SonarQube Code Analysis
SonarQube Static Code Analysis วิเคราะห์คุณภาพโค้ดอัตโนมัติ Bugs Vulnerabilities Code Smells Duplications 30+ ภาษา Quality Gates CI/CD Pipeline
Career Development IT พัฒนาอาชีพ Code Quality Best Practices Portfolio Security ทักษะสัมภาษณ์งาน
SonarQube Setup
# === SonarQube Setup ===
# 1. Docker Compose
# version: "3.8"
# services:
# sonarqube:
# image: sonarqube:community
# ports:
# - "9000:9000"
# environment:
# SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
# SONAR_JDBC_USERNAME: sonar
# SONAR_JDBC_PASSWORD: sonar
# volumes:
# - sonarqube_data:/opt/sonarqube/data
# - sonarqube_extensions:/opt/sonarqube/extensions
# depends_on:
# - db
# db:
# image: postgres:15
# environment:
# POSTGRES_USER: sonar
# POSTGRES_PASSWORD: sonar
# POSTGRES_DB: sonar
# volumes:
# - postgresql_data:/var/lib/postgresql/data
# 2. sonar-project.properties
# sonar.projectKey=my-project
# sonar.projectName=My Project
# sonar.projectVersion=1.0
# sonar.sources=src
# sonar.tests=tests
# sonar.language=py
# sonar.sourceEncoding=UTF-8
# sonar.python.coverage.reportPaths=coverage.xml
# sonar.python.xunit.reportPath=test-results.xml
# 3. Run Scanner
# sonar-scanner \
# -Dsonar.projectKey=my-project \
# -Dsonar.host.url=http://localhost:9000 \
# -Dsonar.token=sqp_xxxxxxxxxxxx
# 4. GitHub Actions Integration
# - name: SonarQube Scan
# uses: SonarSource/sonarqube-scan-action@v2
# env:
# SONAR_TOKEN: }
# SONAR_HOST_URL: }
from dataclasses import dataclass, field
from typing import List, Dict
@dataclass
class CodeIssue:
rule: str
severity: str # BLOCKER, CRITICAL, MAJOR, MINOR, INFO
issue_type: str # BUG, VULNERABILITY, CODE_SMELL
message: str
file: str
line: int
class SonarQubeReport:
"""SonarQube Analysis Report"""
def __init__(self, project: str):
self.project = project
self.issues: List[CodeIssue] = []
self.metrics: Dict[str, float] = {}
def add_issue(self, issue: CodeIssue):
self.issues.append(issue)
def set_metrics(self, metrics: Dict[str, float]):
self.metrics = metrics
def quality_gate(self) -> dict:
"""ตรวจสอบ Quality Gate"""
gates = {
"coverage": {"threshold": 80, "actual": self.metrics.get("coverage", 0)},
"duplications": {"threshold": 3, "actual": self.metrics.get("duplications", 0)},
"bugs": {"threshold": 0, "actual": len([i for i in self.issues if i.issue_type == "BUG"])},
"vulnerabilities": {"threshold": 0, "actual": len([i for i in self.issues if i.issue_type == "VULNERABILITY"])},
}
passed = True
results = {}
for gate, values in gates.items():
if gate in ["coverage"]:
ok = values["actual"] >= values["threshold"]
else:
ok = values["actual"] <= values["threshold"]
results[gate] = {"passed": ok, **values}
if not ok:
passed = False
return {"passed": passed, "gates": results}
def show_report(self):
print(f"\n{'='*55}")
print(f"SonarQube Report: {self.project}")
print(f"{'='*55}")
# Issues by type
by_type = {}
for issue in self.issues:
by_type.setdefault(issue.issue_type, []).append(issue)
for itype, issues in by_type.items():
print(f"\n [{itype}] ({len(issues)})")
for issue in issues[:3]:
print(f" {issue.severity}: {issue.message}")
