SonarQube(Part 1) — What is Software Testing, Dynamic Testing and Static Testing

In this tutorial, we will be learning about SonarQube. It is a Software testing tool used to improve the quality of the code and help fix errors very early in the development. Here are the points which I am going to explain here,

• What Software Testing is?
• Dynamic Testing and Static Testing
• What SonarQube is?
• Features of SonarQube
• Installation and some practice on SonarQube (Demo)

I am going to explain these points in a couple of tutorial series.

What is Software Testing?

Software Testing is a part of the Software Development life cycle. Its aim is to ensure that the code to be deployed is of high quality with no bugs and no logical errors.

If you imagine yourself as a Developer making an app in a company when your job is to develop the code. But after it’s developed it is sent to a tester who makes sure that the code is in high quality which is having no bugs and no logical errors. If there are no errors in the test that are found on the application code then it sends to Deployment. If there are any errors founds it sends back to the Developer. Then the Developer fixes those errors and sends back to the Tester. This cycle repeats until a proper application is developed.

Why do we do Software Testing?

This is a very important thing while making a Software. Because we need to make sure that the Software in high Quality. Only that the customers have comfortable using the product. For this particular reason,30% of the time of Software Development is giving for Testing. It is necessary the customers are satisfied and also important to have high-quality applications. Testing also decreases the Maintenance cost and increases the Quality of the Code.

If we haven't tested the code in future an error might have appeared. And then we would have to go and solve the whole error and it will take time to resolve it. Instead of doing that if we had tested it earlier we do not need to spend lots of money on that and time on it. And that way Software Testing decreases the time and cost it takes to develop the software. Software Testing and also helps and ensuring that the code that is produced is secured and safe. Now let’s see the Software Testing classification.

Software Testing Classification

Based on Testing Type there are:

• Manual Testing — This is self-explanatory. We test all the test cases manually by ourselves. We write the test cases and we test on the code.
• Automatic Testing — Here we write just scripts that are standardized tests that run on applications.

Based on Testing Methods there are:

• Static
• Dynamic

Based on Testing Approaches there are:

• Black Box Testing — Tester does not know about the Internet structure of the application.
• White Box Testing — Tester knows about the Internet structure of the application.
• Gray Box Testing — Tester knows a little bit about the application. But not much.

Based on Testing Levels there are:

• Unit Testing — Each module is tested separately
• Integration Testing — Set of modules is tested with an integrated manner
• System Testing — The whole system as together is tested
• Acceptance Testing — The whole system is tested for acceptability. Whether they accept the requirements according to customer needs.

Dynamic Testing

Dynamic Testing happens during the execution of the code. It can help identify subtly defects or vulnerabilities because it also looks at the code’s integration with other databases, servers, and services.

It’s something like this,

Dynamic Testing Mechanism

A developer writes the code which is then tested and If there are no errors found then the code can go for Depolopment If any errors are found in the code then the code will send back to the Developer for fixing. This testing happens on the execution. That means it only happens when the code is run. This happens in a Testing environment and not in the Development or Production environment. While it is running we can it’s integration with the Databases and Servers or the other Services.

Advantages of Dynamic Testing

• It will find fault in the specific part of the code during the execution time.
• Some of the errors that wouldn’t be found using static testing would definitely be found out using dynamic testing, especially those related to parts of the source code that rely on external servers.

So when we run our application we will find some errors that are related to the integration to the other services or other Databases like I mentioned earlier. In that case, It is much better to use Dynamic Testing. But normally in software testing, we use both.

Example of Dynamic Testing Tools

Example of Dynamic Testing Tools

Static Testing

It is a method of debugging by examining the source code before program is run. That is test the code without actually executing it. It does so by analyzing the code against a pre-set of coding rules and ensure that it conforms to the guidelines.

It is something like this,

While Developer is writing the code a static testing tool reads through the code and then it analyses the Code. After analyzing it if there is any error found then it informs the developer about it. And the Developer can fix it while he writing the code.

Static Code Analysis

There are many tools which help in static testing and providing us with an analysis for better comprehension. Like I mentioned before what static testing tool does is it takes the code while it has been written and it performs an analysis on it.

If we took an example of a SonarQube what happens is while the developer writing a code SonarQube goes through the code and based on a set of rules that already pre-defined it checks whether the standards of testing are performed or not. Suppose in my developing team we have some standards that are set by the Team Lead. If you wanna make sure these standards actually met the code we can use the standard testing tools. Then in the end after your, all the code is written gives a comprehensive analysis to the developer. Then we can read it and make changes according to the analysis. This testing only happens during development. Your normal IDE can do this testing, but the tool like SonarQube does this in a much more comprehensible way and it has many features.

Reasons to use Static Code Analysis

• Finds errors earlier in the development — It helps to find errors way earlier in development before it goes to production. They are cheap and easy to fix.
• Detects overcomplexity in code(Refactoring/Simplification) — It helps detect if the code is written in a very complicated matter even though it can be written very easily. (Sometimes we should write some code in a much more complex way. But SonarQube or another static code analysis tool will identify that the code has written in more complex methods and it suggests a more simplified method for it. )
• Finds security errors — It helps pick up security errors, which basically means it helps the source code be more secure when it is deployed. (Whenever the developers are writing the code the tool helps to understand whether there are any security issues in the code. For example, if you have a written password or username inside the code instead od injecting them to the code. Then the tool can understand the texts and pick up a security error. Basically this means it helps to identify the source code more secured)
• Enforces best coding practices — Developers may forget to follow best practices specific to a coding language. it can help in solving that issue. (Suppose you are writing a Java program. There should be some best practices which we need to follow. If we do not follow those things Tool will understand that issues and report)
• Automated and Integrates into Jenkins — It can be a waste of time to regularly ask to test software to test the code. Therefore to solve such a problem we integrate a static testing tool with Jenkins.
• Can create project-specific rules — They allow us to write project-specific rules. We can customize these rules for each specific project too. (Here when we are working with a team, the Team Lead can define specific rules for a specific project. Then the tool can identify whether the code is following those rules or not. We can customize these rules for projects specific as well as the team-specific.)

Examples of Static Testing Tools

I hope you will get some idea about Software Testing, Dynamic Testing, and Static Testing. We will learn about SonarQube and do a Demo on the next tutorial.

Thank You!