SonarQube
1. What is SonarQube
SonarQube is an open platform for code quality management. Provide visual reports for projects and continuously track the evolution of project quality. Through the plug-in mechanism, Sonar can integrate different testing tools, code analysis tools, and continuous integration tools. The results are reprocessed to measure the changes in code quality by means of quantification.
2. Features
An overview of all projects:
You can quickly understand the health of hundreds of projects
Drill down into the code to see:
If you want to know which code violates the specification, enter the package to view the source code of the violation
encoding rules:
There are more than 600+ code specifications. From naming conventions to detection of pattern violations
unit test :
Unit testing is the most effective way to ensure code quality. Run unit tests to measure unit test coverage.
Standardized Metrics :
All classic metrics are included. Comments, coding conventions, potential bugs , complexity, unit tests, duplication, architecture and design.
3. Installation
3.1 Environmental Requirements
a).JDK
Environment variable settings:
JAVA_HOME= C:\Program Files\Java\jdk1.8.0_101
PATH=%JAVA_HOME%\bin;%JAVA_HOME%\jre\bin
CLASSPATH=%JAVA_HOME%\lib\dt.jar;%JAVA_HOME%\lib\tools.jar
3.2 sonar installation
As a code analysis platform, sonar is mainly composed of the following three parts:
a. A database: store configuration information and analysis result information; ( mysql )
b. A web server: publishing applications, online browsing, configuration analysis ( sonarqube-4.5.4 )
c. A client: perform source code analysis ( sonar-runner-2.4 )
3.3 Database installation
The database types supported by sonar include apache derby , h2, sql server, mysql.orcale.postgreSQL and other databases. If you only do testing, you can use h2 or derby that comes with sonar . They don't require any installation,
However, this database is generally used for evaluation builds or testing purposes. For commercial use and high database requirements, other databases are recommended.
If you use other databases, you only need to create a database or tablespace, and provide sonar with an account that has permission to add or delete the database. Tables and indexes will be created the first time sonar is run.
Here we are using mysql database. The creation statement is as follows:
CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'sonar' IDENTIFIED BY 'sonar';
GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar';
GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar';
FLUSH PRIVILEGES;
3.4 Install and configure sonar
Download the relevant application under http://www.sonarsource.org/downloads/ and unzip it. (latest 6.0 )
Install server-side sonarqube-6.0
Edit the conf/sonar.properties file under the sonarqube decompression package . All the commented out database connection templates in this file are supported, just remove the comments and change to your own database connection. At the same time, remove the default built-in database connection comment.
Generally, you need to configure the following properties:
sonar.jdbc.url : database connection address
sonar.jdbc,driver : driver class
sonar.jdbc.user : database username
sonar.jdbc.password : password
If the orcale database is used, put the orcale driver package in the sonarqube-6.0\extensions\jdbc-driver \oracle folder, and the driver packages of other databases have been put in the default path.
3.5 Start sonarqube
Just run the StartSonar.bat file under the E:\sonar\sonarqube-6.0\sonarqube-6.0\bin\windows-x86-64 file .
After the startup is successful, enter http://localhost:9000 in the browser address bar to access snoarQube.
3.6 Modify snoar port
The sonar application listens on port 9000 by default . Access via http://localhost:9000
Can be changed in conf/sonar.properties file:
sonar.web.host=0.0.0.0
sonar.web.port=9000
sonar.web.context=/sonar
1.2.2.1 sonar client sonar-runner
1.sonar-runner installation process
a. Unzip the download package to a local path.
b. Set the decompression path as an environment variable
SONAR_HOME=E:\sonar\sonar-runner-2.4
c. Change the configuration file: $SONAR_HOME/conf/sonar-runner.porperties
Mainly the configuration of the data source, sonar-runner will store the analysis results in the database. As shown in the figure, just uncomment the appropriate position of the annotated template and change it to the corresponding sonar configuration.
d. Add %SONAR_HOME%\bin; to the Path environment variable.
sonar-runner demo Example:
Add the sonar configuration file sonar-projet.properties file to the root directory of the project to be tested . This file is read when sonar-runner performs analysis.
Enter the sonar test project under cmd and start the sonar - runner service.
Enter http://localhost:9000 in the browser to view the analysis results :
error level
Blocker 's most serious blocking class
Critical catastrophic bug
Major Major is a serious bug found when executing valid test cases
Minor Minor is a serious bug found when executing invalid test cases
Info info level
4 Terms:
Official website address: http://docs.sonarqube.org/display/SONAR/Metric+Definitions
the term | explain | Remark | |
Issues | question | ||
measures | Unit of measure | ||
quality profile | Quality Profile | ||
quality gate | quality valve | ||
Complexity | Complexity | if, for, while, case, catch, throw, return (that is not the last statement of a method), &&, ||, ? | |
Comment lines | Comment lines | ||
Duplicated blocks |
|
||
Issues | |||
Maintainability | |||
Quality Gates | |||
Reliability | |||
Security | |||
Tests | |||
Cyclomatic complexity: | 1. Cyclomatic complexity " It is used to measure the complexity of a module's decision structure, which is represented by the number of independent current paths, that is, the minimum number of paths required to be tested for reasonable error prevention, and the cyclomatic complexity Big indicates that program code may be of low quality and difficult to test and maintain |
1. For example , line 137 of the binaryToHex (int binary) method of the img_web project SimilarImageSearch.java Alarm The cyclomatic complexity of methods should not exceed a defined threshold |
|
Duplicate code: |
For example , in the writeStr() method of IdentifyingCode2.java of the img_web project |
5 maven works with sonar
After the above installation is complete, configure sonar in maven : open the setting.xml configuration file and add the following code to it:
<profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <sonar.jdbc.url> jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8 </sonar.jdbc.url> <sonar.jdbc.driver>com.mysql.jdbc.Driver</sonar.jdbc.driver> <sonar.jdbc.username>sonar</sonar.jdbc.username> <sonar.jdbc.password>sonar</sonar.jdbc.password> <sonar.host.url>http://localhost:9000</sonar.host.url> </properties> </profile>
1启动sonar:sonarqube-6.0\bin\windows-x86-64目录下的StartSonar.bat文件。
2. 进入maven项目中,执行mvn sonar:sonar命令,等待结束
3.输入localhost:9000回车,查看:
6.项目分析结果