print(f" {issue.file}:{issue.line}")
# Quality Gate
qg = self.quality_gate()
status = "PASSED" if qg["passed"] else "FAILED"
print(f"\n Quality Gate: {status}")
for gate, result in qg["gates"].items():
icon = "OK" if result["passed"] else "FAIL"
print(f" [{icon}] {gate}: {result['actual']} (threshold: {result['threshold']})")
# ตัวอย่าง
report = SonarQubeReport("my-project")
issues = [
CodeIssue("python:S1481", "MINOR", "CODE_SMELL", "Remove unused variable 'x'", "src/main.py", 42),
CodeIssue("python:S3776", "MAJOR", "CODE_SMELL", "Cognitive Complexity is 25 (max 15)", "src/handler.py", 10),
CodeIssue("python:S5445", "CRITICAL", "VULNERABILITY", "Use secure random generator", "src/auth.py", 33),
CodeIssue("python:S1871", "MAJOR", "BUG", "Identical branches in if/else", "src/utils.py", 55),
]
for issue in issues:
report.add_issue(issue)
report.set_metrics({"coverage": 75.5, "duplications": 2.1})
report.show_report()Career Development Path
# career_path.py — IT Career Development
from dataclasses import dataclass, field
from typing import List, Dict
@dataclass
class CareerLevel:
title: str
years: str
salary_range: str
skills: List[str]
certifications: List[str]
@dataclass
class CareerTrack:
name: str
levels: List[CareerLevel]
tracks = {
"Software Engineering": CareerTrack("Software Engineering", [
CareerLevel("Junior Developer", "0-2 ปี", "25,000-45,000 บาท",
["Python/JS", "Git", "SQL", "REST API", "Unit Testing"],
["AWS Cloud Practitioner"]),
CareerLevel("Mid Developer", "2-5 ปี", "45,000-80,000 บาท",
["Design Patterns", "CI/CD", "Docker", "SonarQube", "Code Review"],
["AWS SAA", "CKAD"]),
CareerLevel("Senior Developer", "5-8 ปี", "80,000-150,000 บาท",
["System Design", "Microservices", "Mentoring", "Architecture"],
["AWS SAP", "CKA"]),
CareerLevel("Tech Lead / Architect", "8+ ปี", "150,000-300,000+ บาท",
["Technical Strategy", "Team Leadership", "Cross-team Collaboration"],
["TOGAF", "AWS Solutions Architect Pro"]),
]),
"DevOps / SRE": CareerTrack("DevOps / SRE", [
CareerLevel("Junior DevOps", "0-2 ปี", "30,000-50,000 บาท",
["Linux", "Docker", "CI/CD", "Bash", "Monitoring"],
["AWS Cloud Practitioner", "Docker Certified"]),
CareerLevel("DevOps Engineer", "2-5 ปี", "50,000-90,000 บาท",
["Kubernetes", "Terraform", "Ansible", "SonarQube CI", "Prometheus"],
["CKA", "AWS SAA", "Terraform Associate"]),
CareerLevel("Senior SRE", "5-8 ปี", "90,000-160,000 บาท",
["SLO/SLI", "Chaos Engineering", "Platform Design", "FinOps"],
["CKS", "AWS DevOps Pro"]),
CareerLevel("Platform Engineer / Director", "8+ ปี", "160,000-350,000+ บาท",
["Platform Strategy", "Team Building", "Budget Management"],
["ITIL", "PMP"]),
]),
}
print("IT Career Tracks (Thailand):")
for track_name, track in tracks.items():
print(f"\n [{track_name}]")
for level in track.levels:
print(f"\n {level.title} ({level.years})")
print(f" Salary: {level.salary_range}")
print(f" Skills: {', '.join(level.skills[:4])}")
print(f" Certs: {', '.join(level.certifications)}")
# Skills ที่ SonarQube ช่วยพัฒนา
sonarqube_skills = {
"Clean Code": "เขียนโค้ดสะอาด อ่านง่าย Maintain ง่าย",
