SlideShare a Scribd company logo

Java Source Code Analysis using SonarQube

Angelin R
Angelin R

Java Source Code Analysis using SonarQube

Technology
1 of 30
Download to read offline
@ardentlearner 1 CODE ANALYSIS USING SONARQUBE Author - ANGELIN
@ardentlearner 2 TABLE OF CONTENTS 1. INTRODUCTION....................................................................................................................................................4 1.1 SonarQube ...................................................................................................................................................4 1.2 SonarQube Features ....................................................................................................................................4 2. Environment setup to use SonarQube.................................................................................................................5 2.1 SonarQube Server and SonarQube Runner – Setup ....................................................................................5 2.2 SonarQube Server Setup Validation.............................................................................................................6 2.3 Environment Variables Setup.......................................................................................................................8 3. Analyzing a Non - Maven project.........................................................................................................................9 3.1 Setup Of Non - Maven Project For SonarQube Analysis ..............................................................................9 3.2 Generating and Viewing the SonarQube report ........................................................................................11 4. Analyzing a Maven project.................................................................................................................................12 4.1 Maven and Environment Setup .................................................................................................................12 Installing Maven.................................................................................................................................................12 Configuring Maven.............................................................................................................................................12 4.2 Setup Of Maven Project For SonarQube Analysis......................................................................................14 4.3 Generating and Viewing the SonarQube report ........................................................................................16 Run SonarQube analysis.....................................................................................................................................16 Viewing the SonarQube report ..........................................................................................................................16 5. Analyzing with SonarQube Ant Task ..................................................................................................................17 5.1 Installing and Configuring SonarQube Ant Task.........................................................................................17 Prerequisites ......................................................................................................................................................17 SonarQube Ant Task Installation........................................................................................................................17 5.2 Ant Build Script configuration ....................................................................................................................17 5.3 Generating and Viewing the SonarQube report ........................................................................................18 Run SonarQube analysis.....................................................................................................................................18 Viewing the SonarQube report ..........................................................................................................................19
@ardentlearner 3 6. Analysis using SonarQube Eclipse Plugin ...........................................................................................................19 6.1 Installing SonarQube Eclipse plugin ...........................................................................................................19 6.2 Configuring SonarQube Eclipse plugin .......................................................................................................23 6.3 Linking a Project to One Analyzed on a SonarQube Server .......................................................................24 6.4 Working with SonarQube in Eclipse...........................................................................................................26 Run SonarQube analysis.....................................................................................................................................26 Viewing Issues using SonarQube Views in Eclipse .............................................................................................26 7. References .........................................................................................................................................................30
@ardentlearner 4 1. INTRODUCTION This document contains all essential information required to install and configure SonarQube and execute SonarQube analysis in Maven and non-Maven projects. 1.1 SONARQUBE SonarQube™ software (previously known as “Sonar”) is an open source project for Continuous Inspection of code quality hosted at Codehaus. It is distributed under license LGPL v3. 1.2 SONARQUBE FEATURES SonarQube covers the 7 axes of code quality:  Architecture & Design  Comments  Coding rules  Potential Bugs  Duplications  Unit Tests  Complexity SonarQube can perform analysis on 25+ different languages. The outcome of this analysis will be quality measures and issues (instances where coding rules were broken). However, what gets analyzed will vary depending on the language:  On all languages, a static analysis of source code is performed (Java files, COBOL programs, etc.)  A static analysis of compiled code can be performed for certain languages (.CLASS files or jars in Java, .DLL files in C#, etc.)  A dynamic analysis of code can be performed on certain languages (execution of unit tests in Java, C#, etc.)
