Sonarqube Code Quality Management

1. Overview
Sonarqube is an open platform for managing code quality that can quickly locate potential or obvious errors in your code. High-quality management software code, timely analysis of code quality and give a reasonable solution, you can also use plug-in mechanism and other external tools such as Eclipse and JIRA integration, so as to achieve the quality of the code of the overall automated analysis and management.

2. Characteristics
1. Support for more than 25 languages: Java, C + +, C #, PHP, Flex,groovy, JavaScript, Python, PL/SQL, COBOL, etc.
2. Can be used in Android development
3. Provide duplicate code, code standards, unit tests, code overlays, complex code, potential code, comments, and design and schema reports
4. Record the measurement history and provide the evolutionary diagram Time machine ("timeline") and different views
5. Provide fully automated analysis: Integrated maven,ant, gradle and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.)
6. Integrated Eclipse Development environment
7. Integrated External tools: JIRA, Mantis, LDAP, fortify, etc.
8. Can be extended via plugins
9. Implementation of Sqale methodology for computing liabilities (technical debt)
10. Tomcat is supported, but Tomcat final support is Sonarqube 4.1. The standalone mode is the only Tomcat-enabled, with a tomcat server embedded in it.

3. Application Scope
2009 Sonarqube obtained the Jolt Award under the Test Tools catalogue, which is a full-feature continuous integration tool. Used in Andalusian autonomous Government,exo platform,apache software foundation,eclipse Foundation.
Current use ratio of code quality inspection tool:

4. Introduction of Working principle
Instead of simply presenting the results of the various quality inspection tools (such as FINDBUGS,PMD, etc.) directly to the customer, SonarQube is re-processing the results through different plug-in algorithms, ultimately measuring the quality of the code in a quantifiable way, Accordingly, the code quality management of different sizes and types of projects is conveniently carried out.
SonarQube in code Quality management, the quality of the project is analyzed from several latitude shown in Figure 1,

Figure 1. Project Quality Analysis

With plugins, Sonarqube can detect code quality from seven dimensions, support more than 20 programming languages including Java,c#,c/c++,pl/sql,cobol,javascript,groovy, and can handle the following problems in the code:

1. Poor complexity distribution

Files, classes, methods, and so on, if the complexity is too high will be difficult to change, which makes it difficult for developers to understand them, and without automated unit testing, changes to any component in the program will likely result in the need for comprehensive regression testing. 2. Repeat
A program that contains a lot of copy-and-paste code is obviously poor quality, and sonar can show where the source is repeating serious.
3. Lack of unit testing
Sonar makes it easy to count and present unit test coverage.
4. No Code standards
Sonar can be written by Code Rule Detection Tool specification code, such as Pmd,checkstyle,findbugs.
5. Not enough or too many comments
No comment will make the code less readable, especially when people change inevitably, the readability of the program will drop dramatically and too much comment will cause the developer to spend too much time reading the comment and violating the original intention.
6. Potential bugs
Sonar can detect potential bugs through the Code rule Detection Tool, such as pmd,checkstyle,findbugs.
7. Poorly designed (original spaghetti design)
Sonar can find loops that show the interdependencies between packages and classes and classes can detect custom schema rules, manage third-party jar packages, and use LCOM4 to detect the application of individual task rules.
Through the sonarqube can effectively detect the above in the program development process of the seven major problems.
The overall architecture of the SonarQube platform is shown in Figure 2:
Figure 2. SonarQube's service architecture

Remote clients can upload the analyzed project code to SonarQube server and perform code quality management and analysis through a variety of different analysis mechanisms, and SonarQube will present the results of the analysis to the user visually and in a measurable way through the Web API.

5. Installation and configuration requirements
The installation of sonarqube usually needs to meet certain hardware and software conditions, the specific requirements are as follows:
1. Server Requirements
Web server requires a minimum of 500MB of memory space and a recommended memory size of 2GB. Sonar typically stores approximately 350KB of data per 1 KLOC for code quality analysis, so try to provide large memory for SonarQube Web server.
2. Database Requirements
Although Sonarqube itself comes with an embedded Derby database, because Derby is simpler, it is highly recommended to install the appropriate enterprise database in a production environment, Sonarqube supported databases include: MySQL 5.x+, oracle10g+, PostgreSQL 9.x and MS SQL Server 2005 and 2008 are recommended for use with MySQL.
3. Browser Requirements
Sonarqube supports most browsers, including Firefox, Internet Explorer 7.x and 8.x and chromed, and Firefox is recommended.

6. Code Quality Analysis Method
When using SonarQube for code Quality management of a project, there are typically three different ways to initiate code analysis, respectively
1) Analyzing with SonarQube Runner
2) analyzing with SonarQube Ant Task
3) Analyzing with Maven
The main difference between the three methods is that they apply to projects of different architectures and organizational forms, and their corresponding configuration files are not the same.

