SonarQube 3.6 Code Quality Management combat

SonarQube is an open source code quality management system that integrates with other external tools such as Eclipse and JIRA through the use of plug-in mechanisms, enabling full automated analysis and management of the quality of the code. This paper first discusses the basic working principle and installation process of SonarQube 3.6, and then analyzes the basic process of code quality management for projects with different languages and architectures using three different methods of SonarQube 3.6. Finally, the author summarizes the problems encountered in the actual use of the process, and the corresponding solutions are given.

Overview

With the innovation of software products in IT industry, customers ' requirements for software products are more and more high, so how to manage the software code with high quality, analyze the code quality in time and give the reasonable solution becomes a problem that must be solved at present. Compared with today's numerous code quality management tools, SonarQube is more characteristic and competitive, and its advantages mainly include: It is an open source code quality Management system, supports 25+ languages, can integrate with other external tools such as Eclipse and JIRA by using plug-in mechanism, Thus, it realizes the comprehensive automated analysis and management of the code quality.

This paper first discusses the basic working principle and installation process of SonarQube3.6, and then analyzes the basic process of code quality management for projects with different languages and architectures using the three different methods of SonarQube3.6, and finally summarizes the problems encountered in the process of actual use. and the corresponding solutions are given.

This paper mainly discusses the following aspects: SonarQube's Working principle introduces SonarQube3.6 installation SonarQube3.6 code quality analysis Results Analysis SonarQube3.6 actual use of problems and solutions

Back to the first SonarQube of the principle of introduction

Instead of simply presenting the results of the various quality inspection tools (such as FINDBUGS,PMD, etc.) directly to the customer, SonarQube is re-processing the results through different plug-in algorithms, ultimately measuring the quality of the code in a quantifiable way, Accordingly, the code quality management of different sizes and types of projects is conveniently carried out.

SonarQube the quality of the project from the seven latitude shown in Figure 1 when it comes to code quality management. Figure 1: Quality latitude

SonarQube can support 25+ programming languages, and they provide different methods of analysis for various programming languages: for all supported programming languages, SonarQube provides static analysis of the source code, and for some specific programming languages, SonarQube Provides static analysis of compiled code, such as class file and Jar in Java and DLL file in C #, and for some specific programming languages, SonarQube can also provide dynamic analysis of code, such as the unit test in Java and C # Implementation of the test.

The overall architecture of the SonarQube platform is shown in Figure 2: Figure 2. SonarQube's service Architecture

Remote clients can upload the analyzed project code to SonarQube server and perform code quality management and analysis through a variety of different analysis mechanisms, and SonarQube will present the results of the analysis to the user visually and in a measurable way through the Web API.

Back to top SonarQube3.6 installation

Requirements for software and hardware

The installation of SonarQube3.6 usually needs to meet certain hardware and software conditions, the specific requirements are as follows:

1. Server Requirements

Web server requires a minimum of 500MB of memory space and a recommended memory size of 2GB. Sonar typically stores approximately 350KB of data per 1 KLOC for code quality analysis, so try to provide large memory for SonarQube3.6 Web server.

2. Database Requirements

Although SonarQube3.6 itself comes with an embedded Derby database, because Derby is simpler, it is highly recommended to install the appropriate enterprise database in a production environment, SonarQube3.6 supported databases include: MySQL 5.x+, oracle10g+, PostgreSQL 9.x and MS SQL Server 2005 and 2008 are recommended for use with MySQL. Currently SonarQube3.6 does not support DB2, but support for DB2 may be provided in subsequent releases.

3. Browser Requirements

SonarQube3.6 supports most browsers, including Firefox, Internet Explorer 7.x and 8.x and chromed, and Firefox is recommended.

Installation steps

SonarQube3.6 's installation package can be downloaded from SonarQube's official website (http://www.sonarqube.org/). In general, its installation process can be divided into the following six steps:

1. Obtaining legal authorization from the company

This step depends primarily on the company's requirements, and if the company has legal requirements for the software installed on the company's machines, then although SonarQube is open source, it is also required to obtain authorization from the relevant legal department of the company before installation.

2. Create a database

When you create a database, follow the installation instructions for the appropriate database, and after the installation is successful, you need to manually create a user named "Sonarqube" and an empty schema-"sonarqube" and give the user the create on the corresponding schema, Update and delete objects, while the database's character set is set to "UTF-8", the example SQL statement is as follows:

Click to view the code listing

3. Installing the Sonar server

Unzip the downloaded SonarQube3.6 compressed package, and note that you want to match the operating system platform you are on.

4. Configure the database

If you do not use sonarQube3.6 's derby database, you need to edit the sonarqube3.6 extract directory \conf\sonar.properties file to configure the database access parameters.

The database configuration items and configuration examples are shown in Figure 3 and Figure 4: Figure 3. The database configuration item in the Sonar.properties file is shown in Figure 4. MySQL database configuration in the Sonar.properties file

If it is an Oracle database, you will need to copy the JDBC driver to the sonarqube3.6 extract directory \extensions\jdbc-driver\[your database]. In addition, Driver,sonarqube for other supported databases has been provided.

5. Start the SonarQube3.6 server

The way to start the SonarQube3.6 server depends on the installation platform and webserver you are using.

