A Free Trial That Lets You Build Big!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
4. Introduction of Working principle
Instead of simply presenting the results of the various quality inspection tools (such as FINDBUGS,PMD, etc.) directly to the customer, SonarQube is re-processing the results through different plug-in algorithms, ultimately measuring the quality of the code in a quantifiable way, Accordingly, the code quality management of different sizes and types of projects is conveniently carried out.
SonarQube in code Quality management, the quality of the project is analyzed from several latitude shown in Figure 1,
Figure 1. Project Quality Analysis
1. Poor complexity distribution
Files, classes, methods, and so on, if the complexity is too high will be difficult to change, which makes it difficult for developers to understand them, and without automated unit testing, changes to any component in the program will likely result in the need for comprehensive regression testing. 2. Repeat
A program that contains a lot of copy-and-paste code is obviously poor quality, and sonar can show where the source is repeating serious.
3. Lack of unit testing
Sonar makes it easy to count and present unit test coverage.
4. No Code standards
Sonar can be written by Code Rule Detection Tool specification code, such as Pmd,checkstyle,findbugs.
5. Not enough or too many comments
No comment will make the code less readable, especially when people change inevitably, the readability of the program will drop dramatically and too much comment will cause the developer to spend too much time reading the comment and violating the original intention.
6. Potential bugs
Sonar can detect potential bugs through the Code rule Detection Tool, such as pmd,checkstyle,findbugs.
7. Poorly designed (original spaghetti design)
Sonar can find loops that show the interdependencies between packages and classes and classes can detect custom schema rules, manage third-party jar packages, and use LCOM4 to detect the application of individual task rules.
Through the sonarqube can effectively detect the above in the program development process of the seven major problems.
The overall architecture of the SonarQube platform is shown in Figure 2:
Figure 2. SonarQube's service architecture
Remote clients can upload the analyzed project code to SonarQube server and perform code quality management and analysis through a variety of different analysis mechanisms, and SonarQube will present the results of the analysis to the user visually and in a measurable way through the Web API.
5. Installation and configuration requirements
The installation of sonarqube usually needs to meet certain hardware and software conditions, the specific requirements are as follows:
1. Server Requirements
Web server requires a minimum of 500MB of memory space and a recommended memory size of 2GB. Sonar typically stores approximately 350KB of data per 1 KLOC for code quality analysis, so try to provide large memory for SonarQube Web server.
2. Database Requirements
Although Sonarqube itself comes with an embedded Derby database, because Derby is simpler, it is highly recommended to install the appropriate enterprise database in a production environment, Sonarqube supported databases include: MySQL 5.x+, oracle10g+, PostgreSQL 9.x and MS SQL Server 2005 and 2008 are recommended for use with MySQL.
3. Browser Requirements
Sonarqube supports most browsers, including Firefox, Internet Explorer 7.x and 8.x and chromed, and Firefox is recommended.
6. Code Quality Analysis Method
When using SonarQube for code Quality management of a project, there are typically three different ways to initiate code analysis, respectively
1) Analyzing with SonarQube Runner
2) analyzing with SonarQube Ant Task
3) Analyzing with Maven
The main difference between the three methods is that they apply to projects of different architectures and organizational forms, and their corresponding configuration files are not the same.
Here are three ways to do this separately.
analyzing with SonarQube Runner
It is often recommended to use SonarQube Runner this way, as this approach works for all projects of different architectures, including projects that do not use any source control tools, and the use of a variety of different code management tools (SVN, Git, ClearCase, etc.) and compilation tools (Ant , MAVEN) Project form, which all can be applied.
analyzing with SonarQube Ant Task
This approach is intended primarily for projects that use ant tools for building, compiling, packaging, and testing, and when using ant Task to parse code,
To download the SonarQube Ant Task installation, create and configure the Build.xml file in the root directory of the parsed project code.
Configures information about the parsed project code and also contains information about the corresponding SonarQube Server to which it is connected, and analyzes the code using the appropriate command.
Analyzing with Maven
When a project is managed and built using Maven tools, the project applies to this method. When you use Maven to parse code, you need information about the configuration of the Sonarqube server in Pom.xml, and then perform "MVN Sonar:sonar" to analyze the quality of the project code.
The above three kinds of ways have different pertinence, the specific use of which way to according to the actual situation of the project to be flexible judgment.
7, Code quality analysis Results Resolution
When the project code is successfully parsed, SonarQube Server stores the results of the analysis in the appropriate database and presents the results in a report to the user in the form of a Web page.
The following is an example of a simple project code analysis results, the analysis of its various indicators are briefly introduced.
Example of the above Java project source code file quality Analysis Analysis Results Example-01
The SonarQube project Dashboard, which is the portal to view the results of any project analysis, shows the results of the overall analysis of the project's indicators, including the repetition rate of the project, the proportion of annotations, unit test coverage, and the ratio of Issue. Through Dashboard, we can have a holistic understanding of the overall quality of the project.
Select the various analysis indicators in the graph, you can see the details of the project on this indicator.
For example, look at the code analysis of related function methods in source functions:
You can see the specific code violating the corresponding rules, marked in red, click on the specific rules violated, SonarQube will explain the specific reasons for the code to violate the rules, and give the corresponding solution for reference, which for the project team members to locate the problem and solve problems are very helpful.
In fact, SonarQube also provides a lot of other aspects of quality dimension analysis, such as complexity, test coverage, and so on, no longer discuss its specific parameter details.
8. Related Configuration 8.1 Downloads
1, JDK (no longer introduced)
4. mysql database (no longer introduced)
8.2 sonarqube Configuration
1. After downloading the Sonarqube, unpack to open the Bin directory and launch the Startsonar in the appropriate OS directory. If this article demonstrates the use of a win 64-bit system, open the D:\sonar\sonarqube-5.3\sonarqube-5.3\bin\windows-x86-64\StartSonar.bat
2. Launch the browser, access the http://localhost:9000, if the following image shows the installation is successful.
First, the configuration database:
1. Open MySQL and create a new database sonar.
2. Open the D:\sonar\sonarqube-5.3\sonarqube-5.3\conf\sonar.properties file in the Sonarqube installation directory
3. In MySQL5. Enter the following information under the X node
sonar.jdbc.url=jdbc:mysql://lcalhost:3306/sonar?useunicode=true&characterencoding=utf8& Rewritebatchedstatements=true&useconfigs=maxperformance SONAR.JDBC.USERNAME=GMSD Sonar.jdbc.password=gmsdtrade sonar.sorceencoding=utf-8 sonar.login=admin sonar.password=admin
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useunicode=true&characterencoding=utf8& Rewritebatchedstatements=true&useconfigs=maxperformance SONAR.JDBC.USERNAME=GMSD Sonar.jdbc.password=gmsdtrade
#-----Default SonarQube Server sonar.host.url=http://xxx.xxx.xxx.xxx:9000
Project Application Structure
1. Open the project root directory for code analysis and create a new sonar-project.properties file
2. Enter the following information
Where: ProjectName is the project name, sources is the directory where the source file residesSonar.projectkey=test sonar.projectname=test sonar.projectversion=1.0
Open the http://localhost:9000/and we'll see a summary of the analysis items appearing on the homepage
9. Concluding remarks
Code Quality Management is significant for improving project quality. This paper briefly introduces the related concepts of SonarQube, and explains the process and configuration of project code quality management using SonarQube from the perspective of project. We hope to provide a valuable reference for readers who use SonarQube.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service