@ardentlearner 5  SonarQube is also used for Android Development.  SonarQube internally uses PMD, Findbugs, CheckStyle etc.  Integration of SonarQube with standard ALM components such as Maven, Ant, SVN, Git, Mercurial, JIRA, Mantis, Google Analytics, Piwik, Fortify etc. comes out of the box. 2. ENVIRONMENT SETUP TO USE SONARQUBE 2.1 SONARQUBE SERVER AND SONARQUBE RUNNER – SETUP  Java - Download and install latest version of Java if it is not already available.  SonarQube - Download latest version of SonarQube from http://www.SonarQube.org/downloads and unzip to desired location.  SonarQube Runner - Download latest version of SonarQube runner from http://docs.codehaus.org/display/SONAR/Installing+and+Configuring+Sonar+Runner and unzip to desired location. NOTE: SonarQube Runner is recommended as the default launcher to analyze a project with SonarQube.
@ardentlearner 6 2.2 SONARQUBE SERVER SETUP VALIDATION 1. Start the SonarQube server using the startup script available in SONAR_HOMEbin folder. NOTE: In SONAR_HOMEbin folder, subfolders appropriate to the Operating System will be available and they will in turn contain the SonarQube server startup scripts.
@ardentlearner 7 EXAMPLE: SONAR_HOMEbinwindows-x86-32StartSonar.bat 2. After the server starts, access the web interface of the SonarQube at http://localhost:9000/ Note:  For remote access, replace localhost with the address of the SonarQube server.  9000 is the default port and can be changed in SONAR_HOMEconfsonar.properties  Default credentials is admin/admin
@ardentlearner 8 2.3 ENVIRONMENT VARIABLES SETUP 1. Set a new environment variable as SONAR_RUNNER_HOME. And its value should be the unzipped path of sonar-runner zip file. Example, “C:Program Files (x86)sonar-runner-2.4” 2. Append Sonar Runner’s bin path (%SONAR_RUNNER_HOME%bin) to the environment variable “PATH”. 3. Update the global settings (database connection, server URL) by editing sonar-runner.properties file under Sonar Runner’s conf folder. <Sonar_runner_installed_directory>/conf/sonar-runner.properties
@ardentlearner 9 3. ANALYZING A NON - MAVEN PROJECT 3.1 SETUP OF NON - MAVEN PROJECT FOR SONARQUBE ANALYSIS A sonar-project.properties file has to be placed into the root of the project folder.
@ardentlearner 10 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 1. Prepare a similar file with content relevant to the Project to be analyzed. 2. Place the sonar-project.properties files into the root of the project folder.
@ardentlearner 11 3.2 GENERATING AND VIEWING THE SONARQUBE REPORT 1. Ensure that the steps in Section 2 above are executed and the SonarQube server is started. 2. Go to command line and change directory (cd) to the project’s root directory and run the command [path of sonar-runner]binsonar-runner.bat 3. Upon successful execution of the above command, check the SonarQube dashboard by opening SonarQube Server’s admin page at http://localhost:9000 (default URL). Default credentials – admin/admin. 4. The project will be listed on the dashboard with the name given in sonar-project.properties file. 5. Click on the project name and explore further to view the code analysis report. A sample report is shown below: Note: The above result is only from PMD and Checkstyle execution by SonarQube. To run code coverage as well as Findbug plugins, the binary path is needed in the sonar-project.properties file.
@ardentlearner 12 4. ANALYZING A MAVEN PROJECT 4.1 MAVEN AND ENVIRONMENT SETUP INSTALLING MAVEN Download and install Maven (with a version compatible with the SonarQube version installed) if not already installed. CONFIGURING MAVEN 1. Edit the settings.xml file located in $MAVEN_HOME/conf or ~/.m2, to set the database parameters to be used as well as the SonarQube server URL. Example: <settings> <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Example for MySQL--> <sonar.jdbc.url>
@ardentlearner 13 jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8 </sonar.jdbc.url> <sonar.jdbc.username>sonar</sonar.jdbc.username> <sonar.jdbc.password>sonar</sonar.jdbc.password> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url> http://localhost:9000 </sonar.host.url> </properties> </profile> </profiles> </settings> Note: The Maven plugin requires some additional configuration to establish a connection to the web platform, where it reports the results of the analysis – sonar.host.url and sonar.jdbc.url will help with that. Other properties, like sonar.analysis.mode, sonar.profile and sonar.dynamicAnalysis configure the plugin to gather certain statistics only. 2. Restart the SonarQube server.
@ardentlearner 14 4.2 SETUP OF MAVEN PROJECT FOR SONARQUBE ANALYSIS 1. Go to the Maven project and edit pom.xml file adding the SonarQube plugin for the Maven version (http://docs.codehaus.org/display/SONAR/Analyzing+with+Maven) Maven3 configuration: <build> <pluginManagement> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>2.0</version> </plugin> <plugins> </pluginManagement> </build> 2. A sonar-project.properties file has to be placed into the root of the project folder.
@ardentlearner 15 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 a) Prepare a similar file with content relevant to the Project to be analyzed. b) Place the sonar-project.properties files into the root of the project folder.
@ardentlearner 16 4.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS From the project root directory where the pom.xml file is also placed, execute the following command giving user/password credentials: mvn sonar:sonar Note: # The sonar:sonar goal must be executed in a dedicated mvn command mvn clean install mvn sonar:sonar # The following command may lead to unexpected issues mvn clean install sonar:sonar VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report.
@ardentlearner 17 5. ANALYZING WITH SONARQUBE ANT TASK 5.1 INSTALLING AND CONFIGURING SONARQUBE ANT TASK The SonarQube Ant Task allows integration of SonarQube analysis into an Apache Ant build script. PREREQUISITES  Ant 1.7.1 or higher  Java 1.6 or higher SONARQUBE ANT TASK INSTALLATION Download the SonarQube Ant Task on your machine. Download Path: http://repository.codehaus.org/org/codehaus/sonar-plugins/sonar-ant-task/2.1/sonar-ant-task-2.1.jar 5.2 ANT BUILD SCRIPT CONFIGURATION Define a new sonar Ant target in your Ant build script: build.xml <project name="My Project" default="all" basedir="." xmlns:sonar="antlib:org.sonar.ant"> ... <!-- Define the SonarQube global properties (the most usual way is to pass these properties via the command line) --> <property name="sonar.jdbc.url" value="jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8" /> <property name="sonar.jdbc.username" value="sonar" /> <property name="sonar.jdbc.password" value="sonar" /> ... <!-- Define the SonarQube project properties -->
