SonarQube Introduction



What is SonarQube
SonarQube is an automated code review tool which plays a major role in static code
analysis in the industry. However SonarQube is not only an automated code review tool but
it is also an open source quality management platform which used for continuous analysis
and measurement of technical quality of source code.
This takes the programming code as the input to the system, analyses it using pre-defined
coding standards/rules and provides the outcome in a web format. This web based
outcome will summarize the status of the code in an informative manner to the
management as well as to the developers to help their quick decisions of the affected
code.
  • Configure SonarQube v5.6.1
    • As the first step in configuring the SonarQube community version, Download the SonarQube v5.6.1 from official SonarQube website.(https://www.sonarqube.org/downloads/ )
    • After downloading the SonarQube v5.6.1, unzip it to a specific location as mentioned below according to the OS. 
      • Windows (“ C:\sonarqube ”) or Linux/Unix(/etc/sonarqube)
    • Then we can start the SonarQube server by proceed according to the below steps.
      • On windows : C:\sonarqube\bin\windows-x86-64\StartSonar.bat 
      • On Unix/Linux : /etc/sonarqube/bin/<OS>/sonar.sh console
    • After that we should download the SonarScanner which matches to the SonarQube version. This is the analyzer in SonarQube (http://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner )
    • When SonarScanner downloaded we should unzip that to the same directory or any other directory as you prefer. After unzip the SonarScanner,
      • Change directory in to SonarScanner and modify the sonar-scanner.properties by defining the port and the databse to be used and etc.
    • After configuring SonarScanner, We should create a file called sonar-project.properties which has the project details that should be analysed and that file should move in to the project directory.

    • In the above image sonar.sources should be the path where your source files are located in. After you done the above steps now you can finally analyse your code with sonar-scanner by simply typing sonar-scanner in a terminal which points to the project location.
      • Command : sonar-scanner
    • After that it will be upload in to the SonarQube server which is currently running in the http://localhost:9000
    • Starting SonarQube server in http://localhost:9000
      • Command : $ sonar.sh console
    • Change directory to the project and type command sonar-scanner
    • Then we can see SonarQube analyse started on http://localhost:9000 and the issues and all the analysed details of the code
  • Usage of SonarQube
SonarQube is a static code analyser as mentioned in the beginning of this document and this provides several functionalities when analysing a given code segment. Following will be major usages of this static code analyser.
✔ Whether the given code segment has followed the specific conventions
✔ Whether well-known best practices have been followed and well-known bad practices have been avoided by the code segment
✔ Whether there are any potential bugs and performance issues, security vulnerabilities
✔ Whether the code segment is more complex and is there any code duplications
✔ Whether the code has followed good possible architecture principles
To measure these possible scenarios SonarQube has five characteristics defined as follows,(characteristic – weight of each characteristic)
Blocker – 5 Critical – 4 Major – 3 Minor – 2 Info – 1
From the above mentioned characteristics it measures the code smell of the given code segment. Not only these, from this tool we can check readability, security, maintainability, etc directly navigating into 'Measures' tab.
  • Strengths and weaknesses
✔ Strengths of SonarQube 
This is not just a single tool to analyse code fragments. It is a combination of several static code analysing tools. Therefore it performs the code analysing process in different perspectives and gives all the possible bugs, etc.
This is not only analysing the code and help to improve the code quality but it is also helps to improve the coding skills of the developers too. For developers mostly this will help to avoid spaghetti design practices and come up with the best design principles. 
✔ Weaknesses of SonarQube  
SonarQube cannot identify all the issues in the code. It only helps you to write well indented, duplication free, unit tested source code which can be understood easily.
Need to do peer reviews because still there can be places to refactor or that can be replaced by a design pattern.
  • Final outcome of the analysis 
After doing the SonarQube analysis, as developers we can modify/debug our code by referring to the analytical data and the suggestions. This can be reduced or totally avoid those bugs and bad coding practices of the application.

Comments

Popular posts from this blog

Dynamic Routing Demonstration Using CISCO PACKET TRACER and RIP

Containerize Java Application & Deploying on AWS Elastic Beanstalk