SonarQube Tutorial Outline
We will look at requirements and prerequisites for SonarQube
- What is code quality ?
- What is SonarQube?
- Why SonarQube?
- How Sonarqube works ?
- Sonar Structure & CI
- Sonarqube Features
- Cyclomatic Complexity
- Installation of SonarQube
This tutorial is designed for beginners who have little or no experience about SonarQube. At the end of this tutorial, you will have information about SonarQube.
- Java JDK
- You can also check prerequisites here
What is Code Quality ?
I watched a presentation of Patroklos Papapetrou and I liked his description of code quality. He says that “Code quality is an indicator about how quickly developers can add business value to software system”
Software quality characteristics: ISO/IEC 9126
In order to evaluate software, it is necessary to select relevant quality characteristics. ISO/IEC 9126 defines a quality model which is applicable to every kind of software. It defines six product quality characteristics.
What is SonarQube ?
Sonar is an open source software quality platform. SonarQube saves the calculated measures in a database and showcases them in a rich web-based dashboard. Provides trends and leading indicators.
How Sonar Works ?
Sonar uses various static & dynamic code analysis tools such as Checkstyle, PMD, FindBugs , FxCop , Gendarme and many more to extract software metrics, which then can be used to improve software quality. Provides lots of plugins.
- Can also be used in Android development.
- Offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, potential bugs,comments and design and architecture.
- Records metrics history and provides evolution graphs (“time machine”) and differential views.
- Provides fully automated analyses: integrates with Maven, Ant, Gradle and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).
- Integrates with the Eclipse development environment
- Integrates with external tools: JIRA, Mantis, LDAP, Fortify, etc.
- Is expandable with the use of plugins.
- Implements the SQALE methodology to compute technical debt. (wiki)
What is static code analysis ?
Computer code that is performed without actually executing programs. Source code will be checked for compliance with a predefined set of rules or best practices set by the organization.
Visual Studio has a built-in tool or this you can follow this: In Solution Explorer, right-click the project, and then click Properties.
We can configure the rules or analyze
Technical debt is caused by the 7 deadly sins of the developer:
- Duplications: SonarQube has a copy/paste detection engine for to find duplications
- Bad distribution of complexity: Cyclomatic complexity [wiki] (or McCabe metric)
- Spaghetti Design
- Lack of unit tests
- No coding standards
- Potential bugs
- Not enough or too many comments or incorrect comments
Cyclomatic Complexity was introduced by Thomas J. McCabe, and is the most popular and widely accepted method of measuring code complexity. The metric defines a formula to calculate the complexity of code by taking into account all the possible independent paths that program flow could follow.
The complexity M is then defined as
- M = E − N + 2P
- E = the number of edges of the graph.
- N = the number of nodes of the graph.
- P = the number of connected components.
Download SonarQube 5.3 (latest version) and MSBuild SonarQube Runner from the SonarQube from here
We also need Java so you can visit and download from here
Right-click on sonarqube-5.3.zip, select Properties and then click on the Unblock button.
Unzip SonarQube-x.x.zip on to a folder, for example use C:\SonarQube\SonarQube-5.3
You should see the files inside extracted folder.
c:\sonar-5.3\bin\windows-x86-64\StartSonar.bat file using command-line.The expected output should look like
Tip: Can’t load AMD 64-bit .dll on a IA 32-bit platform
Error message says you need to install 64 bit java
I use MySQL as the database. It needs to create a new schema and a sonar user and I give the user permissions to create, update and delete objects in the schema.
Troubleshooting: for log checking log files located under sonarqube/logs
You can login using default user / password = admin / admin
Plugin installation : Update Center (Settings | System | Update Center), and installed the SonarQube C# Plug-in.
Now we need to install MS Build QubeRunner, you can download here. First need to be unblocked it.
Now we need some modifications on SonarQube.Analysis.xml file.