"Security Awareness": "รู้จัก OWASP Top 10 Vulnerabilities",
"Code Review": "Review โค้ดคนอื่นได้อย่างมีหลักการ",
"Testing": "เข้าใจ Coverage ต้องเท่าไหร่ Test อะไรบ้าง",
"CI/CD": "ใช้ SonarQube ใน Pipeline ได้",
"Best Practices": "รู้จัก Design Patterns Anti-patterns",
}
print(f"\n\nSkills ที่ SonarQube ช่วยพัฒนา:")
for skill, desc in sonarqube_skills.items():
print(f" {skill}: {desc}")Interview Preparation
# interview_prep.py — IT Interview Preparation
interview_topics = {
"Code Quality": {
"questions": [
"Code Smell คืออะไร ยกตัวอย่าง 3 อย่าง",
"Cognitive Complexity คืออะไร ต่างจาก Cyclomatic Complexity อย่างไร",
"Technical Debt คืออะไร จัดการอย่างไร",
"เมื่อไหร่ควร Refactor เมื่อไหร่ไม่ควร",
],
"tools": "SonarQube, ESLint, Pylint, PMD",
},
"Testing": {
"questions": [
"Unit Test, Integration Test, E2E Test ต่างกันอย่างไร",
"Code Coverage 100% ดีหรือไม่ ทำไม",
"TDD คืออะไร ข้อดีข้อเสีย",
"Mocking คืออะไร ใช้เมื่อไหร่",
],
"tools": "pytest, Jest, Playwright, Cypress",
},
"CI/CD": {
"questions": [
"CI/CD Pipeline ออกแบบอย่างไร",
"Quality Gate คืออะไร ตั้งค่าอย่างไร",
"Blue-Green vs Canary Deployment",
"Rollback Strategy ออกแบบอย่างไร",
],
"tools": "GitHub Actions, GitLab CI, Jenkins, ArgoCD",
},
"System Design": {
"questions": [
"ออกแบบ URL Shortener",
"ออกแบบ Chat Application",
"Scale Database อย่างไร",
"Caching Strategy มีอะไรบ้าง",
],
"tools": "Draw.io, Excalidraw, Miro",
},
}
print("IT Interview Topics:")
for topic, info in interview_topics.items():
print(f"\n [{topic}]")
print(f" Tools: {info['tools']}")
for q in info["questions"]:
print(f" Q: {q}")เคล็ดลับ
- SonarQube: ติดตั้งใช้กับทุกโปรเจค แม้ส่วนตัว แสดง Portfolio
- Quality Gate: ตั้ง Coverage > 80% Bugs = 0 Vulnerabilities = 0
- CI/CD: ใส่ SonarQube ใน Pipeline ทุกโปรเจค
- Learn from Issues: อ่าน Issues ที่ SonarQube พบ เรียนรู้ปรับปรุง
- Certifications: สอบ Cert ตาม Career Track CKA AWS SAA
- Portfolio: GitHub Profile มีโปรเจคที่ผ่าน Quality Gate
การนำความรู้ไปประยุกต์ใช้งานจริง
แหล่งเรียนรู้ที่แนะนำ ได้แก่ Official Documentation ที่อัพเดทล่าสุดเสมอ Online Course จาก Coursera Udemy edX ช่อง YouTube คุณภาพทั้งไทยและอังกฤษ และ Community อย่าง Discord Reddit Stack Overflow ที่ช่วยแลกเปลี่ยนประสบการณ์กับนักพัฒนาทั่วโลก
SonarQube คืออะไร
Static Code Analysis วิเคราะห์คุณภาพโค้ดอัตโนมัติ Bugs Vulnerabilities Code Smells Duplications 30+ ภาษา Quality Gates CI/CD Pipeline
SonarQube ช่วยพัฒนาอาชีพ IT อย่างไร
Code Quality Best Practices เรียนรู้จาก Issues ปรับปรุงโค้ด Portfolio Security Vulnerabilities จุดเด่นสัมภาษณ์งาน Clean Code Design Patterns
Quality Gate คืออะไร
เกณฑ์โค้ดผ่านมาตรฐาน Coverage > 80% Duplications < 3% Bugs = 0 Vulnerabilities = 0 ไม่ผ่าน CI/CD Fail ไม่ Deploy Production
Career Path ใน IT มีอะไรบ้าง
Software Developer Senior Tech Lead Architect DevOps SRE Platform Engineer QA Test Architect Data ML Engineer Security Architect CISO พัฒนาทักษะเฉพาะ
สรุป
SonarQube Static Code Analysis Bugs Vulnerabilities Code Smells Quality Gates CI/CD Career Development Clean Code Testing Security Portfolio Certifications CKA AWS Interview Preparation System Design
