Use Sonar for code Quality Management

Source: Internet
Author: User
Tags apache tomcat continuous integration tools

Use Sonar for code Quality Management

This article describes how to build and use the code Quality Management Platform Sonar. Sonar is an open-source platform for managing the quality of source code. You will see the process from Sonar installation to setup, and how to use the Maven plug-in the project for convenient code quality management.

Sonar Overview

Sonar is an open platform for code quality management. With the plug-in mechanism, Sonar can integrate different test tools, code analysis tools, and continuous integration tools.

Unlike continuous integration tools (such as Hudson/Jenkins), Sonar does not simply display different code check tool results (such as FindBugs and PMD) on the Web page, instead, different plug-ins are used to reprocess these results and quantify the changes in code quality. This allows you to conveniently manage code quality for projects of different sizes and types.

In terms of support for other tools, Sonar not only provides support for IDE, but can view the results online in Eclipse and IntelliJ IDEA tools; at the same time, Sonar also provides Interface Support for a large number of continuous integration tools to facilitate the use of Sonar in continuous integration.

In addition, the Sonar plug-in can also provide support for programming languages other than Java, as well as good support for internationalization and report docalization.

Sonar Installation

Sonar is an open-source project in Codehaus, using LGPL V3 software license. We can download its source code and installation package from its official website.

The source code must be checked Out using the distributed version control software Git. The command line is as follows:

Git clone git: //

This article mainly introduces how to use Sonar. You only need to download the latest release package from the Sonar website. The latest version of this article is 2.11.

Download the zip package and decompress it directly to any directory. Because Sonar comes with the Jetty 6 Application server environment, you can use it without additional installation, it is worth mentioning that Sonar can also be deployed on the Apache Tomcat application server.

In windows, directly start the windows-x86-64 \ StartSonar. bat under the bin directory of Soanr.

Then access: http: // localhost: 9000/in the browser/

Figure 1. Sonar access interface

In this way, Sonar is successfully installed and started, but no plug-in is installed. You need to download and install the plug-in you need. This section uses the Quality Index Plugin as an example to describe how to download and install the Sonar plug-in.

First, visit the Dashboard> Sonar> Documentation> Sonar Plugin Library path on the Sonar homepage.

Figure 2. Download the Sonar plug-in

Go to the Quality Index plug-in and click the download path.

Figure 3. Download Quality Index Plugin

Then place the downloaded sonar-quality-index-plugin-1.1.3.jar file in the sonar-2.11 \ extensions \ plugins path. Restart Sonar to run and start working on the Sonar platform.

Database settings

Sonar uses the Derby database by default, but this database is generally used to evaluate the version or test Purpose. For commercial use and databases with high requirements, we recommend that you use other databases. Sonar supports most mainstream relational databases (such as Microsoft SQL Server, MySQL, Oracle, and PostgreSQL)

This document uses MySQL as an example to illustrate how to change the Sonar database settings:

  1. Create a sonar user in MySQL
  2. Copy MySQL driver files (such as mysql-connector-java-5.1.13.jar) to the sonar-2.11 \ extensions \ jdbc-driver \ mysql directory
  3. Modify the sonar-2.11 \ conf \ sonar. properties file, use # To comment out the original Derby configuration item, and open the configuration item of the MySQL database:
    # Comment the following lines to deactivate the default embedded database. # sonar. jdbc. url: jdbc: derby: // localhost: 1527/sonar; create = true # sonar. jdbc. driverClassName: org. apache. derby. jdbc. clientDriver # sonar. jdbc. validationQuery: values (1 )~~~~~~~~~~~~~~~ Omitted part ~~~~~~~~~~~~~~~~~~ # ----- MySQL 5.x/ 6.x# Comment the embedded database and uncomment the following # properties to use MySQL. the validation query is optional. sonar. jdbc. url: \ jdbc: mysql: // localhost: 3306/sonar? UseUnicode = true & characterEncoding = utf8sonar. jdbc. driverClassName: com. mysql. jdbc. Driver # sonar. jdbc. validationQuery: select 1
  4. Restart Sonar.
Use Sonar for code Quality Management

This section uses the open-source project Mojo as an example to describe how to use Sonar to manage the quality of source code without compilation, this article tries to use Sonar's Nemo demonstration function.

First, download the source code from the Mojo homepage (TortoiseSVN is used in this article). The Mojo project includes many projects.

Figure 4. Mojo project folder

Each project is a Maven project ,:

Figure 5. Maven project file

The compilation command is as follows:

mvn clean install

After the compilation is successful, run the following command:

mvn sonar:sonar

The Maven plugin automatically uploads the required data (such as unit test results and static test results) to the Sonar server. Note that the Sonar configuration is not in the pom of each project. in the xml file, but in the Maven Configuration File settings. in the xml file, the specific configuration is as follows:

  <profile>     <id>sonar</id>     <activation>         <activeByDefault>true</activeByDefault>     </activation>     <properties>          <sonar.jdbc.url>          jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8          </sonar.jdbc.url>          <sonar.jdbc.driver>com.mysql.jdbc.Driver</sonar.jdbc.driver>          <sonar.jdbc.username>sonar</sonar.jdbc.username>          <sonar.jdbc.password>sonar</sonar.jdbc.password>         <>http://localhost:9000</>     </properties>  </profile>

After the data required by Soanr is uploaded to the Sonar server, the plug-in installed by Sonar analyzes and processes the data and displays it to users in various ways, this allows you to conveniently monitor and manage code quality.

For example, the Radiator plug-in can be sorted based on the project scale, and different demonstration shows the code quality:

Figure 6. Radiator plug-in display

Sonar plug-in configuration

As mentioned above, the main feature of Sonar is to reprocess the inspection results generated by different tools. Sonar also provides users with a method for personalized data processing.

This section uses the Technical Debt plug-in as an example to describe how to set parameters to influence the final report results. First, let's take a look at The concept of "technical debt" in this plug-in. This concept was first proposed in his paper "The WyCash Portfolio Management System" by Ward cunnheim in 1992, later, it was accepted and promoted by the software engineering community. The author of refactoring, Martin Fowler, also introduced technical debt on his website. In fact, the principle can be understood as "getting out and mixing will be paid back sooner or later". The nonstandard code will affect the cost of future product modifications.

The Technical Debt plug-in of Soanr provides the default calculation formula. By configuring the weight parameters, you can adapt to the calculation of Technical Debt by different companies and projects.

Figure 7. Technical Debt calculation formula

The above data indicators can be set based on different situations of your company and project ,:

Figure 8. Sonar configuration page

For example, the technical debt indicators of the same project under the default parameters are as follows:

Figure 9. Result of Technical Debt with default parameters

After modifying the parameters, the result is:

Figure 10. Technical Debt result after parameter configuration

It can be seen that after the Average time to cover complexity of one (in hours) is changed from 0.2 to 0.01, the Coverage weight becomes smaller, so as to ignore the unit test Coverage rate. Different companies and projects can adjust their parameters as needed. Parameter Optimization and policies are not covered in this article.

The above example shows that Sonar uses different types of charts to display the results of code quality to users, and these charts do not simply display the unit test coverage rate or the results of static detection tools, it is the result of Secondary Processing Based on the software engineering theory, which is more scientific and intuitive.


Sonar provides a platform for code quality management. It integrates traditional static code detection tools such as PMD and FindBugs. It is one of the most powerful code quality management tools currently.

Sonar details: click here
Sonar: click here

This article permanently updates the link address:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.