1. What is SonarQube mainly used for?
A. Deployment
B. Code quality analysis
C. Database management
D. UI design
Answer: B
2. What type of analysis does SonarQube perform?
A. Dynamic analysis
B. Static code analysis
C. Manual testing
D. Load testing
Answer: B
3. What is a “code smell”?
A. Syntax error
B. Security vulnerability
C. Maintainability issue
D. Runtime error
Answer: C
4. Which issue type affects security?
A. Bug
B. Code smell
C. Vulnerability
D. Comment
Answer: C
5. What does a “bug” represent?
A. Maintainability issue
B. Performance metric
C. Reliability issue
D. Styling problem
Answer: C
6. What is a Quality Gate?
A. Build tool
B. Pass/fail condition for code quality
C. Code editor
D. Test suite
Answer: B
7. What happens if a Quality Gate fails?
A. Code compiles faster
B. Deployment may be blocked
C. Code is deleted
D. Nothing happens
Answer: B
8. What is technical debt?
A. Financial cost
B. Time to fix issues
C. Server cost
D. Code size
Answer: B
9. What does coverage measure?
A. UI performance
B. Test coverage
C. Code duplication
D. Security level
Answer: B
10. What is duplication in SonarQube?
A. Code copied in multiple places
B. Database replication
C. Backup process
D. Code execution
Answer: A
11. What is a “Security Hotspot”?
A. Confirmed vulnerability
B. Needs manual review
C. Code smell
D. Bug
Answer: B
12. Which language is supported by SonarQube?
A. Java
B. Python
C. JavaScript
D. All of the above
Answer: D
13. What is a rule in SonarQube?
A. Coding guideline
B. Compiler setting
C. Database query
D. API endpoint
Answer: A
14. What is a Quality Profile?
A. User profile
B. Set of rules applied to code
C. Build configuration
D. Server config
Answer: B
15. What does severity indicate?
A. Code size
B. Issue importance
C. Execution speed
D. Number of files
Answer: B
16. Which severity is highest?
A. Minor
B. Major
C. Critical
D. Info
Answer: C
17. What is SonarScanner?
A. UI tool
B. Analysis tool
C. Database
D. Plugin
Answer: B
18. What is the SonarQube dashboard?
A. Database
B. Visual overview of metrics
C. Code editor
D. CLI tool
Answer: B
19. What is maintainability rating?
A. UI rating
B. Code quality score
C. Deployment status
D. Server health
Answer: B
20. What is reliability rating?
A. Security score
B. Bug-related score
C. UI score
D. Code duplication
Answer: B
21. What is security rating?
A. Based on vulnerabilities
B. Based on bugs
C. Based on UI
D. Based on duplication
Answer: A
22. What is a project in SonarQube?
A. Server
B. Collection of analyzed code
C. Database
D. Plugin
Answer: B
23. What is branch analysis?
A. Database branching
B. Analyze different code branches
C. UI testing
D. Deployment process
Answer: B
24. What is pull request analysis?
A. Code merge
B. Pre-merge quality check
C. Deployment
D. Testing framework
Answer: B
25. What is “new code” in SonarQube?
A. Recently written code
B. Old code
C. Deleted code
D. Tested code
Answer: A
26. What is “overall code”?
A. Only new code
B. Entire codebase
C. UI code
D. Backend code
Answer: B
27. What is cognitive complexity?
A. Memory usage
B. Code readability complexity
C. Execution speed
D. Server load
Answer: B
28. What is cyclomatic complexity?
A. UI complexity
B. Code path complexity
C. Database size
D. API count
Answer: B
29. What is a false positive?
A. Correct issue
B. Incorrectly flagged issue
C. Security issue
D. Bug
Answer: B
30. What is issue resolution?
A. Ignoring issue
B. Fixing or marking issue
C. Deleting code
D. Deploying code
Answer: B
31. What is tagging?
A. Adding labels to issues
B. Code execution
C. Deployment
D. Testing
Answer: A
32. What is a plugin?
A. Extension to add features
B. Database
C. Server
D. Code file
Answer: A
33. What is SonarLint?
A. IDE plugin
B. Server
C. Database
D. API
Answer: A
34. What is integration with CI/CD?
A. Manual testing
B. Automated analysis in pipeline
C. UI design
D. Code writing
Answer: B
35. What is Jenkins used for with SonarQube?
A. UI
B. CI/CD integration
C. Database
D. Code editing
Answer: B
36. What is analysis report?
A. UI design
B. Output of code scan
C. Database file
D. Deployment file
Answer: B
37. What is a metric?
A. Measurement
B. Error
C. UI
D. Plugin
Answer: A
38. What is LOC?
A. Lines of Code
B. Level of Code
C. List of Code
D. Logic of Code
Answer: A
39. What is “debt ratio”?
A. Financial ratio
B. Technical debt vs code size
C. Server cost
D. UI ratio
Answer: B
40. What is a hotspot review?
A. Automatic fix
B. Manual verification
C. Code deletion
D. Deployment
Answer: B
41. What is issue assignment?
A. Assign to developer
B. Delete issue
C. Ignore issue
D. Deploy issue
Answer: A
42. What is baseline?
A. Starting point for comparison
B. UI
C. Database
D. Plugin
Answer: A
43. What is leak period?
A. New code time period
B. Server downtime
C. Deployment window
D. Test period
Answer: A
44. What is rule severity “Blocker”?
A. Lowest
B. Medium
C. Highest
D. Optional
Answer: C
45. What is code annotation?
A. Comments or metadata
B. Deployment
C. Testing
D. UI design
Answer: A
46. What is analysis scope?
A. Files included in scan
B. UI scope
C. Database scope
D. API scope
Answer: A
47. What is exclusion?
A. Include files
B. Ignore files
C. Delete files
D. Test files
Answer: B
48. What is inclusion?
A. Ignore files
B. Add files
C. Delete files
D. Test files
Answer: B
49. What is authentication in SonarQube?
A. Login system
B. Code analysis
C. UI design
D. Deployment
Answer: A
50. What is authorization?
A. Login
B. Permission control
C. Code scan
D. Testing
Answer: B
Conclusion
Mastering the basics of SonarQube is an important step toward writing cleaner, safer, and more maintainable code. This quiz wasn’t just about testing what you know it’s a quick way to spot gaps in your understanding of key concepts like code smells, bugs, vulnerabilities, and quality gates.
If you scored well, it shows you have a solid foundation in static code analysis and modern code quality practices. If not, that’s actually useful it highlights exactly where you can improve. Either way, regularly using tools like SonarQube in your development workflow helps you catch issues early, reduce technical debt, and maintain higher standards across your projects.
Keep exploring deeper topics like custom rules, CI/CD integration, and security analysis. The more you practice, the more natural writing high-quality code will become.
👉 Ready for the next challenge? Try an advanced SonarQube quiz or apply these concepts to a real project and see the difference firsthand.
