This project demonstrates various types of software defects analyzed by SonarQube. It is built using React (Vite.js) and intentionally contains code smells, bugs, vulnerabilities, and other issues to simulate real-world scenarios.
The project is designed to cover the following defect categories:
- Code Smells: Examples of bad practices such as overly complex functions, duplicate code, and long methods.
- Bugs: Issues like array out-of-bounds access and null reference errors.
- Vulnerabilities: Security flaws like SQL injection and the use of
eval. - Code Duplication: Demonstrates repeated blocks of logic.
- Unused Code: Includes unused variables and functions.
- Technical Debt: Temporary solutions that increase technical debt.
- React (Vite.js): Frontend framework for building the project.
- SonarQube: Static code analysis tool for detecting defects.
- Jenkins: CI/CD pipeline to automate testing and SonarQube analysis.
project-root/
├── src/
│ ├── App.jsx # Main application entry point
│ ├── CodeSmells.jsx # Code smells examples
│ ├── Bugs.jsx # Bug examples
│ ├── Vulnerabilities.jsx # Security issues
│ ├── DuplicateCode.jsx # Duplicate code examples
│ ├── UnusedCode.jsx # Unused code examples
│ ├── TechnicalDebt.jsx # Technical debt simulation
├── public/
├── package.json # Project dependencies
├── Jenkinsfile # CI/CD pipeline configuration
└── README.md # Project documentation
- Node.js (v16 or later)
- npm (or yarn)
- A running instance of SonarQube (configured with a token)
- Jenkins for CI/CD pipeline
-
Clone the repository:
git clone <repository-url> cd demo-defects
-
Install dependencies:
npm install
-
Start the development server:
npm run dev
-
Access the app in your browser at
http://localhost:5173.
-
Ensure Jenkins is installed and configured with the following plugins:
- SonarQube Scanner
- Pipeline
-
Configure SonarQube in Jenkins:
- Add your SonarQube server URL and authentication token under
Manage Jenkins > Configure System > SonarQube Servers.
- Add your SonarQube server URL and authentication token under
-
Create a new pipeline job in Jenkins and link it to this repository.
-
Run the pipeline to analyze the code with SonarQube.
- Functions with too many parameters
- Duplicate logic in multiple places
- Long and overly complex methods
- Array out-of-bounds access
- Null reference errors
- SQL injection via user input
- Usage of
evalfor dynamic execution
- Variables and functions declared but never used
- Temporary fixes instead of proper solutions
- Example dashboard in SonarQube (after analysis):
This project is for educational purposes only and is licensed under the MIT License.
Contributions are welcome! Please open an issue or submit a pull request for any improvements or additional defects you wish to demonstrate.