Here are three ways to do this separately.
analyzing with SonarQube Runner
It is often recommended to use SonarQube Runner this way, as this approach works for all projects of different architectures, including projects that do not use any source control tools, and the use of a variety of different code management tools (SVN, Git, ClearCase, etc.) and compilation tools (Ant , MAVEN) Project form, which all can be applied.

analyzing with SonarQube Ant Task
This approach is intended primarily for projects that use ant tools for building, compiling, packaging, and testing, and when using ant Task to parse code,
To download the SonarQube Ant Task installation, create and configure the Build.xml file in the root directory of the parsed project code.
Configures information about the parsed project code and also contains information about the corresponding SonarQube Server to which it is connected, and analyzes the code using the appropriate command.

Analyzing with Maven
When a project is managed and built using Maven tools, the project applies to this method. When you use Maven to parse code, you need information about the configuration of the Sonarqube server in Pom.xml, and then perform "MVN Sonar:sonar" to analyze the quality of the project code.

The above three kinds of ways have different pertinence, the specific use of which way to according to the actual situation of the project to be flexible judgment.
7, Code quality analysis Results Resolution
When the project code is successfully parsed, SonarQube Server stores the results of the analysis in the appropriate database and presents the results in a report to the user in the form of a Web page.
The following is an example of a simple project code analysis results, the analysis of its various indicators are briefly introduced.

Example of the above Java project source code file quality Analysis Analysis Results Example-01

The SonarQube project Dashboard, which is the portal to view the results of any project analysis, shows the results of the overall analysis of the project's indicators, including the repetition rate of the project, the proportion of annotations, unit test coverage, and the ratio of Issue. Through Dashboard, we can have a holistic understanding of the overall quality of the project.
Select the various analysis indicators in the graph, you can see the details of the project on this indicator.

For example, look at the code analysis of related function methods in source functions:



You can see the specific code violating the corresponding rules, marked in red, click on the specific rules violated, SonarQube will explain the specific reasons for the code to violate the rules, and give the corresponding solution for reference, which for the project team members to locate the problem and solve problems are very helpful.

In fact, SonarQube also provides a lot of other aspects of quality dimension analysis, such as complexity, test coverage, and so on, no longer discuss its specific parameter details.

8. Related Configuration 8.1 Downloads
1, JDK (no longer introduced)
2, sonarqube:http://www.sonarqube.org/downloads/
3, Sonarqube+scanner:https://sonarsource.bintray.com/distribution/sonar-scanner-cli/sonar-scanner-2.5.zip

4. mysql database (no longer introduced)

8.2 sonarqube Configuration
1. After downloading the Sonarqube, unpack to open the Bin directory and launch the Startsonar in the appropriate OS directory. If this article demonstrates the use of a win 64-bit system, open the D:\sonar\sonarqube-5.3\sonarqube-5.3\bin\windows-x86-64\StartSonar.bat
2. Launch the browser, access the http://localhost:9000, if the following image shows the installation is successful.


First, the configuration database:
1. Open MySQL and create a new database sonar.
2. Open the D:\sonar\sonarqube-5.3\sonarqube-5.3\conf\sonar.properties file in the Sonarqube installation directory
3. In MySQL5. Enter the following information under the X node

sonar.jdbc.url=jdbc:mysql://lcalhost:3306/sonar?useunicode=true&characterencoding=utf8& Rewritebatchedstatements=true&useconfigs=maxperformance
SONAR.JDBC.USERNAME=GMSD
Sonar.jdbc.password=gmsdtrade
sonar.sorceencoding=utf-8
sonar.login=admin
sonar.password=admin

URL is the database connection address, username is the database user name, Jdbc.password is the database password, login is sonarqube login name, Sonar.password is sonarqube password
4. Restart the Sonarqube service, Access http://localhost:9000 again, a little bit slower because the database information is initialized
5. Log in after successful initialization of the database.

8.3 Sonar Configuration
1. Open D:\sonar\sonar-scanner-2.5\conf\sonar-runner.properties File
Enter the following information under the 2.mysql node

sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useunicode=true&characterencoding=utf8& Rewritebatchedstatements=true&useconfigs=maxperformance
SONAR.JDBC.USERNAME=GMSD
Sonar.jdbc.password=gmsdtrade

Note: If the test project is not on the same machine as the server, you need to add the server's IP:

#-----Default SonarQube Server
sonar.host.url=http://xxx.xxx.xxx.xxx:9000

3. Configure Environment variables
A. New variable, name=sonar_runner_home, value=d:\sonar\sonar-scanner-2.5
B. Open path and enter%sonar_runner_home%\bin;
C. sonar-runner-v, the following message appears, indicating that the environment variable is set successfully



8.4 Detected application configuration

Project Application Structure

1. Open the project root directory for code analysis and create a new sonar-project.properties file
2. Enter the following information

Sonar.projectkey=test
sonar.projectname=test
sonar.projectversion=1.0

Where: ProjectName is the project name, sources is the directory where the source file resides
6. After the setup is successful, start the Sonarqube service and start cmd
7. In cmd enter the root directory where the project is located, enter the command: Sonar-runner, the following image will appear after successful analysis

Open the http://localhost:9000/and we'll see a summary of the analysis items appearing on the homepage

9. Concluding remarks
Code Quality Management is significant for improving project quality. This paper briefly introduces the related concepts of SonarQube, and explains the process and configuration of project code quality management using SonarQube from the perspective of project. We hope to provide a valuable reference for readers who use SonarQube.