Thursday, September 11, 2014

Static code analysis using Sonar

Step 1 - Install and view Sonar dashboard
1. Download latest SonarQube [1] version.
2. Extract downloaded zip file (say sonarqube-4.4.zip) to a folder (say /Software/sonarqube-4.4).
3. Run Sonar.
> cd /Software/sonarqube-4.4/bin/macosx-universal-64/
> ./sonar.sh start
Starting SonarQube...
Started SonarQube.

Note: choose the appropriate folder from the bin directory depending on your OS. (mine: macosx-universal-64 for Mac OS X)
macosx-universal-64
linux-ppc-64
linux-x86-32
linux-x86-64
solaris-sparc-32
solaris-sparc-64
solaris-x86-32
windows-x86-32
windows-x86-64

4. Go to SonarQube dashboard via http://localhost:9000/

Step 2 - Analyze project using sonar

1. insert/update the following properties tag to the project root folder's parent pom.xml file.
<properties>
    <project.build.sourceEncoding> UTF-8 </project.build.sourceEncoding>
    <sonar.host.url> http://localhost:9000/ </sonar.host.url>
    <sonar.exclusions></sonar.exclusions>
</properties>

2. From console/terminal, go to project root folder where parent pom.xml file exists.
3. Issue the following command.
> mvn sonar:sonar

Note: You will get a summary output as follows at the end of the build output

[INFO] -----------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] order-manager ..................................... SUCCESS 
[9.473s]
[INFO] order-manager-components .......................... SKIPPED
[INFO] org.wso2.carbon.order.mgt ......................... SKIPPED
[INFO] org.wso2.carbon.order.mgt.stub .................... SKIPPED
[INFO] org.wso2.carbon.order.mgt.ui ...................... SKIPPED
[INFO] order-manager-features ............................ SKIPPED
[INFO] org.wso2.carbon.order.mgt.server.feature .......... SKIPPED
[INFO] org.wso2.carbon.order.mgt.ui.feature .............. SKIPPED
[INFO] org.wso2.carbon.order.mgt.feature ................. SKIPPED
[INFO] order-manager-repository .......................... SKIPPED
[INFO] -----------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] -----------------------------------------------------------
[INFO] Total time: 10.470s
[INFO] Finished at: Tue Sep 02 12:07:43 IST 2014
[INFO] Final Memory: 13M/554M
[INFO] -----------------------------------------------------------


4. Go to SonarQube dashboard via http://localhost:9000/
5. Analyzed project will be listed under Projects tab in dashboard.
Note: Each and every issue is categorized and a detailed explanation is given with compliant and non-compliant example code segments.
6. It's time to fix issues... :)




























.

Sample pom file is attached herewith.

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>org.wso2.carbon</groupId>
    <artifactId>order-manager</artifactId>
    <packaging>pom</packaging>
    <version>4.2.0</version>
    
    <properties>
    <project.build.sourceEncoding> UTF-8 </project.build.sourceEncoding>
    <sonar.host.url> http://localhost:9000/ </sonar.host.url>
    <sonar.exclusions></sonar.exclusions>
    </properties>
    
    <modules>
        <module>order-manager-components</module>
        <module>order-manager-features</module>
        <module>order-manager-repository</module>
    </modules>


</project>