@ardentlearner 18 <property name="sonar.projectKey" value="org.codehaus.sonar:example-java-ant" /> <property name="sonar.projectName" value="Simple Java Project analyzed with the SonarQube Ant Task" /> <property name="sonar.projectVersion" value="1.0" /> <property name="sonar.language" value="java" /> <property name="sonar.sources" value="src" /> <property name="sonar.binaries" value="build/*.jar" /> ... <!-- Define the SonarQube target --> <target name="sonar"> <taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml"> <!-- Update the following line, or put the "sonar-ant-task-*.jar" file in your "$HOME/.ant/lib" folder --> <classpath path="path/to/sonar/ant/task/lib/sonar-ant-task-*.jar" /> </taskdef> <!-- Execute the SonarQube analysis --> <sonar:sonar /> </target> ... 5.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS Run the following command from the project base directory to launch the analysis: ant sonar
@ardentlearner 19 VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report. 6. ANALYSIS USING SONARQUBE ECLIPSE PLUGIN The SonarQube Eclipse Plugin provides a comprehensive integration of SonarQube in Eclipse for Java, C/C++ and Python projects. 6.1 INSTALLING SONARQUBE ECLIPSE PLUGIN  If a previous version of SonarQube Eclipse plugin is already installed, you can update it. Go to Help > Check for Updates.  To install SonarQube Eclipse plugin in Eclipse IDE: 1. Go to Help > Eclipse Marketplace... and search for "SonarQube"
@ardentlearner 20 This should display the list of available plugins and components:
@ardentlearner 21 Or Go to Help > Install New Software... This should display the Install dialog box. Paste the Update Site URL (http://dist.sonar-ide.codehaus.org/eclipse/ the latest version or http://dist.sonar-ide.codehaus.org/eclipse-archives/ for previous ones) into the field Work with and press Enter. This should display the list of available plugins and components:
@ardentlearner 22 1. Check the SonarQube components to install. 2. Click Next. Eclipse will then check to see if there is any issue which would prevent a successful installation. 3. Click Finish to begin the installation process. Eclipse will then download and install the necessary components. 4. Once the installation process is finished, Eclipse will ask if you want to restart the IDE. It is strongly recommended that you restart the IDE.
@ardentlearner 23 6.2 CONFIGURING SONARQUBE ECLIPSE PLUGIN  A project should have been already created and configured with SonarQube server in order to start analyzing it with SonarQube in Eclipse.  The SonarQube server connection should be established before attempting to run the analysis. This can be ensured by testing the Server connection in Eclipse through the menu option: Windows > Preferences > SonarQube > Servers. Default server is http://localhost:9000/
@ardentlearner 24 If the test does not return the message “Successfully connected!”, then start the SonarQube server and retest the connection using the same steps. 6.3 LINKING A PROJECT TO ONE ANALYZED ON A SONARQUBE SERVER LINKING FOR THE FIRST TIME Once the SonarQube server is defined, the next step is to link your Eclipse project with a project defined on this SonarQube server. To do so, right-click on the project in the Project Explorer, and then choose the option Configure > Associate with SonarQube
@ardentlearner 25 A dialog appears with the SonarQube project text field. Start typing the name of the project in the text field against SonarQube project column and select it in the list box: Click on Finish. Now the project is associated to the one analyzed on the SonarQube server and the SonarQube reports can be viewed within eclipse. Note: Automatic association for Maven projects For Maven projects, the association is performed automatically.
@ardentlearner 26 6.4 WORKING WITH SONARQUBE IN ECLIPSE RUN SONARQUBE ANALYSIS To run a new analysis, right click on the project and go to SonarQube > Analyze. Note: You can also hit Ctrl+Alt+Q wherever you are in your project to trigger a new analysis. VIEWING ISSUES USING SONARQUBE VIEWS IN ECLIPSE Four different views are available in Eclipse to browse the quality of the projects:  SonarQube Issues that list the issues on the selected component  SonarQube Issue Editor to review the issue
@ardentlearner 27  SonarQube Rule Description to get the detailed description of the rule that is violated  SonarQube Web Browser SONARQUBE ISSUES The SonarQube Issues view displays the list of issues of the selected component (project, module, file, etc.). To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issues. Problems and Markers views also display issues. Issues are flagged in the source code viewer. New issues (compared to the latest version on the SonarQube server) are highlighted in yellow. This allows you to focus on the new issues that you have introduced.
@ardentlearner 28 You can add/remove/order columns, group issues (by severity, new issues only, ...), filter issues (new issues only, issues assigned to me, ...), sort (by assignee, ...). Note: "Resolved" issues are not displayed. SONARQUBE ISSUE EDITOR This view allows you to review the selected issue (add comments, confirm it, plan it, etc.) the same way you would do it through the web interface. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issue Editor.
@ardentlearner 29 Note: It is not possible to review new issue that you have introduced. SONARQUBE RULE DESCRIPTION This view allows you to access the detailed description of the coding rule of the selected issue. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Rule Description. SONARQUBE WEB BROWSER This view allows you to access the SonarQube web interface. This view is automatically displayed when clicking on SonarQube > Open in SonarQube server. It can also be displayed by going to Window > Show View > Other... > SonarQube > SonarQube Web Browser.
@ardentlearner 30 7. REFERENCES 1. Compatibility matrix showing the versions compatible between SonarQube, SonarQube Ant Task, SonarQube Runner and Maven at : http://docs.codehaus.org/display/SONAR/Analyzing+Source+Code#AnalyzingSourceCode- CompatibilityMatrix 2. http://docs.codehaus.org/display/SONAR/Working+with+SonarQube+in+Eclipse

