From a technical point of view, a software is rarely just a bunch of source code files. By reusing work of the community, any development team can benefit from very robust and mature libraries while focusing on valuable business core. So when code quality matters, dependencies on the community libraries also matters.
Here are several common use cases:
- A given version of a library should not be used as this version is well known to contain critical bugs
- Need to understand which transitive dependencies can explain why a software depends on a library
- A library should not be used any more as the commercial contract has been broken with the company
Two services, "Libraries" and "Dependencies", allow to request Sonar in order to cover those use cases (Those services are currently available only for Java Maven projects).
Libraries of a Project
Once a project has been selected, this "Libraries" service allows to easily visualize the dependency tree of the project. An optional dynamic filter is available to filter libraries by name to quickly navigate through transitive dependencies:
Here is the meaning of each icon:
The source code of this library has not been analyzed by this Sonar server
The source code of this library has been analyzed by this Sonar server and this project depends on the last snapshot analyzed by Sonar
The source code of this library has been analyzed by this Sonar server but the project depends on an old version of the library compared to the last snapshot analyzed by Sonar
Dependencies Between Projects and Libraries
Navigating through the dependencies of a project is useful but the ability to work on all projects in order for instance to know which one depends on library "dummy" version "x.y.z" is also very valuable. The "Dependencies" service allows to do such thing: