SlideShare une entreprise Scribd logo

Java Source Code Analysis using SonarQube

Angelin R
Angelin R

Java Source Code Analysis using SonarQube

Technologie
1  sur  30
Télécharger pour lire hors ligne
@ardentlearner 1 CODE ANALYSIS USING SONARQUBE Author - ANGELIN
@ardentlearner 2 TABLE OF CONTENTS 1. INTRODUCTION....................................................................................................................................................4 1.1 SonarQube ...................................................................................................................................................4 1.2 SonarQube Features ....................................................................................................................................4 2. Environment setup to use SonarQube.................................................................................................................5 2.1 SonarQube Server and SonarQube Runner – Setup ....................................................................................5 2.2 SonarQube Server Setup Validation.............................................................................................................6 2.3 Environment Variables Setup.......................................................................................................................8 3. Analyzing a Non - Maven project.........................................................................................................................9 3.1 Setup Of Non - Maven Project For SonarQube Analysis ..............................................................................9 3.2 Generating and Viewing the SonarQube report ........................................................................................11 4. Analyzing a Maven project.................................................................................................................................12 4.1 Maven and Environment Setup .................................................................................................................12 Installing Maven.................................................................................................................................................12 Configuring Maven.............................................................................................................................................12 4.2 Setup Of Maven Project For SonarQube Analysis......................................................................................14 4.3 Generating and Viewing the SonarQube report ........................................................................................16 Run SonarQube analysis.....................................................................................................................................16 Viewing the SonarQube report ..........................................................................................................................16 5. Analyzing with SonarQube Ant Task ..................................................................................................................17 5.1 Installing and Configuring SonarQube Ant Task.........................................................................................17 Prerequisites ......................................................................................................................................................17 SonarQube Ant Task Installation........................................................................................................................17 5.2 Ant Build Script configuration ....................................................................................................................17 5.3 Generating and Viewing the SonarQube report ........................................................................................18 Run SonarQube analysis.....................................................................................................................................18 Viewing the SonarQube report ..........................................................................................................................19
@ardentlearner 3 6. Analysis using SonarQube Eclipse Plugin ...........................................................................................................19 6.1 Installing SonarQube Eclipse plugin ...........................................................................................................19 6.2 Configuring SonarQube Eclipse plugin .......................................................................................................23 6.3 Linking a Project to One Analyzed on a SonarQube Server .......................................................................24 6.4 Working with SonarQube in Eclipse...........................................................................................................26 Run SonarQube analysis.....................................................................................................................................26 Viewing Issues using SonarQube Views in Eclipse .............................................................................................26 7. References .........................................................................................................................................................30
@ardentlearner 4 1. INTRODUCTION This document contains all essential information required to install and configure SonarQube and execute SonarQube analysis in Maven and non-Maven projects. 1.1 SONARQUBE SonarQube™ software (previously known as “Sonar”) is an open source project for Continuous Inspection of code quality hosted at Codehaus. It is distributed under license LGPL v3. 1.2 SONARQUBE FEATURES SonarQube covers the 7 axes of code quality:  Architecture & Design  Comments  Coding rules  Potential Bugs  Duplications  Unit Tests  Complexity SonarQube can perform analysis on 25+ different languages. The outcome of this analysis will be quality measures and issues (instances where coding rules were broken). However, what gets analyzed will vary depending on the language:  On all languages, a static analysis of source code is performed (Java files, COBOL programs, etc.)  A static analysis of compiled code can be performed for certain languages (.CLASS files or jars in Java, .DLL files in C#, etc.)  A dynamic analysis of code can be performed on certain languages (execution of unit tests in Java, C#, etc.)
@ardentlearner 5  SonarQube is also used for Android Development.  SonarQube internally uses PMD, Findbugs, CheckStyle etc.  Integration of SonarQube with standard ALM components such as Maven, Ant, SVN, Git, Mercurial, JIRA, Mantis, Google Analytics, Piwik, Fortify etc. comes out of the box. 2. ENVIRONMENT SETUP TO USE SONARQUBE 2.1 SONARQUBE SERVER AND SONARQUBE RUNNER – SETUP  Java - Download and install latest version of Java if it is not already available.  SonarQube - Download latest version of SonarQube from http://www.SonarQube.org/downloads and unzip to desired location.  SonarQube Runner - Download latest version of SonarQube runner from http://docs.codehaus.org/display/SONAR/Installing+and+Configuring+Sonar+Runner and unzip to desired location. NOTE: SonarQube Runner is recommended as the default launcher to analyze a project with SonarQube.
@ardentlearner 6 2.2 SONARQUBE SERVER SETUP VALIDATION 1. Start the SonarQube server using the startup script available in SONAR_HOMEbin folder. NOTE: In SONAR_HOMEbin folder, subfolders appropriate to the Operating System will be available and they will in turn contain the SonarQube server startup scripts.
@ardentlearner 7 EXAMPLE: SONAR_HOMEbinwindows-x86-32StartSonar.bat 2. After the server starts, access the web interface of the SonarQube at http://localhost:9000/ Note:  For remote access, replace localhost with the address of the SonarQube server.  9000 is the default port and can be changed in SONAR_HOMEconfsonar.properties  Default credentials is admin/admin
@ardentlearner 8 2.3 ENVIRONMENT VARIABLES SETUP 1. Set a new environment variable as SONAR_RUNNER_HOME. And its value should be the unzipped path of sonar-runner zip file. Example, “C:Program Files (x86)sonar-runner-2.4” 2. Append Sonar Runner’s bin path (%SONAR_RUNNER_HOME%bin) to the environment variable “PATH”. 3. Update the global settings (database connection, server URL) by editing sonar-runner.properties file under Sonar Runner’s conf folder. <Sonar_runner_installed_directory>/conf/sonar-runner.properties
@ardentlearner 9 3. ANALYZING A NON - MAVEN PROJECT 3.1 SETUP OF NON - MAVEN PROJECT FOR SONARQUBE ANALYSIS A sonar-project.properties file has to be placed into the root of the project folder.
@ardentlearner 10 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 1. Prepare a similar file with content relevant to the Project to be analyzed. 2. Place the sonar-project.properties files into the root of the project folder.
@ardentlearner 11 3.2 GENERATING AND VIEWING THE SONARQUBE REPORT 1. Ensure that the steps in Section 2 above are executed and the SonarQube server is started. 2. Go to command line and change directory (cd) to the project’s root directory and run the command [path of sonar-runner]binsonar-runner.bat 3. Upon successful execution of the above command, check the SonarQube dashboard by opening SonarQube Server’s admin page at http://localhost:9000 (default URL). Default credentials – admin/admin. 4. The project will be listed on the dashboard with the name given in sonar-project.properties file. 5. Click on the project name and explore further to view the code analysis report. A sample report is shown below: Note: The above result is only from PMD and Checkstyle execution by SonarQube. To run code coverage as well as Findbug plugins, the binary path is needed in the sonar-project.properties file.
@ardentlearner 12 4. ANALYZING A MAVEN PROJECT 4.1 MAVEN AND ENVIRONMENT SETUP INSTALLING MAVEN Download and install Maven (with a version compatible with the SonarQube version installed) if not already installed. CONFIGURING MAVEN 1. Edit the settings.xml file located in $MAVEN_HOME/conf or ~/.m2, to set the database parameters to be used as well as the SonarQube server URL. Example: <settings> <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Example for MySQL--> <sonar.jdbc.url>
@ardentlearner 13 jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8 </sonar.jdbc.url> <sonar.jdbc.username>sonar</sonar.jdbc.username> <sonar.jdbc.password>sonar</sonar.jdbc.password> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url> http://localhost:9000 </sonar.host.url> </properties> </profile> </profiles> </settings> Note: The Maven plugin requires some additional configuration to establish a connection to the web platform, where it reports the results of the analysis – sonar.host.url and sonar.jdbc.url will help with that. Other properties, like sonar.analysis.mode, sonar.profile and sonar.dynamicAnalysis configure the plugin to gather certain statistics only. 2. Restart the SonarQube server.
@ardentlearner 14 4.2 SETUP OF MAVEN PROJECT FOR SONARQUBE ANALYSIS 1. Go to the Maven project and edit pom.xml file adding the SonarQube plugin for the Maven version (http://docs.codehaus.org/display/SONAR/Analyzing+with+Maven) Maven3 configuration: <build> <pluginManagement> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>2.0</version> </plugin> <plugins> </pluginManagement> </build> 2. A sonar-project.properties file has to be placed into the root of the project folder.
@ardentlearner 15 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 a) Prepare a similar file with content relevant to the Project to be analyzed. b) Place the sonar-project.properties files into the root of the project folder.
@ardentlearner 16 4.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS From the project root directory where the pom.xml file is also placed, execute the following command giving user/password credentials: mvn sonar:sonar Note: # The sonar:sonar goal must be executed in a dedicated mvn command mvn clean install mvn sonar:sonar # The following command may lead to unexpected issues mvn clean install sonar:sonar VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report.
@ardentlearner 17 5. ANALYZING WITH SONARQUBE ANT TASK 5.1 INSTALLING AND CONFIGURING SONARQUBE ANT TASK The SonarQube Ant Task allows integration of SonarQube analysis into an Apache Ant build script. PREREQUISITES  Ant 1.7.1 or higher  Java 1.6 or higher SONARQUBE ANT TASK INSTALLATION Download the SonarQube Ant Task on your machine. Download Path: http://repository.codehaus.org/org/codehaus/sonar-plugins/sonar-ant-task/2.1/sonar-ant-task-2.1.jar 5.2 ANT BUILD SCRIPT CONFIGURATION Define a new sonar Ant target in your Ant build script: build.xml <project name="My Project" default="all" basedir="." xmlns:sonar="antlib:org.sonar.ant"> ... <!-- Define the SonarQube global properties (the most usual way is to pass these properties via the command line) --> <property name="sonar.jdbc.url" value="jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8" /> <property name="sonar.jdbc.username" value="sonar" /> <property name="sonar.jdbc.password" value="sonar" /> ... <!-- Define the SonarQube project properties -->
@ardentlearner 18 <property name="sonar.projectKey" value="org.codehaus.sonar:example-java-ant" /> <property name="sonar.projectName" value="Simple Java Project analyzed with the SonarQube Ant Task" /> <property name="sonar.projectVersion" value="1.0" /> <property name="sonar.language" value="java" /> <property name="sonar.sources" value="src" /> <property name="sonar.binaries" value="build/*.jar" /> ... <!-- Define the SonarQube target --> <target name="sonar"> <taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml"> <!-- Update the following line, or put the "sonar-ant-task-*.jar" file in your "$HOME/.ant/lib" folder --> <classpath path="path/to/sonar/ant/task/lib/sonar-ant-task-*.jar" /> </taskdef> <!-- Execute the SonarQube analysis --> <sonar:sonar /> </target> ... 5.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS Run the following command from the project base directory to launch the analysis: ant sonar
@ardentlearner 19 VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report. 6. ANALYSIS USING SONARQUBE ECLIPSE PLUGIN The SonarQube Eclipse Plugin provides a comprehensive integration of SonarQube in Eclipse for Java, C/C++ and Python projects. 6.1 INSTALLING SONARQUBE ECLIPSE PLUGIN  If a previous version of SonarQube Eclipse plugin is already installed, you can update it. Go to Help > Check for Updates.  To install SonarQube Eclipse plugin in Eclipse IDE: 1. Go to Help > Eclipse Marketplace... and search for "SonarQube"
@ardentlearner 20 This should display the list of available plugins and components:
@ardentlearner 21 Or Go to Help > Install New Software... This should display the Install dialog box. Paste the Update Site URL (http://dist.sonar-ide.codehaus.org/eclipse/ the latest version or http://dist.sonar-ide.codehaus.org/eclipse-archives/ for previous ones) into the field Work with and press Enter. This should display the list of available plugins and components:
@ardentlearner 22 1. Check the SonarQube components to install. 2. Click Next. Eclipse will then check to see if there is any issue which would prevent a successful installation. 3. Click Finish to begin the installation process. Eclipse will then download and install the necessary components. 4. Once the installation process is finished, Eclipse will ask if you want to restart the IDE. It is strongly recommended that you restart the IDE.
@ardentlearner 23 6.2 CONFIGURING SONARQUBE ECLIPSE PLUGIN  A project should have been already created and configured with SonarQube server in order to start analyzing it with SonarQube in Eclipse.  The SonarQube server connection should be established before attempting to run the analysis. This can be ensured by testing the Server connection in Eclipse through the menu option: Windows > Preferences > SonarQube > Servers. Default server is http://localhost:9000/
@ardentlearner 24 If the test does not return the message “Successfully connected!”, then start the SonarQube server and retest the connection using the same steps. 6.3 LINKING A PROJECT TO ONE ANALYZED ON A SONARQUBE SERVER LINKING FOR THE FIRST TIME Once the SonarQube server is defined, the next step is to link your Eclipse project with a project defined on this SonarQube server. To do so, right-click on the project in the Project Explorer, and then choose the option Configure > Associate with SonarQube
@ardentlearner 25 A dialog appears with the SonarQube project text field. Start typing the name of the project in the text field against SonarQube project column and select it in the list box: Click on Finish. Now the project is associated to the one analyzed on the SonarQube server and the SonarQube reports can be viewed within eclipse. Note: Automatic association for Maven projects For Maven projects, the association is performed automatically.
@ardentlearner 26 6.4 WORKING WITH SONARQUBE IN ECLIPSE RUN SONARQUBE ANALYSIS To run a new analysis, right click on the project and go to SonarQube > Analyze. Note: You can also hit Ctrl+Alt+Q wherever you are in your project to trigger a new analysis. VIEWING ISSUES USING SONARQUBE VIEWS IN ECLIPSE Four different views are available in Eclipse to browse the quality of the projects:  SonarQube Issues that list the issues on the selected component  SonarQube Issue Editor to review the issue
@ardentlearner 27  SonarQube Rule Description to get the detailed description of the rule that is violated  SonarQube Web Browser SONARQUBE ISSUES The SonarQube Issues view displays the list of issues of the selected component (project, module, file, etc.). To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issues. Problems and Markers views also display issues. Issues are flagged in the source code viewer. New issues (compared to the latest version on the SonarQube server) are highlighted in yellow. This allows you to focus on the new issues that you have introduced.
@ardentlearner 28 You can add/remove/order columns, group issues (by severity, new issues only, ...), filter issues (new issues only, issues assigned to me, ...), sort (by assignee, ...). Note: "Resolved" issues are not displayed. SONARQUBE ISSUE EDITOR This view allows you to review the selected issue (add comments, confirm it, plan it, etc.) the same way you would do it through the web interface. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issue Editor.
@ardentlearner 29 Note: It is not possible to review new issue that you have introduced. SONARQUBE RULE DESCRIPTION This view allows you to access the detailed description of the coding rule of the selected issue. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Rule Description. SONARQUBE WEB BROWSER This view allows you to access the SonarQube web interface. This view is automatically displayed when clicking on SonarQube > Open in SonarQube server. It can also be displayed by going to Window > Show View > Other... > SonarQube > SonarQube Web Browser.
@ardentlearner 30 7. REFERENCES 1. Compatibility matrix showing the versions compatible between SonarQube, SonarQube Ant Task, SonarQube Runner and Maven at : http://docs.codehaus.org/display/SONAR/Analyzing+Source+Code#AnalyzingSourceCode- CompatibilityMatrix 2. http://docs.codehaus.org/display/SONAR/Working+with+SonarQube+in+Eclipse

Recommandé

Sonarqube
SonarqubeSonarqube
Sonarqube
Kalkey
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps Engineer
Manu Pk
 
Sonarqube
SonarqubeSonarqube
Sonarqube
Peerapat Asoktummarungsri
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube Overview
Ahmed M. Gomaa
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ?
Geeks Anonymes
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code Quality
Larry Nung
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code Inspection
Michael Jesse
 

Recommandé

Sonarqube
SonarqubeSonarqube
Sonarqube
Kalkey
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps Engineer
Manu Pk
 
Sonarqube
SonarqubeSonarqube
Sonarqube
Peerapat Asoktummarungsri
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube Overview
Ahmed M. Gomaa
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ?
Geeks Anonymes
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code Quality
Larry Nung
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code Inspection
Michael Jesse
 
SonarQube
SonarQubeSonarQube
SonarQube
Gnanaseelan Jeb
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Nexus FrontierTech
 
Sonar qube
Sonar qubeSonar qube
Sonar qube
penetration Tester
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning Talk
Jonathan Gregory
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQube
Dmytro Patserkovskyi
 
SonarQube Presentation.pptx
SonarQube Presentation.pptxSonarQube Presentation.pptx
SonarQube Presentation.pptx
Satwik Bhupathi Raju
 
Managing code quality with SonarQube
Managing code quality with SonarQubeManaging code quality with SonarQube
Managing code quality with SonarQube
Radu Vunvulea
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQube
Patroklos Papapetrou (Pat)
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysis
Prashant Gupta
 
Jenkins with SonarQube
Jenkins with SonarQubeJenkins with SonarQube
Jenkins with SonarQube
Somkiat Puisungnoen
 
Sonar Review
Sonar ReviewSonar Review
Sonar Review
Kate Semizhon
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short version
Dmytro Patserkovskyi
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qube
Hayi Nukman
 
Sonar Overview
Sonar OverviewSonar Overview
Sonar Overview
Samuel Langlois
 
Sonarqube
SonarqubeSonarqube
Sonarqube
CDS
 
Sonarlint
SonarlintSonarlint
Sonarlint
penetration Tester
 
Code Quality
Code QualityCode Quality
Code Quality
François Camus
 
Sonar
SonarSonar
Sonar
Peerapat Asoktummarungsri
 
Sonar Metrics
Sonar MetricsSonar Metrics
Sonar Metrics
Keheliya Gallaba
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
DevOps.com
 
Java convention
Java conventionJava convention
Java convention
Tan Tran
 
Subversion howto
Subversion howtoSubversion howto
Subversion howto
Chandra Shekar Goud Panugulla
 

Contenu connexe

Tendances

Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
DevOps.com
 

Tendances (20)

SonarQube
SonarQubeSonarQube
SonarQube
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
 
Sonar qube
Sonar qubeSonar qube
Sonar qube
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning Talk
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQube
 
SonarQube Presentation.pptx
SonarQube Presentation.pptxSonarQube Presentation.pptx
SonarQube Presentation.pptx
 
Managing code quality with SonarQube
Managing code quality with SonarQubeManaging code quality with SonarQube
Managing code quality with SonarQube
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQube
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysis
 
Jenkins with SonarQube
Jenkins with SonarQubeJenkins with SonarQube
Jenkins with SonarQube
 
Sonar Review
Sonar ReviewSonar Review
Sonar Review
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short version
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qube
 
Sonar Overview
Sonar OverviewSonar Overview
Sonar Overview
 
Sonarqube
SonarqubeSonarqube
Sonarqube
 
Sonarlint
SonarlintSonarlint
Sonarlint
 
Code Quality
Code QualityCode Quality
Code Quality
 
Sonar
SonarSonar
Sonar
 
Sonar Metrics
Sonar MetricsSonar Metrics
Sonar Metrics
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
 

Similaire à Java Source Code Analysis using SonarQube

Java convention
Java conventionJava convention
Java convention
Tan Tran
 
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_ReportAnomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Ciaran McDonald
 
Linux_kernelmodule
Linux_kernelmodule Linux_kernelmodule
Linux_kernelmodule
sudhir1223
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nagios
 

Similaire à Java Source Code Analysis using SonarQube (20)

Java convention
Java conventionJava convention
Java convention
 
Subversion howto
Subversion howtoSubversion howto
Subversion howto
 
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
 
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_ReportAnomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
 
installation_manual
installation_manualinstallation_manual
installation_manual
 
installation_manual
installation_manualinstallation_manual
installation_manual
 
Linux_kernelmodule
Linux_kernelmodule Linux_kernelmodule
Linux_kernelmodule
 
Oracle ebs-r12-1-3installationlinux64bit
Oracle ebs-r12-1-3installationlinux64bitOracle ebs-r12-1-3installationlinux64bit
Oracle ebs-r12-1-3installationlinux64bit
 
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianOracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
 
Sonar qube configuration
Sonar qube configurationSonar qube configuration
Sonar qube configuration
 
Coding guideline
Coding guidelineCoding guideline
Coding guideline
 
Maven.pptx
Maven.pptxMaven.pptx
Maven.pptx
 
Sonar
SonarSonar
Sonar
 
ROS ROS
ROS ROSROS ROS
ROS ROS
 
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
 
20091112 - Mars Jug - Apache Maven
20091112 - Mars Jug - Apache Maven20091112 - Mars Jug - Apache Maven
20091112 - Mars Jug - Apache Maven
 
Jenkins log monitoring with elk stack
Jenkins log monitoring with elk stackJenkins log monitoring with elk stack
Jenkins log monitoring with elk stack
 
textconfig
textconfigtextconfig
textconfig
 

Plus de Angelin R

Agile SCRUM Methodology
Agile SCRUM MethodologyAgile SCRUM Methodology
Agile SCRUM Methodology
Angelin R
 
Exception handling and logging best practices
Exception handling and logging best practicesException handling and logging best practices
Exception handling and logging best practices
Angelin R
 
Tamil Christian Worship Songs
Tamil Christian Worship SongsTamil Christian Worship Songs
Tamil Christian Worship Songs
Angelin R
 

Plus de Angelin R (17)

Comparison of Java Web Application Frameworks
Comparison of Java Web Application FrameworksComparison of Java Web Application Frameworks
Comparison of Java Web Application Frameworks
 
[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube
 
The principles of good programming
The principles of good programmingThe principles of good programming
The principles of good programming
 
Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)
 
A Slice of Me
A Slice of MeA Slice of Me
A Slice of Me
 
Team Leader - 30 Essential Traits
Team Leader - 30 Essential TraitsTeam Leader - 30 Essential Traits
Team Leader - 30 Essential Traits
 
Action Script
Action ScriptAction Script
Action Script
 
Agile SCRUM Methodology
Agile SCRUM MethodologyAgile SCRUM Methodology
Agile SCRUM Methodology
 
Exception handling and logging best practices
Exception handling and logging best practicesException handling and logging best practices
Exception handling and logging best practices
 
Tamil Christian Worship Songs
Tamil Christian Worship SongsTamil Christian Worship Songs
Tamil Christian Worship Songs
 
Flex MXML Programming
Flex MXML ProgrammingFlex MXML Programming
Flex MXML Programming
 
Introduction to Adobe Flex
Introduction to Adobe FlexIntroduction to Adobe Flex
Introduction to Adobe Flex
 
Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)
 
Restful Web Services
Restful Web ServicesRestful Web Services
Restful Web Services
 
Effective Team Work Model
Effective Team Work ModelEffective Team Work Model
Effective Team Work Model
 
Team Building Activities
Team Building ActivitiesTeam Building Activities
Team Building Activities
 
XStream
XStreamXStream
XStream
 

Dernier

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Dernier (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Java Source Code Analysis using SonarQube

  • 2. @ardentlearner 2 TABLE OF CONTENTS 1. INTRODUCTION....................................................................................................................................................4 1.1 SonarQube ...................................................................................................................................................4 1.2 SonarQube Features ....................................................................................................................................4 2. Environment setup to use SonarQube.................................................................................................................5 2.1 SonarQube Server and SonarQube Runner – Setup ....................................................................................5 2.2 SonarQube Server Setup Validation.............................................................................................................6 2.3 Environment Variables Setup.......................................................................................................................8 3. Analyzing a Non - Maven project.........................................................................................................................9 3.1 Setup Of Non - Maven Project For SonarQube Analysis ..............................................................................9 3.2 Generating and Viewing the SonarQube report ........................................................................................11 4. Analyzing a Maven project.................................................................................................................................12 4.1 Maven and Environment Setup .................................................................................................................12 Installing Maven.................................................................................................................................................12 Configuring Maven.............................................................................................................................................12 4.2 Setup Of Maven Project For SonarQube Analysis......................................................................................14 4.3 Generating and Viewing the SonarQube report ........................................................................................16 Run SonarQube analysis.....................................................................................................................................16 Viewing the SonarQube report ..........................................................................................................................16 5. Analyzing with SonarQube Ant Task ..................................................................................................................17 5.1 Installing and Configuring SonarQube Ant Task.........................................................................................17 Prerequisites ......................................................................................................................................................17 SonarQube Ant Task Installation........................................................................................................................17 5.2 Ant Build Script configuration ....................................................................................................................17 5.3 Generating and Viewing the SonarQube report ........................................................................................18 Run SonarQube analysis.....................................................................................................................................18 Viewing the SonarQube report ..........................................................................................................................19
  • 3. @ardentlearner 3 6. Analysis using SonarQube Eclipse Plugin ...........................................................................................................19 6.1 Installing SonarQube Eclipse plugin ...........................................................................................................19 6.2 Configuring SonarQube Eclipse plugin .......................................................................................................23 6.3 Linking a Project to One Analyzed on a SonarQube Server .......................................................................24 6.4 Working with SonarQube in Eclipse...........................................................................................................26 Run SonarQube analysis.....................................................................................................................................26 Viewing Issues using SonarQube Views in Eclipse .............................................................................................26 7. References .........................................................................................................................................................30
  • 4. @ardentlearner 4 1. INTRODUCTION This document contains all essential information required to install and configure SonarQube and execute SonarQube analysis in Maven and non-Maven projects. 1.1 SONARQUBE SonarQube™ software (previously known as “Sonar”) is an open source project for Continuous Inspection of code quality hosted at Codehaus. It is distributed under license LGPL v3. 1.2 SONARQUBE FEATURES SonarQube covers the 7 axes of code quality:  Architecture & Design  Comments  Coding rules  Potential Bugs  Duplications  Unit Tests  Complexity SonarQube can perform analysis on 25+ different languages. The outcome of this analysis will be quality measures and issues (instances where coding rules were broken). However, what gets analyzed will vary depending on the language:  On all languages, a static analysis of source code is performed (Java files, COBOL programs, etc.)  A static analysis of compiled code can be performed for certain languages (.CLASS files or jars in Java, .DLL files in C#, etc.)  A dynamic analysis of code can be performed on certain languages (execution of unit tests in Java, C#, etc.)
  • 5. @ardentlearner 5  SonarQube is also used for Android Development.  SonarQube internally uses PMD, Findbugs, CheckStyle etc.  Integration of SonarQube with standard ALM components such as Maven, Ant, SVN, Git, Mercurial, JIRA, Mantis, Google Analytics, Piwik, Fortify etc. comes out of the box. 2. ENVIRONMENT SETUP TO USE SONARQUBE 2.1 SONARQUBE SERVER AND SONARQUBE RUNNER – SETUP  Java - Download and install latest version of Java if it is not already available.  SonarQube - Download latest version of SonarQube from http://www.SonarQube.org/downloads and unzip to desired location.  SonarQube Runner - Download latest version of SonarQube runner from http://docs.codehaus.org/display/SONAR/Installing+and+Configuring+Sonar+Runner and unzip to desired location. NOTE: SonarQube Runner is recommended as the default launcher to analyze a project with SonarQube.
  • 6. @ardentlearner 6 2.2 SONARQUBE SERVER SETUP VALIDATION 1. Start the SonarQube server using the startup script available in SONAR_HOMEbin folder. NOTE: In SONAR_HOMEbin folder, subfolders appropriate to the Operating System will be available and they will in turn contain the SonarQube server startup scripts.
  • 7. @ardentlearner 7 EXAMPLE: SONAR_HOMEbinwindows-x86-32StartSonar.bat 2. After the server starts, access the web interface of the SonarQube at http://localhost:9000/ Note:  For remote access, replace localhost with the address of the SonarQube server.  9000 is the default port and can be changed in SONAR_HOMEconfsonar.properties  Default credentials is admin/admin
  • 8. @ardentlearner 8 2.3 ENVIRONMENT VARIABLES SETUP 1. Set a new environment variable as SONAR_RUNNER_HOME. And its value should be the unzipped path of sonar-runner zip file. Example, “C:Program Files (x86)sonar-runner-2.4” 2. Append Sonar Runner’s bin path (%SONAR_RUNNER_HOME%bin) to the environment variable “PATH”. 3. Update the global settings (database connection, server URL) by editing sonar-runner.properties file under Sonar Runner’s conf folder. <Sonar_runner_installed_directory>/conf/sonar-runner.properties
  • 9. @ardentlearner 9 3. ANALYZING A NON - MAVEN PROJECT 3.1 SETUP OF NON - MAVEN PROJECT FOR SONARQUBE ANALYSIS A sonar-project.properties file has to be placed into the root of the project folder.
  • 10. @ardentlearner 10 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 1. Prepare a similar file with content relevant to the Project to be analyzed. 2. Place the sonar-project.properties files into the root of the project folder.
  • 11. @ardentlearner 11 3.2 GENERATING AND VIEWING THE SONARQUBE REPORT 1. Ensure that the steps in Section 2 above are executed and the SonarQube server is started. 2. Go to command line and change directory (cd) to the project’s root directory and run the command [path of sonar-runner]binsonar-runner.bat 3. Upon successful execution of the above command, check the SonarQube dashboard by opening SonarQube Server’s admin page at http://localhost:9000 (default URL). Default credentials – admin/admin. 4. The project will be listed on the dashboard with the name given in sonar-project.properties file. 5. Click on the project name and explore further to view the code analysis report. A sample report is shown below: Note: The above result is only from PMD and Checkstyle execution by SonarQube. To run code coverage as well as Findbug plugins, the binary path is needed in the sonar-project.properties file.
  • 12. @ardentlearner 12 4. ANALYZING A MAVEN PROJECT 4.1 MAVEN AND ENVIRONMENT SETUP INSTALLING MAVEN Download and install Maven (with a version compatible with the SonarQube version installed) if not already installed. CONFIGURING MAVEN 1. Edit the settings.xml file located in $MAVEN_HOME/conf or ~/.m2, to set the database parameters to be used as well as the SonarQube server URL. Example: <settings> <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Example for MySQL--> <sonar.jdbc.url>
  • 13. @ardentlearner 13 jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8 </sonar.jdbc.url> <sonar.jdbc.username>sonar</sonar.jdbc.username> <sonar.jdbc.password>sonar</sonar.jdbc.password> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url> http://localhost:9000 </sonar.host.url> </properties> </profile> </profiles> </settings> Note: The Maven plugin requires some additional configuration to establish a connection to the web platform, where it reports the results of the analysis – sonar.host.url and sonar.jdbc.url will help with that. Other properties, like sonar.analysis.mode, sonar.profile and sonar.dynamicAnalysis configure the plugin to gather certain statistics only. 2. Restart the SonarQube server.
  • 14. @ardentlearner 14 4.2 SETUP OF MAVEN PROJECT FOR SONARQUBE ANALYSIS 1. Go to the Maven project and edit pom.xml file adding the SonarQube plugin for the Maven version (http://docs.codehaus.org/display/SONAR/Analyzing+with+Maven) Maven3 configuration: <build> <pluginManagement> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>2.0</version> </plugin> <plugins> </pluginManagement> </build> 2. A sonar-project.properties file has to be placed into the root of the project folder.
  • 15. @ardentlearner 15 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 a) Prepare a similar file with content relevant to the Project to be analyzed. b) Place the sonar-project.properties files into the root of the project folder.
  • 16. @ardentlearner 16 4.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS From the project root directory where the pom.xml file is also placed, execute the following command giving user/password credentials: mvn sonar:sonar Note: # The sonar:sonar goal must be executed in a dedicated mvn command mvn clean install mvn sonar:sonar # The following command may lead to unexpected issues mvn clean install sonar:sonar VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report.
  • 17. @ardentlearner 17 5. ANALYZING WITH SONARQUBE ANT TASK 5.1 INSTALLING AND CONFIGURING SONARQUBE ANT TASK The SonarQube Ant Task allows integration of SonarQube analysis into an Apache Ant build script. PREREQUISITES  Ant 1.7.1 or higher  Java 1.6 or higher SONARQUBE ANT TASK INSTALLATION Download the SonarQube Ant Task on your machine. Download Path: http://repository.codehaus.org/org/codehaus/sonar-plugins/sonar-ant-task/2.1/sonar-ant-task-2.1.jar 5.2 ANT BUILD SCRIPT CONFIGURATION Define a new sonar Ant target in your Ant build script: build.xml <project name="My Project" default="all" basedir="." xmlns:sonar="antlib:org.sonar.ant"> ... <!-- Define the SonarQube global properties (the most usual way is to pass these properties via the command line) --> <property name="sonar.jdbc.url" value="jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8" /> <property name="sonar.jdbc.username" value="sonar" /> <property name="sonar.jdbc.password" value="sonar" /> ... <!-- Define the SonarQube project properties -->
  • 18. @ardentlearner 18 <property name="sonar.projectKey" value="org.codehaus.sonar:example-java-ant" /> <property name="sonar.projectName" value="Simple Java Project analyzed with the SonarQube Ant Task" /> <property name="sonar.projectVersion" value="1.0" /> <property name="sonar.language" value="java" /> <property name="sonar.sources" value="src" /> <property name="sonar.binaries" value="build/*.jar" /> ... <!-- Define the SonarQube target --> <target name="sonar"> <taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml"> <!-- Update the following line, or put the "sonar-ant-task-*.jar" file in your "$HOME/.ant/lib" folder --> <classpath path="path/to/sonar/ant/task/lib/sonar-ant-task-*.jar" /> </taskdef> <!-- Execute the SonarQube analysis --> <sonar:sonar /> </target> ... 5.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS Run the following command from the project base directory to launch the analysis: ant sonar
  • 19. @ardentlearner 19 VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report. 6. ANALYSIS USING SONARQUBE ECLIPSE PLUGIN The SonarQube Eclipse Plugin provides a comprehensive integration of SonarQube in Eclipse for Java, C/C++ and Python projects. 6.1 INSTALLING SONARQUBE ECLIPSE PLUGIN  If a previous version of SonarQube Eclipse plugin is already installed, you can update it. Go to Help > Check for Updates.  To install SonarQube Eclipse plugin in Eclipse IDE: 1. Go to Help > Eclipse Marketplace... and search for "SonarQube"
  • 20. @ardentlearner 20 This should display the list of available plugins and components:
  • 21. @ardentlearner 21 Or Go to Help > Install New Software... This should display the Install dialog box. Paste the Update Site URL (http://dist.sonar-ide.codehaus.org/eclipse/ the latest version or http://dist.sonar-ide.codehaus.org/eclipse-archives/ for previous ones) into the field Work with and press Enter. This should display the list of available plugins and components:
  • 22. @ardentlearner 22 1. Check the SonarQube components to install. 2. Click Next. Eclipse will then check to see if there is any issue which would prevent a successful installation. 3. Click Finish to begin the installation process. Eclipse will then download and install the necessary components. 4. Once the installation process is finished, Eclipse will ask if you want to restart the IDE. It is strongly recommended that you restart the IDE.
  • 23. @ardentlearner 23 6.2 CONFIGURING SONARQUBE ECLIPSE PLUGIN  A project should have been already created and configured with SonarQube server in order to start analyzing it with SonarQube in Eclipse.  The SonarQube server connection should be established before attempting to run the analysis. This can be ensured by testing the Server connection in Eclipse through the menu option: Windows > Preferences > SonarQube > Servers. Default server is http://localhost:9000/
  • 24. @ardentlearner 24 If the test does not return the message “Successfully connected!”, then start the SonarQube server and retest the connection using the same steps. 6.3 LINKING A PROJECT TO ONE ANALYZED ON A SONARQUBE SERVER LINKING FOR THE FIRST TIME Once the SonarQube server is defined, the next step is to link your Eclipse project with a project defined on this SonarQube server. To do so, right-click on the project in the Project Explorer, and then choose the option Configure > Associate with SonarQube
  • 25. @ardentlearner 25 A dialog appears with the SonarQube project text field. Start typing the name of the project in the text field against SonarQube project column and select it in the list box: Click on Finish. Now the project is associated to the one analyzed on the SonarQube server and the SonarQube reports can be viewed within eclipse. Note: Automatic association for Maven projects For Maven projects, the association is performed automatically.
  • 26. @ardentlearner 26 6.4 WORKING WITH SONARQUBE IN ECLIPSE RUN SONARQUBE ANALYSIS To run a new analysis, right click on the project and go to SonarQube > Analyze. Note: You can also hit Ctrl+Alt+Q wherever you are in your project to trigger a new analysis. VIEWING ISSUES USING SONARQUBE VIEWS IN ECLIPSE Four different views are available in Eclipse to browse the quality of the projects:  SonarQube Issues that list the issues on the selected component  SonarQube Issue Editor to review the issue
  • 27. @ardentlearner 27  SonarQube Rule Description to get the detailed description of the rule that is violated  SonarQube Web Browser SONARQUBE ISSUES The SonarQube Issues view displays the list of issues of the selected component (project, module, file, etc.). To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issues. Problems and Markers views also display issues. Issues are flagged in the source code viewer. New issues (compared to the latest version on the SonarQube server) are highlighted in yellow. This allows you to focus on the new issues that you have introduced.
  • 28. @ardentlearner 28 You can add/remove/order columns, group issues (by severity, new issues only, ...), filter issues (new issues only, issues assigned to me, ...), sort (by assignee, ...). Note: "Resolved" issues are not displayed. SONARQUBE ISSUE EDITOR This view allows you to review the selected issue (add comments, confirm it, plan it, etc.) the same way you would do it through the web interface. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issue Editor.
  • 29. @ardentlearner 29 Note: It is not possible to review new issue that you have introduced. SONARQUBE RULE DESCRIPTION This view allows you to access the detailed description of the coding rule of the selected issue. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Rule Description. SONARQUBE WEB BROWSER This view allows you to access the SonarQube web interface. This view is automatically displayed when clicking on SonarQube > Open in SonarQube server. It can also be displayed by going to Window > Show View > Other... > SonarQube > SonarQube Web Browser.
  • 30. @ardentlearner 30 7. REFERENCES 1. Compatibility matrix showing the versions compatible between SonarQube, SonarQube Ant Task, SonarQube Runner and Maven at : http://docs.codehaus.org/display/SONAR/Analyzing+Source+Code#AnalyzingSourceCode- CompatibilityMatrix 2. http://docs.codehaus.org/display/SONAR/Working+with+SonarQube+in+Eclipse