sonar--Code Quality Management platform

sonar--Code Quality management platform

First, basic understanding

Sonar (SonarQube) is an open source platform for managing the quality of source code.

Sonar is not just a quality data reporting tool, but also a code quality management platform. through the plug-in mechanism,sonar can integrate different test tools, code analysis tools, and continuous integration tools such as PMD-CPD, Checkstyle, FindBugs, Jenkins. These results are re-processed by different plug-ins and quantified to measure the change in code quality, which makes it easy to code quality management for projects of different sizes and types. sonar also provides interface support for a large number of continuous integration tools, which makes it easy to use sonar in continuous integration.

In addition,Sonar's plug-ins can provide support for programming languages other than Java ( supported languages include: Java, PHP, C #, C, Cobol, PL/SQL, Flex, etc. ) . Good support for internationalization as well as documentation of reports.

Second, the main detection content

sonar can effectively detect the seven major problems in the process of program development .

1. Poor complexity distribution

files, classes, methods, and so on, if the complexity is too high will be difficult to change, which makes it difficult for developers to understand them, and if there is no automated unit testing, changes to any component in the program will likely result in the need for comprehensive regression testing

2. Repeat

Obviously the code that contains a lot of copy and paste in the program is poor quality. Sonar can show where the source code repeats serious:

3. Lack of unit testing

sonar makes it easy to count and present unit test coverage

4. No Code standards

sonar can be written by Code Rule Detection Tool specification code, such as Pmd,checkstyle,findbugs

5. Not enough or too many comments

No comments will make the code less readable, especially when people change inevitably, the readability of the program will drop dramatically and too many comments will cause the developer to spend too much time reading the notes and breaking the original

6. Potential Bugs

sonar can detect potential bugs through the Code rule Detection Tool, such as Pmd,checkstyle,findbugs

7. Bad Design (original spaghetti design, spaghetti style)

sonar lets you find loops that show the interdependencies between packages, classes, and classes to detect custom schema rules ; using sonar to manage third-party jar packages can use LCOM4 to detect the application of individual task rules Detection coupling.

about spaghettidesign:http://docs.codehaus.org/display/sonar/spaghetti+design

Third, plug-in introduction

sonar support a variety of plug-ins, plug-in:http://docs.codehaus.org/display/SONAR/Plugin+Library.

Upload the downloaded plugin to the ${sonar_home}extensions\plugins directory and restart SONAR.

1.sonar default plug-in collection

Sonar integrates the Java ecosystem plug-in by default, which is a collection of plug -ins:

1) Java [sonar-java-plugin]:Java source code parsing, calculation indicators, etc.

2) Squid [Sonar-squid-java-plugin]: Check code that violates the sonar definition rule

3) Checkstyle [Sonar-checkstyle-plugin]: Use Checkstyle to check code that violates unified code writing style

4) FindBugs [Sonar-findbugs-plugin]: Use FindBugs to check for defect codes that violate the rules

5) PMD [Sonar-pmd-plugin]: Use PMD to check code that violates a rule

6) Surefire [Sonar-surefire-plugin]: performing unit tests using surefire

7) Cobertura [Sonar-cobertura-plugin]: Use Cobertura to get code coverage

8) Jacoco [Sonar-jacoco-plugin]: Use Jacoco to get code coverage

2. Some common plugins are listed below:

1) JavaScript code check:http://docs.codehaus.org/display/SONAR/JavaScript+Plugin

2) Python code check:http://docs.codehaus.org/display/SONAR/Python+Plugin

3) Web page check (HTML, JSP, JSF, Ruby, PHP, etc.): Http://docs.codehaus.org/display/SONAR/Web+Plugin

4) XML file check:http://docs.codehaus.org/display/SONAR/XML+Plugin

5) SCM Source database statistical analysis:Http://docs.codehaus.org/display/SONAR/SCM+Stats+Plugin

6) file measure:http://docs.codehaus.org/display/SONAR/Tab+Metrics+Plugin

7) Chinese Language pack:http://docs.codehaus.org/display/SONAR/Chinese+Pack

8) Schedule Display metrics results:http://docs.codehaus.org/display/SONAR/Timeline+Plugin

9) Measurement result Evolution diagram:http://docs.codehaus.org/display/SONAR/Motion+Chart+Plugin

3. plug-in configuration example

See "Using Sonar for code Quality Management " for details.

Iv. End of language

Sonar's main feature is the reprocessing of inspection results from different tools, andsonar also provides users with a way to personalize the data. It can be said thatsonar is currently one of the most powerful code quality management tools.

sonar--Code Quality Management platform