Recommended

Sonarqube
SonarqubeSonarqube
SonarqubeKalkey
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeEmre Dündar
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube OverviewAhmed M. Gomaa
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? Geeks Anonymes
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerManu Pk
 
Managing code quality with SonarQube
Managing code quality with SonarQubeManaging code quality with SonarQube
Managing code quality with SonarQubeRadu Vunvulea
 
Sonarqube
SonarqubeSonarqube
SonarqubePeerapat Asoktummarungsri
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQubeDmytro Patserkovskyi
 

Recommended

Sonarqube
SonarqubeSonarqube
SonarqubeKalkey
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeEmre Dündar
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube OverviewAhmed M. Gomaa
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? Geeks Anonymes
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerManu Pk
 
Managing code quality with SonarQube
Managing code quality with SonarQubeManaging code quality with SonarQube
Managing code quality with SonarQubeRadu Vunvulea
 
Sonarqube
SonarqubeSonarqube
SonarqubePeerapat Asoktummarungsri
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQubeDmytro Patserkovskyi
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionMichael Jesse
 
SonarQube
SonarQubeSonarQube
SonarQubeGnanaseelan Jeb
 
Sonar Review
Sonar ReviewSonar Review
Sonar ReviewKate Semizhon
 
SonarQube Presentation.pptx
SonarQube Presentation.pptxSonarQube Presentation.pptx
SonarQube Presentation.pptxSatwik Bhupathi Raju
 
Jenkins with SonarQube
Jenkins with SonarQubeJenkins with SonarQube
Jenkins with SonarQubeSomkiat Puisungnoen
 
Sonar qube
Sonar qubeSonar qube
Sonar qubepenetration Tester
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualityLarry Nung
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubePatroklos Papapetrou (Pat)
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qubeHayi Nukman
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning TalkJonathan Gregory
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisPrashant Gupta
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short versionDmytro Patserkovskyi
 
Sonar
SonarSonar
SonarPeerapat Asoktummarungsri
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with SonarlintUT, San Antonio
 
SonarQube.pptx
SonarQube.pptxSonarQube.pptx
SonarQube.pptxYASHWANTHGANESH1
 
Sonarlint
SonarlintSonarlint
Sonarlintpenetration Tester
 
Continuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarContinuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarPascal Larocque
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
What is SonarQube in DevOps.docx
What is SonarQube in DevOps.docxWhat is SonarQube in DevOps.docx
What is SonarQube in DevOps.docxDevOps University
 
Java convention
Java conventionJava convention
Java conventionTan Tran
 
Subversion howto
Subversion howtoSubversion howto
Subversion howtoChandra Shekar Goud Panugulla
 

More Related Content

What's hot

Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionMichael Jesse
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualityLarry Nung
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubePatroklos Papapetrou (Pat)
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qubeHayi Nukman
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning TalkJonathan Gregory
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisPrashant Gupta
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short versionDmytro Patserkovskyi
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with SonarlintUT, San Antonio
 
Continuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarContinuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarPascal Larocque
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
What is SonarQube in DevOps.docx
What is SonarQube in DevOps.docxWhat is SonarQube in DevOps.docx
What is SonarQube in DevOps.docxDevOps University
 

What's hot (20)

Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code Inspection
 
SonarQube
SonarQubeSonarQube
SonarQube
 
Sonar Review
Sonar ReviewSonar Review
Sonar Review
 
SonarQube Presentation.pptx
SonarQube Presentation.pptxSonarQube Presentation.pptx
SonarQube Presentation.pptx
 
Jenkins with SonarQube
Jenkins with SonarQubeJenkins with SonarQube
Jenkins with SonarQube
 
Sonar qube
Sonar qubeSonar qube
Sonar qube
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code Quality
 
Tracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQubeTracking and improving software quality with SonarQube
Tracking and improving software quality with SonarQube
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qube
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning Talk
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysis
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short version
 
Sonar
SonarSonar
Sonar
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
 
SonarQube.pptx
SonarQube.pptxSonarQube.pptx
SonarQube.pptx
 
Sonarlint
SonarlintSonarlint
Sonarlint
 
Continuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarContinuous integration using Jenkins and Sonar
Continuous integration using Jenkins and Sonar
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
 
What is SonarQube in DevOps.docx
What is SonarQube in DevOps.docxWhat is SonarQube in DevOps.docx
What is SonarQube in DevOps.docx
 

Similar to Java Source Code Analysis using SonarQube

Java convention
Java conventionJava convention
Java conventionTan Tran
 
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...Felipe Prado
 
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_ReportAnomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_ReportCiaran McDonald
 
Linux_kernelmodule
Linux_kernelmodule Linux_kernelmodule
Linux_kernelmodule sudhir1223
 
Oracle ebs-r12-1-3installationlinux64bit
Oracle ebs-r12-1-3installationlinux64bitOracle ebs-r12-1-3installationlinux64bit
Oracle ebs-r12-1-3installationlinux64bitRavi Kumar Lanke
 
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianOracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianPan Tian
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNagios
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.Marc Trimble
 
Coding guideline
Coding guidelineCoding guideline
Coding guidelineVu Nguyen
 
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoenvdmchallenge
 
20091112 - Mars Jug - Apache Maven
20091112 - Mars Jug - Apache Maven20091112 - Mars Jug - Apache Maven
20091112 - Mars Jug - Apache MavenArnaud Héritier
 
