Configure sonar, Jenkins for continuous review

Source: Internet
Author: User
Tags continuous integration tools checkstyle

This article takes the CentOS operating system as an example to introduce sonar installation configuration, and how to integrate with Jenkins, through the PMD-CPD, Checkstyle, findbugs and other tools to conduct continuous review of the code.

First, installation configuration sonar1, Sonar introduction

Sonar is an open source platform for code Quality management that manages the quality of Java source code. Through the plug-in mechanism, Sonar can integrate different test tools, code analysis tools, and continuous integration tools such as PMD-CPD, Checkstyle, FindBugs, Jenkins. These results are re-processed by different plug-ins and quantified to measure the change in code quality, which makes it easy to code quality management for projects of different sizes and types.

Sonar also provides interface support for a large number of continuous integration tools, which makes it easy to use sonar in continuous integration.

In addition, Sonar's plug-in provides support for programming languages other than Java, as well as internationalization and reporting documentation.

2. Configuration database

Apache Derby is the database that sonar comes with and is installed by default, and sonar supports the following databases: MySQL 5.x, Oracle 10g XE, Postgresql, MS SQL Server, etc. This article takes MySQL as an example to explain how to configure the database:

1) Create a database

Execute the following script in MySQL to create the database and MySQL user


2) Edit the ${sonar_home}/conf/ configuration database:

Sonar.jdbc.username:                       sonarsonar.jdbc.password:                       sonarsonar.jdbc.url:                            jdbc:mysql://localhost:3306/ sonar?useunicode=true&characterencoding=utf8&rewritebatchedstatements=true# Optional Propertiessonar.jdbc.driverClassName:                com.mysql.jdbc.Driver

3) Configuring the DB driver package

If you use an Oracle database, you must manually copy the driver class to the ${sonar_home}/extensions/jdbc-driver/oracle/directory. Other supported databases are provided by default, and Http:// lists some common configuration and default values.

4) Common Errors and workarounds

After adding the language pack, start the error analysis:

Download Install Sonar-l10n-zh-plugin-1.4.jar language Pack (Http://, after repackaging the deployment, the background error is as follows:

Error in sonar.log:2012.10.25 14:39:15 INFO org.sonar.INFO Register rules [Squid/java] ... 2012.10.25 14:39:15 ERROR O.s.s.p.platform The following rule (Repository:squid) must has a Description:rule[id=<nul L>,name=<null>,key=parsingerror,configkey=parsingerror,plugin=squid,enabled=true,severity=major, Cardinality=single]org.sonar.api.utils.sonarexception:the following rule (Repository:squid) must has a description: Rule[id=<null>,name=<null>,key=parsingerror,configkey=parsingerror,plugin=squid,enabled=true, Severity=major,cardinality=single]at Org.sonar.server.startup.RegisterRules.validateRule ( ) ~[classes/:na]at org.sonar.server.startup.RegisterRules.registerRepository ( ~[classes/: Na]at ...

(Refer to

Workaround: Remove all jar packages under the Extensions\plugins\ directory and re-package the deployment after you rejoin the local language pack.

3. Installing and configuring Sonar

The operation of Sonar requires JDK 1.5+, download the sonar zip file from, this article takes version 3.6 as an example.

Create a CentOS account sonar running sonar and set the account password:

# Useradd sonar# passwd sonar

Log in to CentOS using your sonar account.

Sonar integrates the jetty container by default, can be started directly, or it can be built as a war package and deployed in a Tomcat container.

1) Direct Start

Edit. Bash_profile, add environment variable Sonar_home

$ VI $HOME/.bash_profile

Change to the following:

Path= $PATH: $HOME/binsonar_home= $HOME/sonarexport PATH sonar_home

Make environment variables effective

Source $HOME/.bash_profile

Run the following command to start sonar, and other operating system sonar provides a startup script

$ ${sonar_home}/bin/linux-x86-64/ Start

Access in the browser: http://localhost:9000/, run the interface as follows:

Sonar default port is "9000", the default context path is "/", the default network interface is "", the default administrator account and password is: admin/admin, these parameters can be modified in the configuration file:

$ VI ${sonar_home}/conf/

2) as a Web project, deployed to an application server such as Tomcat

A. Ensure that conf/ and conf/wrapper.conf have not been modified and used

B. Execute the following command to generate the war package and deploy the resulting Sonar.war to the application server

$ ${sonar_home}/war/

C. Start Tomcat and access through Http://localhost:8080/sonar.

Tomcat installation configuration see: Install TOMCAT7 in Cenos system and set as self-starting service

4. Configured as self-starting service

Use the root account or the sudo permission operation.

Create a self-startup script file/etc/init.d/sonar

# Vi/etc/init.d/sonar

Add the following content

#!/bin/sh## rc file for sonarqube## chkconfig:345 10# description:sonarqube System ( # # # # # BEGIN in IT info# provides:sonar# Required-start: $network # required-stop: $network # default-start:3 4 AA default-stop:0 1 2 6# Short-description:sonarqube System ( # Description:sonarqube System ( # # # END INIT Info/usr/bin/sonar $*

Add Start Service

# ln-s $SONAR _home/bin/linux-x86-64/ chmod 755/etc/init.d/sonar# chkconfig--add SONAR

5. Configure Plug-ins

A) introduction of plugins

SONAR supports a variety of plug-ins, plug-in: Http://

Upload the downloaded plugin to the ${sonar_home}extensions\plugins directory and restart SONAR.

