Outline

We will look at requirements and prerequisites for SonarQube

  • What is code quality ?
  • What is SonarQube?
  • Why SonarQube?
  • How Sonarqube works ?
  • Sonar Structure & CI
  • Sonarqube Features
  • Cyclomatic Complexity
  • Installation of SonarQube

Audience

This tutorial is designed for beginners who have little or no experience about SonarQube. At the end of this tutorial, you will have information about SonarQube.

Prerequisites

  • SonarQube
  • Java JDK
  • You can also check prerequisites here

What is Code Quality ?
I watched a presentation of Patroklos Papapetrou and I liked his description of code quality. He says that “Code quality is an indicator about how quickly developers can add business value to software system”

code_quality_2016-01-26_15-32-19

Software quality characteristics: ISO/IEC 9126
In order to evaluate software, it is necessary to select relevant quality characteristics. ISO/IEC 9126 defines a quality model which is applicable to every kind of software. It defines six product quality characteristics.

iso9126_1_modelo_calidad_thumb[fusion_builder_container hundred_percent=

What is SonarQube ?
Sonar is an open source software quality platform. SonarQube saves the calculated measures in a database and showcases them in a rich web-based dashboard. Provides trends and leading indicators.

How Sonar Works ?
Sonar uses various static & dynamic code analysis tools such as Checkstyle, PMD, FindBugs , FxCop , Gendarme and many more to extract software metrics, which then can be used to improve software quality. Provides lots of plugins.

Sonar Structure: 

sonar_structure_2016-01-26_21-32-53

Sonar CI: 

sonar_CI_2016-01-26_21-33-42

SonarQube Features:  

  • Supports languages: Java, C/C++, Objective-C, C#, PHP, Flex, Groovy, JavaScript, Python, PL/SQL, COBOL, etc. (note that some of them are commercial)
  • Can also be used in Android development.
  • Offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, potential bugs,comments and design and architecture.
  • Records metrics history and provides evolution graphs (“time machine”) and differential views.
  • Provides fully automated analyses: integrates with Maven, Ant, Gradle and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).
  • Integrates with the Eclipse development environment
  • Integrates with external tools: JIRA, Mantis, LDAP, Fortify, etc.
  • Is expandable with the use of plugins.
  • Implements the SQALE methodology to compute technical debt. (wiki)

What is static code analysis ?
Computer code that is performed without actually executing programs.  Source code will be checked for compliance with a predefined set of rules or best practices set by the organization.

Visual Studio has a built-in tool or this you can follow this:  In Solution Explorer, right-click the project, and then click Properties.

code_analyze_2016-01-27_22-03-05

We can configure the rules or analyze

static_analyze_2016-01-27_22-01-18

Technical debt is caused by the 7 deadly sins of the developer:

  1. Duplications: SonarQube has a copy/paste detection engine for to find duplications
  2. Bad distribution of complexity: Cyclomatic complexity [wiki] (or McCabe metric)
  3. Spaghetti Design
  4. Lack of unit tests
  5. No coding standards
  6. Potential bugs
  7. Not enough or too many comments or incorrect comments

Cyclomatic Complexity was introduced by Thomas J. McCabe, and is the most popular and widely accepted method of measuring code complexity. The metric defines a formula to calculate the complexity of code by taking into account all the possible independent paths that program flow could follow.
The complexity M is then defined as

M = EN + 2P

where

E = the number of edges of the graph.
N = the number of nodes of the graph.
P = the number of connected components.

Installing SonarQube

Download SonarQube 5.3 (latest version) and MSBuild SonarQube Runner  from the SonarQube from here

2015-10-02_17-11-42

We also need Java so you can visit and download from here

2015-10-02_17-15-36

Right-click on sonarqube-5.3.zip, select Properties and then click on the Unblock button.

Unzip SonarQube-x.x.zip on to a folder, for example use C:\SonarQube\SonarQube-5.3

You should see the files inside extracted folder.

2015-10-02_17-29-47

Execute c:\sonar-5.3\bin\windows-x86-64\StartSonar.bat file using command-line.The expected output should look like

sonar_is_up_2016-01-25_17-48-58

Tip: Can’t load AMD 64-bit .dll on a IA 32-bit platform

 Error message says you need to install 64 bit java

Database
I use MySQL as the database. It needs to create a new schema and a sonar user and I give the user permissions to create, update and delete objects in the schema.

sonar_db2016-01-25_17-54-37

Troubleshooting: for log checking  log files located under  sonarqube/logs 

sonar_logs_2016-01-24_22-48-42

You can login using default user / password = admin / admin

sonar_2016-01-20_14-21-10

sonar_default_rule_2016-01-20_14-22-55

Plugin installation : Update Center (Settings | System | Update Center), and installed the SonarQube C# Plug-in.

sonar_update_center2016-01-20_14-51-37

Now we need to install MS Build QubeRunner, you can download here. First need to be unblocked it.

 unblock

Now we need some modifications on SonarQube.Analysis.xml  file.

sonar.jdbc.url
sonar.jdbc.username
sonar.jdbc.password

sosnarqube_analysis

Thanks.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]