Jenkins log monitoring with elk stack
Jenkins log monitoring with elk stackJenkins log monitoring with elk stack
Jenkins log monitoring with elk stackSubhasis Roy
 

Similar to Java Source Code Analysis using SonarQube (20)

Java convention
Java conventionJava convention
Java convention
 
Subversion howto
Subversion howtoSubversion howto
Subversion howto
 
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
 
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_ReportAnomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
 
installation_manual
installation_manualinstallation_manual
installation_manual
 
installation_manual
installation_manualinstallation_manual
installation_manual
 
Linux_kernelmodule
Linux_kernelmodule Linux_kernelmodule
Linux_kernelmodule
 
Oracle ebs-r12-1-3installationlinux64bit
Oracle ebs-r12-1-3installationlinux64bitOracle ebs-r12-1-3installationlinux64bit
Oracle ebs-r12-1-3installationlinux64bit
 
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianOracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
 
Sonar qube configuration
Sonar qube configurationSonar qube configuration
Sonar qube configuration
 
Coding guideline
Coding guidelineCoding guideline
Coding guideline
 
Maven.pptx
Maven.pptxMaven.pptx
Maven.pptx
 
Sonar
SonarSonar
Sonar
 
ROS ROS
ROS ROSROS ROS
ROS ROS
 
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
 
20091112 - Mars Jug - Apache Maven
20091112 - Mars Jug - Apache Maven20091112 - Mars Jug - Apache Maven
20091112 - Mars Jug - Apache Maven
 
Jenkins log monitoring with elk stack
Jenkins log monitoring with elk stackJenkins log monitoring with elk stack
Jenkins log monitoring with elk stack
 
textconfig
textconfigtextconfig
textconfig
 

More from Angelin R

Comparison of Java Web Application Frameworks
Comparison of Java Web Application FrameworksComparison of Java Web Application Frameworks
Comparison of Java Web Application FrameworksAngelin R
 
[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQubeAngelin R
 
The principles of good programming
The principles of good programmingThe principles of good programming
The principles of good programmingAngelin R
 
Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)Angelin R
 
A Slice of Me
A Slice of MeA Slice of Me
A Slice of MeAngelin R
 
Team Leader - 30 Essential Traits
Team Leader - 30 Essential TraitsTeam Leader - 30 Essential Traits
Team Leader - 30 Essential TraitsAngelin R
 
Action Script
Action ScriptAction Script
Action ScriptAngelin R
 
Agile SCRUM Methodology
Agile SCRUM MethodologyAgile SCRUM Methodology
Agile SCRUM MethodologyAngelin R
 
Exception handling and logging best practices
Exception handling and logging best practicesException handling and logging best practices
Exception handling and logging best practicesAngelin R
 
Tamil Christian Worship Songs
Tamil Christian Worship SongsTamil Christian Worship Songs
Tamil Christian Worship SongsAngelin R
 
Flex MXML Programming
Flex MXML ProgrammingFlex MXML Programming
Flex MXML ProgrammingAngelin R
 
Introduction to Adobe Flex
Introduction to Adobe FlexIntroduction to Adobe Flex
Introduction to Adobe FlexAngelin R
 
Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)Angelin R
 
Restful Web Services
Restful Web ServicesRestful Web Services
Restful Web ServicesAngelin R
 
Effective Team Work Model
Effective Team Work ModelEffective Team Work Model
Effective Team Work ModelAngelin R
 
Team Building Activities
Team Building ActivitiesTeam Building Activities
Team Building ActivitiesAngelin R
 

More from Angelin R (17)

Comparison of Java Web Application Frameworks
Comparison of Java Web Application FrameworksComparison of Java Web Application Frameworks
Comparison of Java Web Application Frameworks
 
[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube
 
The principles of good programming
The principles of good programmingThe principles of good programming
The principles of good programming
 
Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)
 
A Slice of Me
A Slice of MeA Slice of Me
A Slice of Me
 
Team Leader - 30 Essential Traits
Team Leader - 30 Essential TraitsTeam Leader - 30 Essential Traits
Team Leader - 30 Essential Traits
 
Action Script
Action ScriptAction Script
Action Script
 
Agile SCRUM Methodology
Agile SCRUM MethodologyAgile SCRUM Methodology
Agile SCRUM Methodology
 
Exception handling and logging best practices
Exception handling and logging best practicesException handling and logging best practices
Exception handling and logging best practices
 
Tamil Christian Worship Songs
Tamil Christian Worship SongsTamil Christian Worship Songs
Tamil Christian Worship Songs
 
Flex MXML Programming
Flex MXML ProgrammingFlex MXML Programming
Flex MXML Programming
 
Introduction to Adobe Flex
Introduction to Adobe FlexIntroduction to Adobe Flex
Introduction to Adobe Flex
 
Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)
 
Restful Web Services
Restful Web ServicesRestful Web Services
Restful Web Services
 
Effective Team Work Model
Effective Team Work ModelEffective Team Work Model
Effective Team Work Model
 
Team Building Activities
Team Building ActivitiesTeam Building Activities
Team Building Activities
 
XStream
XStreamXStream
XStream
 

Recently uploaded

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Recently uploaded (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

