Code Quality Basics - Best Practices in Static Code Analysis with SonarQube

Image Image

Static code analysis is a great approach to check for code quality. There are a variety of static code analysis tools available to check for coding standard violations in your code. In this article, let’s get introduced to static code analysis, different tool you have and also the limitations of static code analysis.

You will learn

  • What is Static Code Analysis?
  • When do you use Static Code Analysis?
  • How can you do Static Code Analysis with SonarQube?
  • What are the limitations of Static Code Analysis?
  • What are the best practices in using Static Code Analysis?

Free Courses - Learn in 10 Steps

Article Series

This is the fourth article in a series of eight articles on Code Quality

What is Static Code Analysis?

Static Analysis is awesome approach to automate your code quality checks. You run a tools like SonarQube on your source code and it gives a summary of what can be improved in your code. You don’t run your code while doing static analysis.

Static Code Analysis is not a silver bullet

However, you need to remember that there are limitations to what static analysis can do:

  • It cannot check if you have given a meaningful name to your varible, method or class
  • It cannot check if there are other approaches to solving a problem.
  • It cannot check if a method or class are adhering to Single Responsibility Principle
  • It cannot check if your method is readable beyond a few formatting checks

All these can be only checked in peer review

Static Analysis is a signal

The most important thing to keep in mind that the resulting metrics are never the goal of the analysis. Static analysis results are intended to be more of a signal.

If a code base has poor static analysis results, you can say that the code quality is pretty bad. However, if the static analysis results are good, the code might still not be readable.

What Is A Good Application?

image info

Here are the characteristics of a good application:

  • How maintainable is the application (This is the aspect where static analysis contributes in a very large way)?
  • How easily usable is the application?
  • How reliable is it?
  • What are the security features?
  • What is the performance of the application, and its efficiency?
  • What is the functional suitability?
  • How well does it port to other platforms?

Quick Review of Static Analysis Tools

There are a variety of static code analysis tools that are fairly popular in the programming world. Let’s look at a few of them.

image info


The most popular static analysis tool in the Java world is SonarQube. It has a very informative dashboard in its interface, where it shows you a variety of metrics, and how your code fares against them. These includes the extent of code duplication, how big your components are, the code coverage statistics, how complex are your methods and classes, etc.

Other Tools

There are a few other plugin based static analysis tools such as Simian, Findbugs, CheckStyle and PMD. However, SonarQube stands heads and shoulders above all of them.

IDE Plugins

It is possible to install and configure plugins related to the above tools into your IDE, such as Eclipse.

Important Metrics from Static Analysis

image info

What are the important aspects you look at, when you analyze code from a static analysis point of view?

Unit Size

From the point of view of an architect, one would first start off by looking at the components. The SonarQube report clearly shows you the components that are present in code, as well as their sizes.

Complexity Per Unit

Complexity measure is a fair indicator of how well your code logic is organized. The cyclomatic complexity in the business layer should be typically high, and lower in the other layers.


Static analysis is generally able to indicate the extent of code duplication in the application, and also identifies the duplicate code blocks.

Unit Testing

Analyzing the unit testing aspect is very important for any application. It is possible to measure how good the written tests are, by looking at the quality of the asserts, for example. You also get a measure of the extent of code coverage present in the application.

You could start off with that part of the code that is listed with the highest complexity, and examine the unit tests for that.

If these tests are simple to read, that’s a great sign!

Best Practices For Code Quality

image info

Peer Reviews Are A Must

Since we have an understanding of the limitations of static analysis, having peer reviews is understandably a must. Peer reviews are still the best way to improve on the readability and maintainability of code.

An effective mode of peer review is to have pair programming reviews, which ensure the code is reviewed as soon as it’s written.

Integrate Into Continuous Integration

It is very important to have the static analysis part of code quality checks, as part of the continuous integration builds. You could have SonarQube for instance, look into code taken from the repository as part of a daily build. It is important to do this from day one, since it helps weed out code defects right from the start.

Comply With The Four Principles Of Simple Design

With design decisions, you can always change it at a later point in time, if the need arises. Hence, adhere to the Four Principles Of Simple Design when making these decisions. Ensure that:

  • The code is as readable as possible
  • The tests written are really good
  • The complexity is reduced to a minimum
  • The individual components (methods/classes) are as small as possible

Once these four principles are well implemented, and you are backed up by effective static analysis, you can be confident that the design is quite good.

In case a design change needs to be made, having good tests ensures that the change will be smooth and will not break functionality.

Separate Architecture From Design

If you are in an Agile project, you don’t want the low level design of the code to be very complex. Now, anything that’s easy to change, is design. Anything that’s hard to change, is architecture. Separate your decisions into design decisions, and architecture decisions.

