Code Quality Basics - Best Practices in Static Code Analysis with SonarQube

Static code analysis is a great approach to check for code quality. There are a variety of static code analysis tools available to check for coding standard violations in your code. In this article, let’s get introduced to static code analysis, different tool you have and also the limitations of static code analysis.

You will learn

  • What is Static Code Analysis?
  • When do you use Static Code Analysis?
  • How can you do Static Code Analysis with SonarQube?
  • What are the limitations of Static Code Analysis?
  • What are the best practices in using Static Code Analysis?

Article Series

This is the fourth article in a series of eight articles on Code Quality

What is Static Code Analysis?

Static Analysis is awesome approach to automate your code quality checks. You run a tools like SonarQube on your source code and it gives a summary of what can be improved in your code. You don’t run your code while doing static analysis.

Static Code Analysis is not a silver bullet

However, you need to remember that there are limitations to what static analysis can do:

  • It cannot check if you have given a meaningful name to your varible, method or class
  • It cannot check if there are other approaches to solving a problem.
  • It cannot check if a method or class are adhering to Single Responsibility Principle
  • It cannot check if your method is readable beyond a few formatting checks

All these can be only checked in peer review

Static Analysis is a signal

The most important thing to keep in mind that the resulting metrics are never the goal of the analysis. Static analysis results are intended to be more of a signal.

If a code base has poor static analysis results, you can say that the code quality is pretty bad. However, if the static analysis results are good, the code might still not be readable.

What Is A Good Application?

image info

Here are the characteristics of a good application:

  • How maintainable is the application (This is the aspect where static analysis contributes in a very large way)?
  • How easily usable is the application?
  • How reliable is it?
  • What are the security features?
  • What is the performance of the application, and its efficiency?
  • What is the functional suitability?
  • How well does it port to other platforms?

Quick Review of Static Analysis Tools

There are a variety of static code analysis tools that are fairly popular in the programming world. Let’s look at a few of them.

image info


The most popular static analysis tool in the Java world is SonarQube. It has a very informative dashboard in its interface, where it shows you a variety of metrics, and how your code fares against them. These includes the extent of code duplication, how big your components are, the code coverage statistics, how complex are your methods and classes, etc.

Other Tools

There are a few other plugin based static analysis tools such as Simian, Findbugs, CheckStyle and PMD. However, SonarQube stands heads and shoulders above all of them.

IDE Plugins

It is possible to install and configure plugins related to the above tools into your IDE, such as Eclipse.

Important Metrics from Static Analysis

image info

What are the important aspects you look at, when you analyze code from a static analysis point of view?

Unit Size

From the point of view of an architect, one would first start off by looking at the components. The SonarQube report clearly shows you the components that are present in code, as well as their sizes.

Complexity Per Unit

Complexity measure is a fair indicator of how well your code logic is organized. The cyclomatic complexity in the business layer should be typically high, and lower in the other layers.


Static analysis is generally able to indicate the extent of code duplication in the application, and also identifies the duplicate code blocks.

Unit Testing

Analyzing the unit testing aspect is very important for any application. It is possible to measure how good the written tests are, by looking at the quality of the asserts, for example. You also get a measure of the extent of code coverage present in the application.

You could start off with that part of the code that is listed with the highest complexity, and examine the unit tests for that.

If these tests are simple to read, that’s a great sign!

Best Practices For Code Quality

image info

Peer Reviews Are A Must

Since we have an understanding of the limitations of static analysis, having peer reviews is understandably a must. Peer reviews are still the best way to improve on the readability and maintainability of code.

An effective mode of peer review is to have pair programming reviews, which ensure the code is reviewed as soon as it’s written.

Integrate Into Continuous Integration

It is very important to have the static analysis part of code quality checks, as part of the continuous integration builds. You could have SonarQube for instance, look into code taken from the repository as part of a daily build. It is important to do this from day one, since it helps weed out code defects right from the start.

Comply With The Four Principles Of Simple Design

With design decisions, you can always change it at a later point in time, if the need arises. Hence, adhere to the Four Principles Of Simple Design when making these decisions. Ensure that:

  • The code is as readable as possible
  • The tests written are really good
  • The complexity is reduced to a minimum
  • The individual components (methods/classes) are as small as possible

Once these four principles are well implemented, and you are backed up by effective static analysis, you can be confident that the design is quite good.

In case a design change needs to be made, having good tests ensures that the change will be smooth and will not break functionality.

Separate Architecture From Design

If you are in an Agile project, you don’t want the low level design of the code to be very complex. Now, anything that’s easy to change, is design. Anything that’s hard to change, is architecture. Separate your decisions into design decisions, and architecture decisions.

For architecture decisions, you need to put enough thought and effort, before going ahead with the changes. With design decisions, you can always change it at a later point in time, if the need arises.

When it comes to it, make sure you make informed choices when you select which application framework to use, and how you organize the layers.

You can check out our video on the same topic here

image info


In this article, we had a close look at the best practices involved in ensuring good code quality in your application. We saw that static analysis is a very good tool to make use of.

10 Step Reference Courses

Image Image Image Image Image

in28Minutes is creating amazing solutions for you to learn full stack and the cloud - Docker, Kubernetes, AWS, React, Angular etc. Click here for the complete catalogue of 30 Courses.

Related Posts

Spring Boot Tutorials for Beginners

At in28Minutes, we are creating a number of tutorials with videos, articles & courses on Spring Boot for Beginners and Experienced Developers. This resources will help you learn and gain expertise at Spring Boot.

Spring and Spring Boot Video Tutorials for Beginners

At in28Minutes, we are creating a number of tutorials with videos, articles & courses on Spring Boot for Beginners and Experienced Developers. Here's a list of video tutorials and courses for you

Software Design - Separation Of Concerns - with examples

Software architects and programmers love having Seperation of Concerns. What is it? Why is it important? Let's get started.

Object Oriented Software Design - Solid Principles - with examples

Software design is typically complex. Object oriented design takes it to the next level. There are a number of design patterns and other stuff to be aware of. Can we make things simple? What are the goals to aim for when you are doing object oriented design? SOLID Principles is a great starting point for Object Oriented Design.

Software Design - Open Closed Principle - with examples

Open Closed Principle is one of the SOLID Principles. You want your code to be easily extended. How do you achieve it with minimum fuss? Let's get started.

Software Design - What is Dependency Inversion Principle?

Dependency Inversion Principle is one of the important SOLID Principles. Dependency Inversion Principle is implemented by one of the most popular Java frameworks - Spring. What is it all about? How does it help you design good applications?

Introduction to Four Principles Of Simple Design

With agile and extreme programming, the focus is on keeping your design simple. How do you keep your design simple? How do you decide whether your code is good enough?

Software Design - Single Responsibility Principle - with examples

For me, Single Responsibility Principle is the most important design principle. What is Single Responsibility Principle? How do you use it? How does it help with making your software better? Let's get started.

REST API Best Practices - With Design Examples from Java and Spring Web Services

Designing Great REST API is important to have great microservices. How do you design your REST API? What are the best practices?

Designing REST API - What is Code First Approach?

Designing Great REST API is important to have great microservices. Code First approach focuses on generating the contract from code. Is it the best possible approach?