Java Source Code Analysis using SonarQube

  • 2. @ardentlearner 2 TABLE OF CONTENTS 1. INTRODUCTION....................................................................................................................................................4 1.1 SonarQube ...................................................................................................................................................4 1.2 SonarQube Features ....................................................................................................................................4 2. Environment setup to use SonarQube.................................................................................................................5 2.1 SonarQube Server and SonarQube Runner – Setup ....................................................................................5 2.2 SonarQube Server Setup Validation.............................................................................................................6 2.3 Environment Variables Setup.......................................................................................................................8 3. Analyzing a Non - Maven project.........................................................................................................................9 3.1 Setup Of Non - Maven Project For SonarQube Analysis ..............................................................................9 3.2 Generating and Viewing the SonarQube report ........................................................................................11 4. Analyzing a Maven project.................................................................................................................................12 4.1 Maven and Environment Setup .................................................................................................................12 Installing Maven.................................................................................................................................................12 Configuring Maven.............................................................................................................................................12 4.2 Setup Of Maven Project For SonarQube Analysis......................................................................................14 4.3 Generating and Viewing the SonarQube report ........................................................................................16 Run SonarQube analysis.....................................................................................................................................16 Viewing the SonarQube report ..........................................................................................................................16 5. Analyzing with SonarQube Ant Task ..................................................................................................................17 5.1 Installing and Configuring SonarQube Ant Task.........................................................................................17 Prerequisites ......................................................................................................................................................17 SonarQube Ant Task Installation........................................................................................................................17 5.2 Ant Build Script configuration ....................................................................................................................17 5.3 Generating and Viewing the SonarQube report ........................................................................................18 Run SonarQube analysis.....................................................................................................................................18 Viewing the SonarQube report ..........................................................................................................................19
  • 3. @ardentlearner 3 6. Analysis using SonarQube Eclipse Plugin ...........................................................................................................19 6.1 Installing SonarQube Eclipse plugin ...........................................................................................................19 6.2 Configuring SonarQube Eclipse plugin .......................................................................................................23 6.3 Linking a Project to One Analyzed on a SonarQube Server .......................................................................24 6.4 Working with SonarQube in Eclipse...........................................................................................................26 Run SonarQube analysis.....................................................................................................................................26 Viewing Issues using SonarQube Views in Eclipse .............................................................................................26 7. References .........................................................................................................................................................30
  • 4. @ardentlearner 4 1. INTRODUCTION This document contains all essential information required to install and configure SonarQube and execute SonarQube analysis in Maven and non-Maven projects. 1.1 SONARQUBE SonarQube™ software (previously known as “Sonar”) is an open source project for Continuous Inspection of code quality hosted at Codehaus. It is distributed under license LGPL v3. 1.2 SONARQUBE FEATURES SonarQube covers the 7 axes of code quality:  Architecture & Design  Comments  Coding rules  Potential Bugs  Duplications  Unit Tests  Complexity SonarQube can perform analysis on 25+ different languages. The outcome of this analysis will be quality measures and issues (instances where coding rules were broken). However, what gets analyzed will vary depending on the language:  On all languages, a static analysis of source code is performed (Java files, COBOL programs, etc.)  A static analysis of compiled code can be performed for certain languages (.CLASS files or jars in Java, .DLL files in C#, etc.)  A dynamic analysis of code can be performed on certain languages (execution of unit tests in Java, C#, etc.)
