SonarQube tutorial and installation guide

In this post I will talk about SonarQube tool. I will describe installation and use in Java maven project.

I ) SonarQube Introduction

SonarQube is a tool created by sonarsource  for measuring quality of code, it support many programming languages. it’ s very helpful for the developer and team of developers.

SonarQube can generate for you a user-friendly and clear reports containing information that help  to correct , improve quality of code, like:

Duplicated code=> same code in many code parts that need to be factorized for better performance. Make your code modular: try to make each instructions block for a common feature in a separate class or  method  to be used by all other codes elements, and avoid duplicate same block of instruction in difference places. Doing so will improve performance, readability of code, and help you correct or improve the common part one time. 

-Coding standards=> code that does not respect the standard programming rules. Respecting programming standard rules is good for code visibility and performance. 

-Unit tests coverage=> bad unit test code coverage rate is not healthy. Having well covered code with unit test make recognising of regression bug very simple after any modification. 

-Code complexity=> very complicated code like nested loop is affecting performance. If you have complex feature try to split it throw many methods or function,  avoid make a lot of nested looping.

-Comments=> poor comment rate, will make your code incomprehensible (not easy to understand) for the others developers, and for you also after a while. Try at least to comment  the class and method headers as well as the code part with a high added value (important code).

-Risky parts of code=> Bug code, or code which can cause future bugs or security vulnerabilities, Try to have Zero Critical or Blocker issue, and reduce the Major and Minor issue.

NB: big Thanks to sonarsource team for this very helpful opensource tool.

II) Install SonarQube 7.4 on windows 7 machine.

  • Make sure that you have java installed in your machine : with cmd execute java -version. (if you want to install Java follow this post )
  • Download the SonarQube Community Edition from : https://www.sonarqube.org/downloads/ (download last version: we will use 7.4 in this post)
  • Unzip the directory in your desired path <your_local_path>\sonarqube-7.4
  • Open cmd and execute  StartSonar.bat located in <your_local_path>\sonarqube-7.4\bin\windows-x86-64 or <your_local_path>\sonarqube-7.4\bin\windows-x86-32  (Depending on your arch of machine x86 or x64, in my case I have x64 arch)
  • Try with any internet browser to confirm installation throw this url: http://localhost:9000
  • On your maven java project add new profile to existing profiles in the  pom.xml :

<profiles>
<profile>
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>

<properties>
<sonar.host.url>http://localhost:9000</sonar.host.url>
</properties>
</profile>
</profiles>

  • With maven you can build and generate sonar report using this command :

mvn clean install sonar:sonar

  • Then go to the url http://localhost:9000/projects you will find your project analyse report:

NB: You can see for example in my singleton project that all aspect are good except test coverage, so for learning purpose and to avoid make my samples in www.take4make.com very complicated with many test unit (Dont worry I will provide some of unit test to get an idea), I will disable test coverage aspect from sonar:

  • You need to login with admin/admin (user/password) it’s the default created user. go to Administration > Analysis Scope > Coverage Exclusions. enter the  pattern  **/*.* to exclude sources from coverage test.

 

  • Once you have save the exclusion you can use maven to make report again mvn sonar:sonar

You can see now that the result is good ! I like green color.

Leave a Reply

Your email address will not be published. Required fields are marked *