Has anyone came across integrating sonarQube with Appian. or Is it compatible with Appian.
Discussion posts and replies are publicly visible
I have the same question
Hi Harsha,sonarQube is a tool used to achieve code quality, currently supporting 26 programming languages.I assume that your intent is to instill code quality for the applications build on the Appian Platform.Then the answer is "NO". The rationale behind is: Appian is a low-code platform. The process models defined are transformed in XML code, executedby the Appian BPM Engine. Now way that sonarQube can deal with those constructs. Same is true for the Interface definitions whereAppian is using the SAIL code.To achieve good quality for our applications build with Appian, we have build an application in Appian which checks that all Best Practices arefollowed for Appian applications (e.g Alert settings, security settings in process models, description provided, Node assignments to groups only etc.)Hope that helps.Juergen
I can add also, by conducting code reviews (peer review)
You are right - to have peer reviews for application build with Appian is always a good idea.That is what we have automated with our 'Peer Review' application.
How is your "Peer Review" app? We are hoping to create something like this ourselves so any details you can share would be most welcome.
This could be a starter: community.appian.com/.../coe-appcop
I agree with SAIL when you say that SonarQube cant deal with respective constructs. BUt w.r.t process models, I was browsing though SonarQube website and found that XML constructs can also be dealt, link here ---> https://www.sonarqube.org/features/multi-languages/
Just trying to understand if it really cant be done.
I don't think having SonarQube checking the XML is going to help you. All of the XML definitions of process models get generated in Appian and can only be understood by Appian. Plus, the part you're interested in is whether the process model is designed efficiently (i.e. the data contained in the XML) - the XML structure itself has no bearing on the design of your process model.
Here's a scenario that might help to explain: suppose you export all your process models and run them through SonarQube, and let's also assume it finds some code suggestion. What would you do with that suggestion? You can't change the XML - if you do, Appian wouldn't be able to parse it correctly. Plus, an design mistake like creating an infinite loop wouldn't be found in the XML analysis unless that tool has a lot of knowledge about how Appian works.
This is a pretty old post, and Appian has made some strides in helping you analyze your applications directly within the product. I think your best bet is using tools like the Health Check or Appian Recommendations.
Yes, it is true - SonarQube supports XML files, but to my understanding only does static code analysis for 10 rules:https://rules.sonarsource.com/xml
So checking e. g. if a process model hands over data to a sub-process by referencing or by value is not possible.
what we basically do in the peer review app, is uploading the zip file of the application we would like to get examined. (no deployment of the application necessary). We extract the zip file and parse the xml code applying more than 26 checks for process models, rules, groups, constants, interfaces, etc., creating an interactive report about the violations found.
© 2021 Appian. All rights reserved.