  • 5. @ardentlearner 5  SonarQube is also used for Android Development.  SonarQube internally uses PMD, Findbugs, CheckStyle etc.  Integration of SonarQube with standard ALM components such as Maven, Ant, SVN, Git, Mercurial, JIRA, Mantis, Google Analytics, Piwik, Fortify etc. comes out of the box. 2. ENVIRONMENT SETUP TO USE SONARQUBE 2.1 SONARQUBE SERVER AND SONARQUBE RUNNER – SETUP  Java - Download and install latest version of Java if it is not already available.  SonarQube - Download latest version of SonarQube from http://www.SonarQube.org/downloads and unzip to desired location.  SonarQube Runner - Download latest version of SonarQube runner from http://docs.codehaus.org/display/SONAR/Installing+and+Configuring+Sonar+Runner and unzip to desired location. NOTE: SonarQube Runner is recommended as the default launcher to analyze a project with SonarQube.
  • 6. @ardentlearner 6 2.2 SONARQUBE SERVER SETUP VALIDATION 1. Start the SonarQube server using the startup script available in SONAR_HOMEbin folder. NOTE: In SONAR_HOMEbin folder, subfolders appropriate to the Operating System will be available and they will in turn contain the SonarQube server startup scripts.
  • 7. @ardentlearner 7 EXAMPLE: SONAR_HOMEbinwindows-x86-32StartSonar.bat 2. After the server starts, access the web interface of the SonarQube at http://localhost:9000/ Note:  For remote access, replace localhost with the address of the SonarQube server.  9000 is the default port and can be changed in SONAR_HOMEconfsonar.properties  Default credentials is admin/admin
  • 8. @ardentlearner 8 2.3 ENVIRONMENT VARIABLES SETUP 1. Set a new environment variable as SONAR_RUNNER_HOME. And its value should be the unzipped path of sonar-runner zip file. Example, “C:Program Files (x86)sonar-runner-2.4” 2. Append Sonar Runner’s bin path (%SONAR_RUNNER_HOME%bin) to the environment variable “PATH”. 3. Update the global settings (database connection, server URL) by editing sonar-runner.properties file under Sonar Runner’s conf folder. <Sonar_runner_installed_directory>/conf/sonar-runner.properties
  • 9. @ardentlearner 9 3. ANALYZING A NON - MAVEN PROJECT 3.1 SETUP OF NON - MAVEN PROJECT FOR SONARQUBE ANALYSIS A sonar-project.properties file has to be placed into the root of the project folder.
  • 10. @ardentlearner 10 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 1. Prepare a similar file with content relevant to the Project to be analyzed. 2. Place the sonar-project.properties files into the root of the project folder.
  • 11. @ardentlearner 11 3.2 GENERATING AND VIEWING THE SONARQUBE REPORT 1. Ensure that the steps in Section 2 above are executed and the SonarQube server is started. 2. Go to command line and change directory (cd) to the project’s root directory and run the command [path of sonar-runner]binsonar-runner.bat 3. Upon successful execution of the above command, check the SonarQube dashboard by opening SonarQube Server’s admin page at http://localhost:9000 (default URL). Default credentials – admin/admin. 4. The project will be listed on the dashboard with the name given in sonar-project.properties file. 5. Click on the project name and explore further to view the code analysis report. A sample report is shown below: Note: The above result is only from PMD and Checkstyle execution by SonarQube. To run code coverage as well as Findbug plugins, the binary path is needed in the sonar-project.properties file.
  • 12. @ardentlearner 12 4. ANALYZING A MAVEN PROJECT 4.1 MAVEN AND ENVIRONMENT SETUP INSTALLING MAVEN Download and install Maven (with a version compatible with the SonarQube version installed) if not already installed. CONFIGURING MAVEN 1. Edit the settings.xml file located in $MAVEN_HOME/conf or ~/.m2, to set the database parameters to be used as well as the SonarQube server URL. Example: <settings> <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Example for MySQL--> <sonar.jdbc.url>
  • 13. @ardentlearner 13 jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8 </sonar.jdbc.url> <sonar.jdbc.username>sonar</sonar.jdbc.username> <sonar.jdbc.password>sonar</sonar.jdbc.password> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url> http://localhost:9000 </sonar.host.url> </properties> </profile> </profiles> </settings> Note: The Maven plugin requires some additional configuration to establish a connection to the web platform, where it reports the results of the analysis – sonar.host.url and sonar.jdbc.url will help with that. Other properties, like sonar.analysis.mode, sonar.profile and sonar.dynamicAnalysis configure the plugin to gather certain statistics only. 2. Restart the SonarQube server.
  • 14. @ardentlearner 14 4.2 SETUP OF MAVEN PROJECT FOR SONARQUBE ANALYSIS 1. Go to the Maven project and edit pom.xml file adding the SonarQube plugin for the Maven version (http://docs.codehaus.org/display/SONAR/Analyzing+with+Maven) Maven3 configuration: <build> <pluginManagement> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>2.0</version> </plugin> <plugins> </pluginManagement> </build> 2. A sonar-project.properties file has to be placed into the root of the project folder.
  • 15. @ardentlearner 15 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 a) Prepare a similar file with content relevant to the Project to be analyzed. b) Place the sonar-project.properties files into the root of the project folder.
  • 16. @ardentlearner 16 4.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS From the project root directory where the pom.xml file is also placed, execute the following command giving user/password credentials: mvn sonar:sonar Note: # The sonar:sonar goal must be executed in a dedicated mvn command mvn clean install mvn sonar:sonar # The following command may lead to unexpected issues mvn clean install sonar:sonar VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report.
  • 17. @ardentlearner 17 5. ANALYZING WITH SONARQUBE ANT TASK 5.1 INSTALLING AND CONFIGURING SONARQUBE ANT TASK The SonarQube Ant Task allows integration of SonarQube analysis into an Apache Ant build script. PREREQUISITES  Ant 1.7.1 or higher  Java 1.6 or higher SONARQUBE ANT TASK INSTALLATION Download the SonarQube Ant Task on your machine. Download Path: http://repository.codehaus.org/org/codehaus/sonar-plugins/sonar-ant-task/2.1/sonar-ant-task-2.1.jar 5.2 ANT BUILD SCRIPT CONFIGURATION Define a new sonar Ant target in your Ant build script: build.xml <project name="My Project" default="all" basedir="." xmlns:sonar="antlib:org.sonar.ant"> ... <!-- Define the SonarQube global properties (the most usual way is to pass these properties via the command line) --> <property name="sonar.jdbc.url" value="jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8" /> <property name="sonar.jdbc.username" value="sonar" /> <property name="sonar.jdbc.password" value="sonar" /> ... <!-- Define the SonarQube project properties -->
