, introducing a coding discipline that is enforced using industry wide standards that will drive the quality of the source code and secondly, the ability to receive quick feedback on the rule that have been violated while dealing with fresh development.

To address the first goal, SonarQube comes with industry standard tools like FxCop, StyleCop, PMD, Checkstyle. As an administrator, the user needs to select rules through the SonarQube GUI to enable them and rest is taken care by the application itself. Every time the source code is uploaded for analysis, SonarQube runs these rules automatically and displays the violations on the dashboard.

The second goal is address by providing a differential view between the previous and the current analysis. The developers can go through this view and immediately identify the new violations that have been introduced into the code.

Below is a high level diagram that shows the inner working of SonarQube:

Private and Confidential 2

Source StyleCop Styl Code Load Rules eCo Execute p Rep StyleCop ort

Compiled Assemblies FxCop FxC Load Rules op Rep

Execute FXCop ort

SonarQube CSharp Quality Squid C# Squi Profile Load Rules d FXCop Rules Execute Rep ort StyleCop CSharp Rules Squid Sonar Rules

Gallio Cov Load test dlls erag SonarQube Runner SonarQube e Execute Tests & SonarQube Dashboard using Galli SonarQube o Runner OpenCover Rep Property ort file s for metrics and calculate reports Parse projects Dependenc NDe y ps Rep Run NDeps ort Test Project (if Any) Duplication Duplication Detection

Although, SonarQube allows the analysis of all high level languages, it currently does not have support for analyzing TSQL code specific to SQL Server. That is where, we have built the capability to create a custom plugin that can be integrated with SonarQube and can analyze SQL Server scripts as well. The plugin abides to the same architecture that is being governed by the Sonar developer’s community but requires a specialized skill.

Private and Confidential 3

TSQL Plugin Architecture

The benefits of this plugin are:

1. Introduce code standardization across different database teams. 2. Single source of information for all the technologies. 3. Ability to compare and improve with each upload to SonarQube. 4. Continuous and immediate feedback.

Private and Confidential 4