Static Code Analysis with Sonar Qube for Maven and Gradle Projects.

1. Static Code Analysis
with SonarQube
hayi.nkm - Software Engineer in Test

2. “All code is guilty, until proven
innocent.”– Anonymous

3. Static Analysis
Static analysis or also known as Static Code Analysis is a
process to analyze the source code of a software without
running the software itself. Static Analysis are generally used
by developers as part of the development and component
testing process.

4. Benefits...
Detecting the possible bugs on your code (crash, memory leak, stack
overflow, buffer overflow, etc),
Find any vulnerabilities in the corner of your applications (clumsy developer
miss),
Finding possible wrong logic and any bad practice on your project,
Finding areas of the code that may need more testing or deeper review,

5. Benefits… (cont)
Finding duplicate code which is could be moved into
another methods to reduce code complexity,
Identifying design issues such as Cyclomatic Complexity
and helping reduce the code complexity improve
maintainability,
Identifying potential software quality issues before the
code moves to production.

6. Sonar Qube

7. Architecture...
img src: http://tech.gaeatimes.com

8. Setting up SQ Server. (Mac)
$ brew install sonar

9. Setting up SQ Server. (Linux)
# download SonarQube
$ wget http://dist.sonar.codehaus.org/sonarqube-5.X.zip
# Unzip and move file into /opt/
$ unzip sonarqube-5.X.zip
$ mv sonarqube-5.X /opt/sonar

10. Setting up Databases (MySQL)
$ mysql -u root -p
CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'sonar' IDENTIFIED BY 'sonar';
GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar';
GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar';
FLUSH PRIVILEGES;

11. Connect SQ to Databases
Open /opt/sonar/conf/sonar.properties
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&c
haracterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=max
Performance

12. Setting up web server.
Open /opt/sonar/conf/sonar.properties
sonar.web.host=127.0.0.1
sonar.web.context=/sonar
sonar.web.port=9000

13. Starting sonar...
$ sonar start
Or
$ sudo sonar start

14. Analyzing
Maven Projects
Gradle Projects

15. Maven

16. Setting up Maven.
Edit the settings.xml file, located in $MAVEN_HOME/conf or ~/.m2
<settings>
<pluginGroups><pluginGroup>org.sonarsource.scanner.maven</pluginGroup></pluginGroups>
<profiles>
<profile>
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<!-- Optional URL to server. Default value is http://localhost:9000 -->
<sonar.host.url>http://myserver:9000</sonar.host.url>
</properties>
</profile>
</profiles>
</settings>

17. Analyzing Maven Projects
$ mvn clean verify sonar:sonar
## In some cases:
$ mvn clean install
$ mvn sonar:sonar

18. Gradle

19. Setting up Gradle Projects
Add this line into build.gradle
plugins { id "org.sonarqube" version "1.2" }
apply plugin: "org.sonarqube"
sonarqube {
properties {
property "sonar.host.url", "http://myserver:9000"
property "sonar.sourceEncoding", "UTF-8"
property "sonar.language", "java"
property "sonar.profile", "Android Lint"
property "sonar.projectKey","PROJECT-KEY"
property "sonar.projectName","PROJECT_NAME"
property "sonar.projectVersion","VERSION"
property "sonar.java.source", "1.7"
property "sonar.sources", "./"
}
}

20. Analyzing Gradle Project
$ ./gradlew clean check sonarqube

21. Sample Reports

22. Sample Reports.

23. Thank you….
Image credits:
www.sonarqube.org
http://tech.gaeatimes.com