  • 18. @ardentlearner 18 <property name="sonar.projectKey" value="org.codehaus.sonar:example-java-ant" /> <property name="sonar.projectName" value="Simple Java Project analyzed with the SonarQube Ant Task" /> <property name="sonar.projectVersion" value="1.0" /> <property name="sonar.language" value="java" /> <property name="sonar.sources" value="src" /> <property name="sonar.binaries" value="build/*.jar" /> ... <!-- Define the SonarQube target --> <target name="sonar"> <taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml"> <!-- Update the following line, or put the "sonar-ant-task-*.jar" file in your "$HOME/.ant/lib" folder --> <classpath path="path/to/sonar/ant/task/lib/sonar-ant-task-*.jar" /> </taskdef> <!-- Execute the SonarQube analysis --> <sonar:sonar /> </target> ... 5.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS Run the following command from the project base directory to launch the analysis: ant sonar
  • 19. @ardentlearner 19 VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report. 6. ANALYSIS USING SONARQUBE ECLIPSE PLUGIN The SonarQube Eclipse Plugin provides a comprehensive integration of SonarQube in Eclipse for Java, C/C++ and Python projects. 6.1 INSTALLING SONARQUBE ECLIPSE PLUGIN  If a previous version of SonarQube Eclipse plugin is already installed, you can update it. Go to Help > Check for Updates.  To install SonarQube Eclipse plugin in Eclipse IDE: 1. Go to Help > Eclipse Marketplace... and search for "SonarQube"
  • 20. @ardentlearner 20 This should display the list of available plugins and components:
  • 21. @ardentlearner 21 Or Go to Help > Install New Software... This should display the Install dialog box. Paste the Update Site URL (http://dist.sonar-ide.codehaus.org/eclipse/ the latest version or http://dist.sonar-ide.codehaus.org/eclipse-archives/ for previous ones) into the field Work with and press Enter. This should display the list of available plugins and components:
  • 22. @ardentlearner 22 1. Check the SonarQube components to install. 2. Click Next. Eclipse will then check to see if there is any issue which would prevent a successful installation. 3. Click Finish to begin the installation process. Eclipse will then download and install the necessary components. 4. Once the installation process is finished, Eclipse will ask if you want to restart the IDE. It is strongly recommended that you restart the IDE.
  • 23. @ardentlearner 23 6.2 CONFIGURING SONARQUBE ECLIPSE PLUGIN  A project should have been already created and configured with SonarQube server in order to start analyzing it with SonarQube in Eclipse.  The SonarQube server connection should be established before attempting to run the analysis. This can be ensured by testing the Server connection in Eclipse through the menu option: Windows > Preferences > SonarQube > Servers. Default server is http://localhost:9000/
  • 24. @ardentlearner 24 If the test does not return the message “Successfully connected!”, then start the SonarQube server and retest the connection using the same steps. 6.3 LINKING A PROJECT TO ONE ANALYZED ON A SONARQUBE SERVER LINKING FOR THE FIRST TIME Once the SonarQube server is defined, the next step is to link your Eclipse project with a project defined on this SonarQube server. To do so, right-click on the project in the Project Explorer, and then choose the option Configure > Associate with SonarQube
  • 25. @ardentlearner 25 A dialog appears with the SonarQube project text field. Start typing the name of the project in the text field against SonarQube project column and select it in the list box: Click on Finish. Now the project is associated to the one analyzed on the SonarQube server and the SonarQube reports can be viewed within eclipse. Note: Automatic association for Maven projects For Maven projects, the association is performed automatically.
  • 26. @ardentlearner 26 6.4 WORKING WITH SONARQUBE IN ECLIPSE RUN SONARQUBE ANALYSIS To run a new analysis, right click on the project and go to SonarQube > Analyze. Note: You can also hit Ctrl+Alt+Q wherever you are in your project to trigger a new analysis. VIEWING ISSUES USING SONARQUBE VIEWS IN ECLIPSE Four different views are available in Eclipse to browse the quality of the projects:  SonarQube Issues that list the issues on the selected component  SonarQube Issue Editor to review the issue
  • 27. @ardentlearner 27  SonarQube Rule Description to get the detailed description of the rule that is violated  SonarQube Web Browser SONARQUBE ISSUES The SonarQube Issues view displays the list of issues of the selected component (project, module, file, etc.). To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issues. Problems and Markers views also display issues. Issues are flagged in the source code viewer. New issues (compared to the latest version on the SonarQube server) are highlighted in yellow. This allows you to focus on the new issues that you have introduced.
  • 28. @ardentlearner 28 You can add/remove/order columns, group issues (by severity, new issues only, ...), filter issues (new issues only, issues assigned to me, ...), sort (by assignee, ...). Note: "Resolved" issues are not displayed. SONARQUBE ISSUE EDITOR This view allows you to review the selected issue (add comments, confirm it, plan it, etc.) the same way you would do it through the web interface. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issue Editor.
  • 29. @ardentlearner 29 Note: It is not possible to review new issue that you have introduced. SONARQUBE RULE DESCRIPTION This view allows you to access the detailed description of the coding rule of the selected issue. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Rule Description. SONARQUBE WEB BROWSER This view allows you to access the SonarQube web interface. This view is automatically displayed when clicking on SonarQube > Open in SonarQube server. It can also be displayed by going to Window > Show View > Other... > SonarQube > SonarQube Web Browser.
  • 30. @ardentlearner 30 7. REFERENCES 1. Compatibility matrix showing the versions compatible between SonarQube, SonarQube Ant Task, SonarQube Runner and Maven at : http://docs.codehaus.org/display/SONAR/Analyzing+Source+Code#AnalyzingSourceCode- CompatibilityMatrix 2. http://docs.codehaus.org/display/SONAR/Working+with+SonarQube+in+Eclipse