SonarQube


Outline

We will look at requirements and prerequisites for SonarQube

  • What is code quality ?
  • What is SonarQube?
  • Why SonarQube?
  • How Sonarqube works ?
  • Sonar Structure & CI
  • Sonarqube Features
  • Cyclomatic Complexity
  • Installation of SonarQube

Audience

This tutorial is designed for beginners who have little or no experience about SonarQube. At the end of this tutorial, you will have information about SonarQube.

Prerequisites

  • SonarQube
  • Java JDK
  • You can also check prerequisites here

What is Code Quality ?
I watched a presentation of Patroklos Papapetrou and I liked his description of code quality. He says that “Code quality is an indicator about how quickly developers can add business value to software system”

code_quality_2016-01-26_15-32-19

Software quality characteristics: ISO/IEC 9126
In order to evaluate software, it is necessary to select relevant quality characteristics. ISO/IEC 9126 defines a quality model which is applicable to every kind of software. It defines six product quality characteristics.

iso9126_1_modelo_calidad_thumb[fusion_builder_container hundred_percent=

What is SonarQube ?
Sonar is an open source software quality platform. SonarQube saves the calculated measures in a database and showcases them in a rich web-based dashboard. Provides trends and leading indicators.

How Sonar Works ?
Sonar uses various static & dynamic code analysis tools such as Checkstyle, PMD, FindBugs , FxCop , Gendarme and many more to extract software metrics, which then can be used to improve software quality. Provides lots of plugins.

Sonar Structure: 

sonar_structure_2016-01-26_21-32-53

Sonar CI: 

sonar_CI_2016-01-26_21-33-42

SonarQube Features:  

  • Supports languages: Java, C/C++, Objective-C, C#, PHP, Flex, Groovy, JavaScript, Python, PL/SQL, COBOL, etc. (note that some of them are commercial)
  • Can also be used in Android development.
  • Offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, potential bugs,comments and design and architecture.
  • Records metrics history and provides evolution graphs (“time machine”) and differential views.
  • Provides fully automated analyses: integrates with Maven, Ant, Gradle and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).
  • Integrates with the Eclipse development environment
  • Integrates with external tools: JIRA, Mantis, LDAP, Fortify, etc.
  • Is expandable with the use of plugins.
  • Implements the SQALE methodology to compute technical debt. (wiki)

What is static code analysis ?
Computer code that is performed without actually executing programs.  Source code will be checked for compliance with a predefined set of rules or best practices set by the organization.

Visual Studio has a built-in tool or this you can follow this:  In Solution Explorer, right-click the project, and then click Properties.

code_analyze_2016-01-27_22-03-05

We can configure the rules or analyze

static_analyze_2016-01-27_22-01-18

Technical debt is caused by the 7 deadly sins of the developer:

  1. Duplications: SonarQube has a copy/paste detection engine for to find duplications
  2. Bad distribution of complexity: Cyclomatic complexity [wiki] (or McCabe metric)
  3. Spaghetti Design
  4. Lack of unit tests
  5. No coding standards
  6. Potential bugs
  7. Not enough or too many comments or incorrect comments

Cyclomatic Complexity was introduced by Thomas J. McCabe, and is the most popular and widely accepted method of measuring code complexity. The metric defines a formula to calculate the complexity of code by taking into account all the possible independent paths that program flow could follow.
The complexity M is then defined as

M = EN + 2P

where

E = the number of edges of the graph.
N = the number of nodes of the graph.
P = the number of connected components.

Installing SonarQube

Download SonarQube 5.3 (latest version) and MSBuild SonarQube Runner  from the SonarQube from here

2015-10-02_17-11-42

We also need Java so you can visit and download from here

2015-10-02_17-15-36

Right-click on sonarqube-5.3.zip, select Properties and then click on the Unblock button.

Unzip SonarQube-x.x.zip on to a folder, for example use C:\SonarQube\SonarQube-5.3

You should see the files inside extracted folder.

