SonarQube Local Installation Guide

Installation

 

  1. First of all download the latest SonarQube Distribution found http://www.sonarsource.org/downloads/.

  2. Unzip the contents of the file to a path of your choice, e.g. (C:\ C:\sonarqube-4.0).

  3. Check that SonarQube server starts correctly by performing the following C:\ C:\sonarqube-4.0 \bin\ windows-x86-xx \StartSonar.bat. If you are using either a Linux or a Mac machine please select the appropriate sub folder within bin directory and execute sonar.sh.

     

  4. Once you see similar to the above outcome check that your server is up, by visiting http://localhost:9000/

Configure Maven

First you have to edit the settings.xml file of your Maven installation. This is normally found at $MAVEN_HOME/conf or ~/.m2 e.g (C:\apache-maven-3.x.x\conf).

Add the following snippet within you current profiles (i.e. <profiles> </profiles> tags).

         <profile>
            <id>sonar</id>
            <activation>
                <activeByDefault>false</activeByDefault>
            </activation>
            <properties>
                <sonar.jdbc.url>
                  jdbc:h2:tcp://localhost:9092/sonar
                </sonar.jdbc.url>
                <sonar.jdbc.username>admin</sonar.jdbc.username>
                <sonar.jdbc.password>admin</sonar.jdbc.password>
            </properties>
         </profile>

Analyse Projects using Maven

Adding and analysing a maven project is trivial. In the directory of your project’s pom.xml execute

 mvn clean install -DskipTests=true

and once it completes please execute

mvn sonar:sonar

The reason we are skipping the tests in the first command is that sonar will execute the test by default so there is no need for them to run twice.

You can now check the results on your server. In the projects section you will see your project appear.

Click on it and you will be transferred to the projects dashboard where you will see analytical details.

Start browsing the issues by clicking on one of the categories. Blocker, Critical, Major, Minor, Info.

Select various issues and see how sonar suggests the specific issue should be fixed. 

Perform the changes in your code and then execute

mvn clean install -DskipTests=true
mvn sonar:sonar

Go back to the Sonarqube server. The issues should not appear any more.

Changing Quality profiles

You might need to alter the profiles against which your code is checked. Log in using the default username & password: admin / admin

 

Click on Quality profiles:

Select Sonar way with Findbugs as your default profile:

Recompile your code

mvn clean install -DskipTests=true
mvn sonar:sonar

Go back to the SonarQube server. Since the code is now checked against 500+ rules there is a high chance that you will see changes on your projects Dashboard.

Code Coverage by Unit Tests

The simplest way to include code coverage report to your project analysis is by unit testing. Sonar needs an appropriate plugin. Jacoco plugin is available out of the box. You only need to alter your projects pom.xml file by adding the following properites:

 

<sonar.language>java</sonar.language>
<sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
<!-- force sonar to reuse reports generated during build cycle -->
<sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
<!-- set path for unit tests reports -->
<sonar.jacoco.reportPath>${project.basedir}/target/jacoco-unit.exec</sonar.jacoco.reportPath>
<!-- all modules have to use the same integration tests report file -->
<sonar.jacoco.itReportPath>${project.basedir}/../target/jacoco-it.exec</sonar.jacoco.itReportPath>

And the following plugin:


  org.jacoco
  jacoco-maven-plugin
  0.6.2.201302030002
  
    
      prepare-unit-tests
      
	prepare-agent
      
      
	${sonar.jacoco.reportPath}
      
    
    
    
      prepare-integration-tests
      
	prepare-agent
      
      pre-integration-test
      
	${sonar.jacoco.itReportPath}
	itCoverageAgent
      
    
  

As in previous steps recompile your code

mvn clean install -DskipTests=true
mvn sonar:sonar

and in your dashboard you will be able to see the results:

 

Appendix

Useful links

  1. How to setup :

http://docs.codehaus.org/display/SONAR/Setup+and+Upgrade

  1. Install Maven runner :

http://docs.codehaus.org/display/SONAR/Installing+and+Configuring+Maven

  1. Analyse with Maven:

http://docs.codehaus.org/display/SONAR/Analyzing+with+Maven

  1. Install Eclipse Plugin:

http://docs.codehaus.org/display/SONAR/Installing+SonarQube+in+Eclipse

  1. Install IDEA plugin:

http://docs.codehaus.org/display/SONAR/Installing+SonarQube+in+IntelliJ

  1. Code Coverage by Unit tests:

http://docs.codehaus.org/display/SONAR/Code+Coverage+by+Unit+Tests+for+Java+Project

  1. Jacoco – multi maven module set up:

http://architects.dzone.com/articles/measuring-overall-code

  1. General reading:

http://www.sw-engineering-candies.com/blog-1/top-10-lessons-learned-from-2-years-work-with-codehaus-sonar-open-source-quality-management-platform

Blog Tags: 

Vertical Tabs