Spiria logo.

Another quality tool for your projects: Sonar

March 1, 2016.

What is Sonar? Sonar is a linter from the Java sphere. For several years now, there have been plug-ins for the common languages (e.g. C++, C#, JavaScript or Swift)  so it can now be used on them as well.

What is Sonar?

Sonar is a linter from the Java sphere. For several years now, there have been plug-ins for the common languages (e.g. C++, C#, JavaScript or Swift)  so it can now be used on them as well.
The main goal of Sonar is to give accurate insight into your projects' health and technical deficits by setting up some rules and showing the average pace of development. This information promotes good coding practices, and helps avoid issues later.
Sonar is a web application that runs on its own server, deployed during installation, and displays the following dashboard:

decorative

How to install it

Prerequisites

First you need to get the latest release here http://www.sonarqube.org/downloads/.
Then you'll need to have a running instance of a database, like MySql for instance.


Installation

Unzip the release in any folder of your choice then edit the file "sonar.properties" in the "conf" subfolder.
Following your choice of database, uncomment the matching line and make it target your instance. For example, if you are using MySql, line 33 of the file (from the 5.1.2 SonarQube release at the time this article was written), you should have something like:

sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance

After that, you need to run the server that can be found in the "bin" subfolder. There is one subfolder per compatible operating system so just enter the one that matches your environment and start it. For example, if you are using a Windows 10, 64-bit operating system, open the "windows-x86-64" subfolder then start either the "StartSonar.bat" batch file if you want to launch it in console mode or "InstallNTService.bat" to set up the service.
Regardless of how the server is set up, it can take a few minutes before Sonar is up and running. Using the previous example, you should have these lines:

decorative

The server is ready when the line "2015.10.02 13:14:03 INFO  app[o.s.p.m.Monitor] Process[web] is up". The dashboard is accessed through your web browser via http://localhost:9000/
Now you have to gather all plugins for your languages. As explained above, they can be found at here. Download them into your "sonarqube-x.x.x\extensions\plugins" folder.

How to run it

On an Android project using ANT

You'll need to edit your project's "build.xml" file and do the following:
Edit the project’s “build.xml” file to include the following: "xmlns:sonar="antlib:org.sonar.ant". Example: (if your project is called "MyAndroidProject")

Right after this project tag, copy paste the following lines:















    
        
        
    
    
    

Pay attention to the properties in these lines, the one that holds the JDBC connection will have to match your environment settings. You can also change the title of this project displayed in Sonar's web app by changing the ""sonar.projectName"" property's value.
Once that's done, you can run your analysis with ANT by calling this task:

""ant Sonar""

On a JavaScript project using Sonar runner

For a JavaScript project, create a file called ""sonar-project.properties"" at the root of your project. This file must contain the following lines:

# Required metadata
sonar.projectKey=org.codehaus.sonar:javascript-sonar-runner
sonar.projectName=JavaScript Project analyzed with the SonarQube Runner
sonar.projectVersion=1.0
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance

# Comma-separated paths to directories with sources (required)
sonar.sources=js

# Language
sonar.language=js

# Encoding of sources files
sonar.sourceEncoding=UTF-8

Once again, the JDBC value must be changed and you can specify your project's name.
To start the analysis, open a console in that folder then type ""sonar-runner"".

On a C# project using MSBuild.SonarQube runner

Make sure you download the MsBuild runner from SonarQube and add it to your environment variables.
Open a console at the root of your project then type ""MSBuild.SonarQube.Runner.exe begin /k:""MyCSharpProjectKey"" /n:""MyCSharpProjectName"" /v:""1.0"" /d:sonar.verbose=true"".
After a few seconds you should be back to command prompt. Now build your project using ""MsBuild"".
Once the project has been built, you will have to publish the result on your Sonar server/web app by typing ""MSBuild.SonarQube.Runner.exe end"".

What is the Sqale rating?

The Sqale rating is more or less a representation of the ""health"" of your code. From ""A"" to ""E"", where ""A"" is the best score and ""E"" is the worst. This rating represents the cost of refactoring your code versus rewriting the project from scratch. If your project has an ""E"", then it will be cheaper to start the project over than to fix its technical deficits.

More details can be found here.

Conclusion

SonarQube is a comprehensive quality tool and can even handle your code coverage results (see here for more information), but you have make a habit of checking it frequently in order to improve both your code and your coding practices. This quality process can even become a selling point or, at the very least, reassure your customers about the quality of the work you provide.