2015-10-02_17-29-47

Execute c:\sonar-5.3\bin\windows-x86-64\StartSonar.bat file using command-line.The expected output should look like

sonar_is_up_2016-01-25_17-48-58

Tip: Can’t load AMD 64-bit .dll on a IA 32-bit platform

 Error message says you need to install 64 bit java

Database
I use MySQL as the database. It needs to create a new schema and a sonar user and I give the user permissions to create, update and delete objects in the schema.

sonar_db2016-01-25_17-54-37

Troubleshooting: for log checking  log files located under  sonarqube/logs 

sonar_logs_2016-01-24_22-48-42

You can login using default user / password = admin / admin

sonar_2016-01-20_14-21-10

sonar_default_rule_2016-01-20_14-22-55

Plugin installation : Update Center (Settings | System | Update Center), and installed the SonarQube C# Plug-in.

sonar_update_center2016-01-20_14-51-37

Now we need to install MS Build QubeRunner, you can download here. First need to be unblocked it.

 unblock

Now we need some modifications on SonarQube.Analysis.xml  file.

sonar.jdbc.url
sonar.jdbc.username
sonar.jdbc.password

sosnarqube_analysis

Thanks.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

javafx

Database Operations in JavaFX

By Onur Baskirt / Apr 1, 2016 / 56 Comments
Before started this section, please check the first article and learn How to Start JAVAFX! http://www.swtestacademy.com/getting-started-with-javafx/ At first, part of JavaFX tutorial series, we created a sample JavaFX project, designed the draft version of the UI and set up an...
rest assured

REST API Testing with Rest Assured

By Onur Baskirt / Mar 8, 2016 / 32 Comments
Outline In this post, I will explain what is API and API testing, what is the difference between SOAP and REST services, and how to test REST APIs with Rest Assured Library. What is API? API stands for Application Programming...
extentreports

How to Write Effective CSS Locators

By Onur Baskirt / Oct 1, 2017 / 0 Comments
Hi all, in this tutorial, I will describe you how to write effective CSS locators to interrogate web elements for your automation projects. As a rule of thumb, your interrogation strategy should be in below order: First try to use...
extentreports

Selenium-11: Execute JavaScript with JavascriptExecutor

By Onur Baskirt / Jan 27, 2016 / 15 Comments
Outline Sometimes we cannot handle some conditions or problems with Webdriver, web controls don't react well against selenium commands. In this kind of situations, we use Javascript. It is useful for custom synchronizations, hide or show the web elements, change...
javafx

Getting Started with JavaFX

By Onur Baskirt / Mar 25, 2016 / 0 Comments
When I started to work in my current position, one of my task is to do manual operations for campaign products  every week. After the second week, I thought that I have to automate this task using a GUI based...
extentreports

How to Write Smart XPath Locators

By Onur Baskirt / Sep 24, 2017 / 4 Comments
Hi all, in this tutorial, I will describe you how to write smart and non-brittle XPath locators. When we write our test scripts, we generally prefer to use id, name, class, etc. these kinds of locators. However, sometimes we could not...
extentreports

Selenium-1: Quick Start to Automation with Selenium WebDriver & JAVA & JUnit & Maven & IntelliJ

By Onur Baskirt / Sep 8, 2015 / 26 Comments
Outline Selenium Webdriver is the most popular open source web test automation framework across wide range of browsers and platforms. In this tutorial you will learn how to do web test automation with Selenium Webdriver and the related tools. Audience...
page object model

Page Object Model with C#

By Ege Aksoz / Jun 18, 2017 / 8 Comments
In the previous tutorial, we’ve taken the initial steps and entered the world of automated testing. We also wrote our first automated test. From this point on, since we are not just going to write one test, we need to...
extentreports

How to Select a Date From DatePicker Using Selenium

By Onur Baskirt / Aug 13, 2016 / 6 Comments
When you need to automate a airway, hotel, or similar websites you need to deal with Datepickers and some times it is a little bit cumbersome to select a specific date on the Datepicker or calendar.  In this post, I...
extentreports

Selenium Webdriver Performance testing with Jmeter and Selenium Grid

By Ozgur Kaya / Aug 9, 2016 / 2 Comments
In this post, we will complete Selenium Webdriver Performance testing scenario using Jmeter and Selenium Grid. 1- Install Java 7 or later If necessary https://java.com/tr/download/ 2- Download latest Jmeter version 3.0 or higher. http://jmeter.apache.org/download_jmeter.cgi 3- Download Jmeter PluginsManager JAR file and...
By | 2017-01-13T21:33:43+00:00 January 28th, 2016|Continuous Integration, SonarQube|1 Comment

About the Author:

Onur Yazir
Onur YAZIR is a Senior Software Testing & Deployment Engineer 7+ years of experience. He has worked at Huawei, Ericsson, Teknosa as Software Test Engineer. After that, he worked as DevOps Engineer at London-based fintech company EFT Software. Now, he is a DevOps Engineer at Gulf News Dubai Office. You can find detailed information about him on his linked-in page.

One Comment

  1. Manjunatha March 15, 2016 at 11:59 am - Reply

    Hi,
    can we use this for standalone app..and can you brief me about charterstics of sonar qube. what is the main diff b/w sonar and selenium?

Leave A Comment