So, You want to integrate your project to SonarQube for managing the source code quality of your project. That’s indeed a wonderful idea. If you are wondering and excited to learn How to go about it, just keep calm and sit back, I will take you through the same. I am very certain that after this blog you will be able to integrate your project to SonarQube in just a matter of time.
- So, Let’s dive into this!
Before we go any further, Let’s understand What SonarQube(previously known as Sonar) is?SonarQube is open-source for continuous inspection of code quality. Sonar is a web based code quality analysis tool for MAVEN based JAVA projects. It covers a wide area of code quality checkpoints which include: Architecture & Design, Complexity, Duplications, Coding Rules, Potential Bugs, Unit test etc.It offers reports like - Duplicated code
- Coding Standards
- Unit Tests
- Code Coverage
- Code Complexity
- Potential Bugs
- Comments
- Design & ArchitectureIntegrable with CI, Maven, Ant, Gradle.Supports languages: Java (including Android), C/C++, Objective-C, C#, PHP, Flex, Groovy, JavaScript, Python, PL/SQL, COBOL, Swift, etc.
Integrates with Eclipse, Visual Studio, and IntelliJ IDEA development environments through the SonarLint plugins
Integrates with external tools: JIRA, Mantis, LDAP, Fortify, etc.
Is expandable with the use of plugins.
Latest stable release SonarQube 6.2
Alright, So above was the introduction to SonarQube. I believe that was enough of SonarQube. Now let’s jump onto Maven SonarQube integration.
The very first thing we need to do is to launch the SonarQube dashboard on the browser. Let’s see How to do this.
Step1. Download the latest stable release of SonarQube and unzip it to your favorite directory.
https://www.sonarqube.org/downloads/
Step2.Start the SonarQube server
For Windows
YOUR_DIR_PATH\sonarqube\bin\windows-x86-xx\StartSonar.bat
For other operating systems like Linux/Ubuntu
YOUR_DIR_PATH/sonarqube/bin/[OS]/sonar.sh console
That’s how we run the SonarQube Server
Step3. Once the SonarQube Server is up and running then you can visit the SonarQube Dashboard at http://localhost:9000(default System administrator credentials are admin/admin)
By default, the SonarQube runs on 9000 port.
Now that, SonarQube Server is up and running we are good to integrate our project(Maven)into it and do the continuous inspection of code quality.
That is how the SonarQube dashboard looks like
Come let’s integrate our Maven project with SonarQube.
Before we could integrate our Maven project to SonarQube, We will need to integrate SonarQube Scanner in our POM.XML.
SonarQube Scanner is recommended since it is the default launcher to analyze a project with SonarQube.
Let’s see How to integrate Sonar-Scanner with Maven project in POM.XML
We will need to add the following dependency
<!-- https://mvnrepository.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin --> <dependency> <groupId>org.sonarsource.scanner.maven</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>3.2</version> </dependency> Followed by the profile <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url> http://192.168.2.174:9000 </sonar.host.url> </properties> </profile> </profiles>
// You can also replace the IP with your own IP or just say localhost instead.
Now, that you are done integrating Sonar- Scanner into the POM.XML file.
Our one last task would be, To run the following commands to generate the reports of our project on SonarQube Dashboard at http://localhost:9000
1. mvn clean //to clean the existing resources
2. mvn install
3. mvn sonar:sonar //to generate the reports, this command generates the report and move the reports to SonarQube dashboard. You can view your reports under project section of the Dashboard
Or you can also say mvn clean install sonar:sonar // to generate reports
In my case, I have set my system’s IP to launch the SonarQube dashboard. You can also use it with localhost to run it on your browser
That’s how the dashboard looks like after project integration
If you find any challenge, Do let me know in the comments.
If you enjoyed this post, I’d be very grateful if you’d help it spread.Keep smiling, Keep coding! Cheers!
Reblogged this on himaniarora1.
super its worked perfectly
why it is showing code coverage as zero?
sonar supports scala? on the other blog I can see code coverage i.e. scoverage. I am using 4.5.7 but its not considering scala sources its considering java sources
Thank you very much!!!.
How can we fail maven build in case of Sonar violations ? My Quality gate is expecting 80% code coverage . I need to fail the build if code coverage is less than 80 %.
Thanks for your explanation on this.. Its really helpful to me and I hope others as well..
I am glad it helped you.
Hi Deepak,
I’m facing following issues, Can you please guide?
1. mvn clean return following error
[ERROR] Plugin org.apache.maven.plugins:maven-clean-plugin:2.5 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-clean-plugin:jar:2.5: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central (https://repo.maven.apache.org/maven2): java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty -> [Help 1]
2. mvn sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.login=60a66f6c240e1b6a182c0102609920e1f53c6f72 -U return below:
[ERROR] No plugin found for prefix ‘sonar’ in the current project and in the plugin groups [org.apache.maven.plugins, org.codehaus.mojo] available from the repositories [local (/Users/sandip.gami/.m2/repository), central (https://repo.maven.apache.org/maven2)] -> [Help 1]
It will help a lot if you can provide compatibility matrix of maven version , sonar.maven plugin version, java source version and sonar cube version .
very usefull
Great article. Thanks. Can you also point or help us how can I define custom rules in sonar.