A common way to start up is shown in Figure 5: Figure 5. SonarQube Start Mode

6. Plugin Download and installation

After the SonarQube3.6 server is successfully started, log in to the default webserver:ip:9000/, where IP is the sonarqube3.6 installed server network address, and the user name and password are the default admin/admin. After successful login Click the Configuration menu button and select Update Center to download and install the plugin as shown in Figure 6: Figure 6. Plugin Download and install

Note: If the machine on which the Sonarqube server is located does not have access to the extranet, then it is necessary to download all the required plugins on another machine that can access the extranet, and then copy the downloaded plug-in to the sonarqube3.6 of the machine where the Sonarqube server is located. Unzip the directory in the \extensions\plugins directory, and then restart Sonarqube3.6. Download Sonarqube plug-in official address is: http://docs.codehaus.org/display/SONAR/Plugin+Library/, download should pay attention to the plug-in board and sonarqube3.6 compatibility issues.

Back to top SonarQube3.6 code quality Analysis

When using SonarQube3.6 for code Quality management of a project, there are typically three different ways to initiate code analysis, analyzing with SonarQube Runner, analyzing with SonarQube Ant Task and analyzing with Maven methods. The main difference between the three methods is that they apply to projects of different architectures and organizational forms, and their corresponding configuration files are not the same.

Here are three ways to do this separately.

Analyzing with SonarQube Runner

Usually we recommend using SonarQube Runner this way, as this approach works for all projects of different architectures, including projects that do not use any source control tools, and use various different code management tools (SVN, Git, ClearCase and compile tools (Ant,maven), which can be used in the form of a project. The steps are as follows when you use this method for analysis:

1. First you need to download the SonarQube3.6 Server-compatible Sonar-runner client and unzip it; The download address is http://repo1.maven.org/maven2/org/codehaus/sonar/ Runner/sonar-runner-dist/2.3/sonar-runner-dist-2.3.zip

2. In the root directory of the analyzed project code, create and configure the Sonar-project.properties, as shown in Figure 7: Figure 7. Sonar-project.properties File Example

The Sonar.projectname in Figure 7 is the name that the project displays on the sonar server, and its value is unique. The Sonar.source is used to specify the location of the code to be analyzed. The sonar.language is used to specify the language of the project code to be analyzed. If the project contains more than one module, the configuration file should be edited as shown in Figure 8: Figure 8. Sonar-project.properties example of a multi-module project

3. Under the Sonar-runner\config directory of the extracted Soanr-runner client, edit the Sonar-runner.properties file, as shown in Figure 9: Figure 9. sonar-runner.properties Example

Note that the related configuration items in Figure 7, figure 8, and figure 9, such as Host.url and Jdbc.url, are consistent with the related configuration items in the Sonar.properties file in Figure 4.

4. Open the command line and run the Sonar-runner Analysis Project code under the project directory that is being analyzed.

Analyzing with SonarQube Ant Task

This method is primarily intended for projects that use ant tools for building, compiling, packaging, and testing, and the following steps are used to parse the code using ant Task:

1. Download SonarQube Ant Task and install it, download the address as follows: HTTP://REPOSITORY.CODEHAUS.ORG/ORG/CODEHAUS/SONAR-PLUGINS/SONAR-ANT-TASK/2.1/ Sonar-ant-task-2.1.jar

2. Under the root directory of the parsed project code, create and configure the Build.xml file. Examples are shown in Figure 10: Figure 10. Build.xml Configuration Example

The related configuration items in Build.xml (such as jdbc.username and Jdbc.url, etc.) are consistent with the related configuration items in the Sonar.properties file shown in Figure 4, and you can see that both the parsed items are included in the Build.xml file Information about the corresponding SonarQube Server to which it is connected.

3. On the command line, switch to the code root and use the command "Ant Sonar" for code analysis.

Analyzing with Maven

When a project is managed and built using Maven tools, the project applies to this method. When using Maven to parse code, the steps are as follows:

1. Download, install, and configure Maven, the configuration file is Setting.xml, as shown in Figure 11: Figure 11. Setting.xml Configuration Example

The related configuration items in Setting.xml, such as Host.url and Jdbc.url, are consistent with the related configuration items in the Sonar.properties file shown in Figure 4, and are primarily used to configure information about the SonarQube server to which they are connected.

2. In the root directory of the project code to be analyzed, create and configure the Prom.xml file, as shown in Figure 12, which is used to set information about the parsed code, including the code directory. Figure 12. Prom.xml Configuration Example

3. Open the command-line window, switch to the project's root directory, and then perform "MVN Sonar:sonar" to analyze the quality of the project code.

Summary

In general, these three ways have different pertinence, the specific use of which method to be based on the actual situation of the project to be flexible judgment.

Back to top SonarQube3.6 code quality analysis result parsing

When the project code is successfully parsed, SonarQube Server stores the results of the analysis in the appropriate database and presents the analysis results to the user in webserver as a report.

The following will be an example of the results of a real project code analysis, the analysis of its various indicators are briefly introduced. Figure 13. Example of analysis results -01

Figure 13, Project Dashboard for SonarQube3.6, is the portal to view the results of any project analysis, showing the results of the overall analysis of the project's indicators, including the project repetition rate, the annotation scale, unit test coverage, and Issue ratio. Through Dashboard, we can have a holistic understanding of the overall quality of the project.