Static Code Analysis with SonarQube

Definition

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities.

SonarQube can record metrics history and provides evolution graphs. SonarQube provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).

Working

Sonar uses various static & dynamic code analysis tools such as Checkstyle, PMD, FindBugs, FxCop, Gendarme and many more to extract software metrics, which then can be used to improve software quality. Provides lots of plugins.

Sonar Structure

Note: — Above image taken from Google

Features

1) Supports languages: Java, C/C++, Objective-C, C# , PHP, Flex, Groovy, JavaScript, Python, PL/SQL, COBOL, etc. (note that some of them are commercial)

2) Can also be used in Android development.

3) Offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, potential bugs, comments and design and architecture.

4) Records metrics history and provides evolution graphs (“time machine”) and differential views.

5) Provides fully automated analyses: integrates with Maven, Ant, Gradle and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).

6) Integrates with the Eclipse development environment

7) Integrates with external tools: JIRA, Mantis, LDAP, Fortify, etc.

8) Is expandable with the use of plugins.

9) Implements the SQALE methodology to compute technical debt.

Installation

STEP-1

Go to this Link https://www.sonarqube.org/downloads/

STEP-2

Click on Community Edition to download SonarQube

STEP-3

Extract Your File

STEP-4

Now Open your COMMAND PROMPT and go to SonarQube folder on Command Prompt

Note:- Your System should have JDK 11 To run SonarQube so check your JAVA version by running command “java –version”

STEP-5

After going to SonarQube folder run Command “StarSonar.bat”

(This initiates your SonarQube)

STEP-6

After running the command go to chrome and type: — localhost:9000

This will open your Login page (Default ID- admin, Password- admin)

YOUR DASHBOARD WILL OPEN

INSTALLATION COMPLETED

Project analysis on SonarQube

STEP-1

For analysis you need to download a Software “SonarScanner”

Go to Link https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/

STEP-2

Click on which system you want to download the software (I am doing it on Windows 64-bit )

STEP-3

Extract your file

STEP-4

Make a project on eclipse which will be used for analysis

STEP-5

Go to SonarScanner configuration folder and edit sonar-scanner.properties

STEP-6

Now Open your COMMAND PROMPT and go to your project location and run command “sonar-scanner.bat”

YOU WILL GET EXECUTION SUCCESS

STEP-7

Check you “localhost” on chrome it show your project analysis

PROJECT ANALYSIS COMPLETE