For architecture decisions, you need to put enough thought and effort, before going ahead with the changes. With design decisions, you can always change it at a later point in time, if the need arises.

When it comes to it, make sure you make informed choices when you select which application framework to use, and how you organize the layers.

You can check out our video on the same topic here

image info


In this article, we had a close look at the best practices involved in ensuring good code quality in your application. We saw that static analysis is a very good tool to make use of.

Related Posts

Docker Tutorial for Beginners - with Java and Spring Boot

Learn about Docker - What is Docker? Why Is Docker Popular? How to create Docker Image for a Java Spring Boot App?

Devops Tutorial | DevOps with Docker, Kubernetes and Azure DevOps

What is DevOps? How is it different from Agile? What are the popular DevOps Tools? What is the role of Docker, Kubernetes and Azure DevOps in DevOps. Let's get started with a simple usecase.

Deploy Java Spring Boot Applications to AWS, Azure, GCP with Docker and Kubernetes

In this article, we focus our attention on the cloud. How to learn the cloud and deploy Java Spring Boot Applications to AWS, Azure, GCP with Docker and Kubernetes?

Spring Boot Tutorials for Beginners

At in28Minutes, we are creating a number of tutorials with videos, articles & courses on Spring Boot for Beginners and Experienced Developers. This resources will help you learn and gain expertise at Spring Boot.

Microservices with Spring Boot and Java - Part 1 - Getting Started

Let's learn the basics of microservices and microservices architectures. We will also start looking at a basic implementation of a microservice with Spring Boot. We will create a couple of microservices and get them to talk to each other using Eureka Naming Server and Ribbon for Client Side Load Balancing. In part 1 of this series, lets get introduced to the concept of microservices and understand how to create great microservices with Spring Boot and Spring Cloud.

20+ Spring Boot Projects with Code Examples

At in28Minutes, we have created more than 20 projects with code examples on Github. We have 50+ articles explaining these projects. These code examples will you learn and gain expertise at Spring Boot.

REST API Best Practices - With Design Examples from Java and Spring Web Services

Designing Great REST API is important to have great microservices. How do you design your REST API? What are the best practices?

Index - 500+ Videos

At in28Minutes, we are creating a number of tutorials with videos, articles & courses on Spring Boot for Beginners and Experienced Developers. Here's a list of video tutorials and courses for you

Creating Spring Boot and React Java Full Stack Application with Maven

This guide helps you create a Java full stack application with all the CRUD (Create, Read, Update and Delete) features using React as Frontend framework and Spring Boot as the backend REST API. We use Maven as the build tool.

Creating a SOAP Web Service with Spring Boot Starter Web Services

Let's learn how to create a SOAP Web Service with Spring Boot Starter Web Services. We will take a Contract First approach by definining an XSD and exposing a WSDL from it.


in28Minutes Best Selling Udemy Courses

Image Image Image Image Image Image Image Image Image

450,000 Learners are pursuing our 31 amazing courses and 6 Learning Paths. Start Now!

Join 450,000 Learners and 30+ Amazing Courses

LEARN DEVOPS - 200+ VIDEOS - Master DevOps with Docker, Kubernetes and Azure DevOps

350,000 Learners are learning everyday with our Best Selling Courses : Spring Boot Microservices, Spring, Spring Boot, Web Services, Hibernate, Full Stack React, Full Stack Angular, Python, Spring Interview Guide, Java Interview, Java Functional Programming, AWS, Docker, Kubernetes, PCF, AWS Fargate and Azure

85,000 Subscribers are learning from our Free Videos on YouTube : JSP Servlets, Spring, Spring Boot, Spring MVC, Hibernate, Eclipse, Maven, JUnit, Mockito, Full Stack - React, Full Stack - Angular, Docker, Kubernetes, AWS, AWS Fargate, PCF and Azure

Here are the recommend articles to read next : Spring Interview Questions, Spring Boot Interview Questions, Microservices, Hibernate, Spring Security, REST API with Spring Boot, Full Stack with React, SOAP Web Services, Exception Handling, Embedded Servers, Spring Data Rest, Spring vs Spring MVC vs Spring Boot, Building Web Application and Spring Data JPA.

You can checkout all our 100+ articles here - All Articles.

Do not know where to start your learning journey? Check out our amazing learning paths:
Learning Path 01 - Spring and Spring Boot Web Applications and API Developer,
Learning Path 02 - Full Stack Developer with Spring Boot, React & Angular,
Learning Path 03 - Cloud Microservices Developer with Docker and Kubernetes,
Learning Path 04 - Learn Cloud with Spring Boot, AWS, Azure and PCF and
Learning Path 05 - Learn AWS with Microservices, Docker and Kubernetes