当前位置:网站首页>Who the final say whether the product is good or not? Sonar puts forward performance indicators for analysis to help you easily judge product performance and performance

Who the final say whether the product is good or not? Sonar puts forward performance indicators for analysis to help you easily judge product performance and performance

2022-07-04 14:54:00 InfoQ

In recent days, ,Sonar The product manager announced Sonar all-new 、 Clear analysis performance indicators , To better compare with other tools with the same indicators or results .

As SonarQube Authorized partners , Chuangshi continues to pay attention to the field of code security , Bring global excellent tools and solutions to Chinese users , Help enterprises realize the integration of development and operation security .

In this paper ,Sonar The product manager Alexandre Gigleux Read in detail Sonar The latest performance index 、 Current target completion progress , And the next priority .


null
Here it is , I am proud to announce Sonar Performance analysis index . all the time , When users discuss Sonar When analyzing performance , There are two situations :

  • Challenge : Users constantly try to break the limit , Report the problem cases they think should be improved .
  • Satisfied : Because the user has to run for several hours and always produce a large number of false positive results SAST Tools are used to , They are for Sonar Be satisfied with .

But no matter what the above situation is , We don't know how to deal with . Because when we first started building the analysis engine , There are no clear performance indicators in mind . The direction is not clear , The proposition of whether to achieve the target is not tenable . therefore , When you tell us that the performance is not good enough , We don't know whether your suggestions are advisable .

This is why we finally decided to establish clear performance analysis indicators : In this way, we will not simply compare our products with other tools that may not have the same indicators or results , It will not be subjective 、 Evaluate and analyze from a personal perspective “ look ” What about? .

Now? , We can clearly tell you what you can get from our products , And under standardized conditions , The time required to analyze the project .

that , Let's see what these indicators are , And the realization of these indicators .                     

How long does the first analysis take ?


The first analysis should be understood as analyzing all files of a branch . When you are in SonarQube or SonarCloud When adding a new project in , And when creating new branches , This happens all the time . under these circumstances , You can expect to see the overall status of the project in less than a few minutes , The specific minutes depend on the scale of the project :

null
Based on SonarCloud Measurement results on , Our products are dealing with M、L and XL Class projects have reached the standard —— Of these projects 95% The analysis is completed within the index time range . Because it takes time to start the analysis phase ,XS and S Such projects have not met the requirements .

How long does code change analysis take ?


Code change analysis usually occurs in the following two cases :

  • Create a pull request after , Hope to verify before merging PR quality .
  • Submit the file directly to the branch ( Main branch or other branches ), Instead of using pull/merge request Mechanism .

In this case , We naturally expect to analyze time and the size of the change set ( Number of codes added or updated ) In direct proportion to , Instead of waiting for the same time as the first analysis .

ad locum , You can expect to see your project in a few minutes 、 Branch or PR Updated quality gate (Quality Gate, Also translated as quality gate ), How many minutes it takes depends on the scale of the code change :

null

up to now , What have we done to achieve these targets ?


Our new definition : A project can contain multiple programming languages . We name the project in the language with the highest code density in the project , This lets you describe a particular project as Java、TypeScript or PHP The project becomes very convenient .

The first analysis execution time
Just Java For the moment , We have improved its overall analysis performance . And SonarQube 9.3 comparison ,SonarQube 9.4 Of Java The average analysis speed increases 30%. A customer who tested this version said , He can be less than 18 Analyze one in minutes 1M LOC project . This fully meets our target (<40 minute ), It shows that our products have achieved good analytical results .

about Kotlin project , We have improved the analysis performance 10 times , The performance index is reached .

Just C/C++ In terms of projects , from SonarQube 9.5 Start , Our default analysis is multithreaded . before this , It is an optional option , In the latest version, we changed it to the default option . Through this change , More will be allocated in the analysis CPU, Thus, it is easier to achieve the expected indicators .

Code change analysis execution time
about Sonar Many languages covered , We don't need to collect information from all documents to improve the quality of results , In this case , Just analyze pull request Documents involved . from 2022 year 5 month 3 The date of , This function can be seen from SonarQube 9.3 and SonarCloud Get on . If pull request Contained in the CSS、HTML、XML、Ruby、Scala、Go、Apex、CloudFormation、Terraform、Swift、PL/SQL、T-SQL、ABAP、VB6、Flex and RPG Wait for code changes , be pull request The efficiency of analysis will usually be improved .

For the subject is Java Code pull request, Because we no longer need to analyze the whole project level data , Instead, analyze only the changed files , So the speed will increase again 8-25%.

In general, it has improved , But we haven't reached our target of code change analysis time .&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;

Next , What are we going to do ?


As our top priority , We want to optimize Java Project pull request Analysis time . We will achieve this with the help of a new caching mechanism that stores project level data , This will ensure that our analysis results have high accuracy . Why optimize first Java? because Java yes Sonar The first language supported , It is also the language most used by our users . Besides ,Sonar Developers of have used a lot Java, So we can easily find problems before release .

Next , We will use the same caching system to optimize the code change analysis of branches .

When the operation is stable , We will extend it to JS/TS、PHP、Python and COBOL Other languages .

Want to experience  SonarQube Or try it out SonarCloud, Please contact the
SonarQube Officially authorized partner of China —— Create reality
&nbsp;, We provide SonarQube Product consultation 、 sales 、  The implementation of 、 Training and technical support services
.
Author's brief introduction :
ALEXANDRE GIGLEUX
The product manager

Source of the article :https://blog.sonarsource.com/sonars-analysis-performance-targets/
原网站

版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/185/202207041329281745.html

边栏推荐

猜你喜欢

随机推荐