Code Quality - Santhi's Blog

Jenkins Integration with SonarQube

In this article, we will look at Jenkins integration with SonarQube. Let’s look at the steps below Outcome expected is that when changes are made in code & gets committed, then Jenkins build will automatically do the build with Sonar scan analysis. Step 1: Install required prerequisites Step 2: Install Sonar Scanner plugin Under Manage

Test Driven Development (TDD)

In this article, we will look at the basics of Test-Driven Development (TDD) and look at one example of how to write unit test using TDD concept. Extreme programming is one of the Agile Development Processes and TDD is one of the core practices of extreme programming. Test Driven Development also referred as ‘Test First

PCI DSS Compliance

PCI DSS stands for payment card industry data security standard. It’s a framework designed to protect the entire payment card value chain. There are 12 requirements are met which are considered as PCI complaint Goals Requirements Build and Maintain a secure network & systems Req.1 : Install & maintain a firewall configuration Req 2 :

DISA STIG Compliance

It refers to an organisation named Defense Information Systems Agency (DISA) that provides security technical implementation guides (STIG) to secure information systems/software to avoid being vulnerable. STIG checklists will secure the below STIG Checklist below https://www.stigviewer.com/stigs

CWE/SANs Top 25 Security Standards

SANS Top 25 is the CWE (Common Weakness Enumeration) list which contains critical errors of security vulnerabilities. SANS(Sysadmin, Audit, Network and Security) is an organisation that provides security policies to be followed. Rank Name 1 Out-of-bounds Write This happens due to memory corruption which is caused by index out of bound exception error 2 Improper

OWASP Top 10 -2017 Security Standards

OWASP stands for Open Web Application Security Project and it’s an open-source application security community with goal of improving security of the software. It’s an industry standard guideline that lists the most critical application security risks which enables developers to secure the application they develop & deploy. OWASP Top 10 2017 Standards: 1. Injection This

Difference between Sonar & Fortify

Fortify scans the code to detect security vulnerabilities and sonar as well does that. Lets look at what are the differences between both Category Sonar Fortify Purpose Static code analysis tool which provides code quality report for duplicate code, code smells, security vulnerabilities Static code analysis tool which provides report on security vulnerabilities that impact

Installation & setting up SonarQube locally in windows 11

Before we jump into the installation & setup configuration, lets understand the basics of SonarQube. What is SonarQube?                SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality and conduct static analysis of code to identify bugs, code smells & security vulnerabilities on 20+ programming languages. SonarQube produces report for

Static Code Analysis – Overview

This article explains overview of the static code analysis Static Code Analysis – Overview (c-sharpcorner.com)

Comparison Of Unit Testing Tools In .NET

In this article, it shows the comparison between of unit testing tools in .NET Comparison Of Unit Testing Tools In .NET (c-sharpcorner.com)