Sonar integrates the Java ecosystem Plug-in by default, which is a collection of plug-ins

    • Java [Sonar-java-plugin]:java Source code parsing, calculation metrics, etc.
    • Squid [Sonar-squid-java-plugin]: Check code that violates the sonar definition rule
    • Checkstyle [Sonar-checkstyle-plugin]: Use Checkstyle to check code that violates unified code writing style
    • FindBugs [Sonar-findbugs-plugin]: Use FindBugs to check for defect codes that violate the rules
    • PMD [Sonar-pmd-plugin]: Using PMD to check code that violates a rule
    • Surefire [Sonar-surefire-plugin]: Performing unit tests using surefire
    • Cobertura [Sonar-cobertura-plugin]: Using Cobertura to get code coverage
    • Jacoco [Sonar-jacoco-plugin]: Using Jacoco to get code coverage

Some common plugins are listed below:

    • JavaScript code Check: Http://
    • Python code Check: Http://
    • Web page checking (HTML, JSP, JSF, Ruby, PHP, etc.): Http://
    • XML file check: Http://
    • SCM Source Database statistical analysis: Http://
    • File metric: Http://
    • Chinese Language pack: Http://
    • Timesheet Display metrics results:
    • Measure result Evolution diagram: Http://

b) Plug-in configuration example (this paragraph is from

Sonar's main feature is the reprocessing of inspection results from different tools, and sonar also provides users with a way to personalize the data.

This section uses the Technical debt plug-in as an example to illustrate how the final report results are affected by setting parameters. First look at the concept of "technical debt" in this plugin, which was first proposed in 1992 by Ward Cunningham in his paper "The Wycash Portfolio Management System", which was later accepted and promoted by the software engineering community, Martin Fowler, author of Refactoring, also introduced technical debt on his website. In fact, the principle can be understood as "come out mixed sooner or later to also", the current nonstandard code, will affect the cost of future product modification.

SOANR's Technical debt plug-in provides a default calculation formula that can be used to calculate the technical debt of different companies and projects by configuring the weighting parameters.

The above data indicators can be set according to the different situation of the company and the project:

For example, default parameters the technical debt indicators for a project are as follows:

After modifying the parameters, the result is:

It is visible that Average time to cover complexity of one (in hours) is changed from 0.2 to 0.01, the coverage weight is smaller, thereby ignoring the effect of unit test coverage. Different companies and projects can adjust their parameters as needed, and the tuning and strategy of the parameters are not covered by this article.

As can be seen from the above example, Sonar uses different types of charts to display the results of the user's code quality, and these charts are not simply showing the unit test coverage or the results of the static detection tool, but based on the software engineering theory two times the result of processing, more scientific and intuitive.

c) Update Center

Log in to sonar as an administrator user, enter configuration-system, select Update Center,

The Available Plugins tab provides plug-ins that you can choose to install, and System updates can update sonar online.

The plugin needs to be noted that some of these plugins are required for purchase to be used, and the license type is commercial.

Ii. integration with Jenkins 1, through MAVEN

Modify the MAVEN Master profile (${maven_home}/conf/settings.xml file or ~/.m2/settings.xml file), where you add access to the sonar database and the sonar service address, adding the following configuration:

<profile><id>sonar</id><properties>    <sonar.jdbc.url>jdbc:mysql://localhost :3306/sonar</sonar.jdbc.url>    <sonar.jdbc.driver>com.mysql.jdbc.driver</sonar.jdbc.driver >    <sonar.jdbc.username>sonar</sonar.jdbc.username>    <sonar.jdbc.password>sonar< /sonar.jdbc.password>    <>http://localhost:9000</> <!-- Sonar server access address--></properties></profile><activeprofiles>  <activeProfile>sonar< /activeprofile></activeprofiles>

Note here that the address should be modified according to sonar deployment situation

Similarly, to avoid memory overflow, it is recommended to increase the size of the memory stack. Set the MAVEN_OPTS environment variable:

Set maven_opts= "-xmx512m-xx:maxpermsize=256m"

Using sonar

A. Running the sonar server;

B. Inject the code into sonar through MVN Sonar:sonar and store the results in the database as XML;

C. Through browser access, display analysis results;

D. Continuous operation of the MAVEN build will iterate over the results of the analysis;

E. You can explicitly specify the version of the sonar plug-in as follows:

        <project>            <build>                <plugins>                    <plugin>                        <groupid>org.codehaus.sonar </groupId>                        <artifactId>sonar-maven-plugin</artifactId>                        <version>3.5.1</ version>                    </plugin>                </plugins>            </build>        </project>

F. You can explicitly bind sonar to the MAVEN life cycle, as follows:

        <plugin>            <groupId>org.codehaus.sonar</groupId>            <artifactid>sonar-maven-plugin </artifactId>            <version>3.5.1</version>            <executions>                <execution>                    <id>sonar</id>                    <phase>site</phase>                    <goals>                    <goal>sonar</ goal>                    </goals>                </execution>            </executions>    </plugin>

At this point, when you specify the site declaration period for MAVEN, the Sonar.sonar command is called automatically.

2. Integrate directly with Jenkins

Choose to install Sonar Jenkins plugin in the plug-in management of Jenkins, which allows the project to call sonar for code metrics each time it builds.

Go to the Configuration page to configure the sonar plug-in, such as:

To configure the build project, add the Post build Action:

When the application is built it automatically triggers sonar to check the code

Configure sonar, Jenkins for continuous review

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.