Book Image

Sonar Code Quality Testing Essentials

By : Charalampos S Arapidis
Book Image

Sonar Code Quality Testing Essentials

By: Charalampos S Arapidis

Overview of this book

Sonar is an open source platform used by development teams to manage source code quality. Sonar has been developed with this main objective in mind: make code quality management accessible to everyone with minimal effort. As such, Sonar provides code analyzers, reporting tools, manual reviews, defect-hunting modules, and TimeMachine as core functionalities. It also comes with a plugin mechanism enabling the community to extend the functionality, making Sonar the one-stop-shop for source code quality by addressing not only the developer's requirements, but also the manager's needs.The "Sonar Code Quality Testing Essentials" book will help you understand the different factors that define code quality and how to improve your own or your team's code using Sonar. You will learn to use Sonar effectively and explore the quality of your source code in the following axes: Coding Standards Documentation and Comments Potential Bugs and Defects Unit Testing Coverage Design and Complexity Through practical examples, you will customize Sonar components and widgets to identify areas where your source code is lacking. The book goes down to proposing good practices and common solutions that you can put to use to improve such code.You will start with installing and setting up a Sonar server and performing your first project analysis. Then you will go through the process of creating a custom and balanced quality profile exploring all Sonar components through practical examples. After reading the book, you will be able to analyze any project using Sonar and know how to read and evaluate quality metrics.Hunting potential bugs and eliminating complexity are the hottest topics regarding code quality. The book will guide you through the process of finding such problematic areas, leveraging and customizing the most appropriate components. Knowing the best tool for each task is essential. While you improve code and design through the book, you will notice that metrics go high and alerts turn green. You will use the Time Machine and the Timeline to examine how your changes affected the quality."Sonar Code Quality Testing Essentials" will enable you to perform custom quality analysis on any Java project and quickly gain insight on even large code bases, as well as provide possible solutions to code defects and complexity matters.

Related Content you might be interested in

Current Title:

Small book image
Sonar Code Quality Testing Essentials
Charalampos S Arapidis
Aug, 2012 | 318 pages
No titles found
Table of Contents (18 chapters)
Sonar Code Quality Testing Essentials
Sonar Code Quality Testing Essentials
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
An Overview of Sonar
An Overview of Sonar
What is Sonar
Features of Sonar
Covering software quality on Seven Axes
Architecture of Sonar
Source code analyzers
The Sonar community and ecosystem
Summary
2
Installing Sonar
Installing Sonar
Prerequisites for Sonar
Downloading Sonar
Installing the Sonar web server
Configuring MySQL
Starting Sonar as a service
Logging in to Sonar for the first time
Securing your Sonar instance
Creating users and groups
Backing up your data
Extending Sonar with plugins
Upgrading Sonar from the Update Center section
Summary
3
Analyzing your First Project
Analyzing your First Project
Using a Java runner
Analysis with the Sonar Maven plugin
Analysis with Ant
Browsing the Sonar web interface
Sonar components—an overview
Anatomy of the dashboard
Eliminating your first violations
Summary
4
Following Coding Standards
Following Coding Standards
A brief overview of coding standards and conventions
Sonar profiles, rules, and violations
Managing quality profiles
Managing rules
Creating a coding standards profile
5
Managing Measures and Getting Feedback
Managing Measures and Getting Feedback
Reviewing code
Sonar manual reviews
Configuring notifications
Defining metric thresholds and alerts
Sonar manual measures
Quality reporting on your project
Getting visual feedback
Summary
6
Hunting Potential Bugs
Hunting Potential Bugs
Potential bugs violations
Installing the Violation Density plugin
Integrating Sonar to Eclipse
Summary
7
Refining Your Documentation
Refining Your Documentation
Writing effective documentation
Documentation metrics definitions
Overview of Sonar documentation violations
Locating undocumented code
Generating documentation automatically
Summary
8
Working with Duplicated Code
Working with Duplicated Code
Code duplication
Sonar code duplication metrics
Locating duplicated code with Sonar
The Useless Code Tracker plugin
Using extraction and inheritance to attack duplication
Summary
9
Analyzing Complexity and Design
Analyzing Complexity and Design
Measuring software complexity
Cohesion and coupling
Sonar Code Complexity metrics
The Response for Class metric
Lack of Cohesion in Methods and the LCOM4 metric
Locating and eliminating dependencies
Summary
10
Code Coverage and Testing
Code Coverage and Testing
Measuring code coverage
Code coverage tools
Code coverage analysis
Assessing the impact of your tests
Using the coverage tag cloud component
jUnit Quickstart
Reviewing test results in Sonar
Summary
11
Integrating Sonar
Integrating Sonar
The Continuous Inspection paradigm
Installing Subversion
Setting up a Subversion server
Installing the Jenkins CI server
Configuring Jenkins
Creating a build job
Installing the Sonar plugin
Summary
Sonar Metrics Index
Sonar Metrics Index
Sonar metrics

Architecture of Sonar

The core engine of the platform, Squid, is supported by additional code analyzers which Sonar orchestrates together to measure quality.

The following diagram represents the upper-level components of the platform and how they interact with each other:

  1. 1. An analysis request is triggered using one of three possible methods:

    • Maven Plugin

    • Ant Task

    • Java Runner

  2. 2. Sonar receives the request and starts analyzing the project's source code. The analysis is based on the project's Sonar profile activating any additional plugins or reporting capabilities, if any.

  3. 3. When the analysis is over, results are stored to a database for future reference and history tracking.

  4. 4. Finally, the user interface and its components are updated with the new data. You can access data from your browser and the web dashboard. Conveniently, Sonar reporting is also made available within your IDE, either Eclipse or IDEA, allowing you to review and correct code violations on the spot.

In a continuously integrated environment, the analysis process is triggered by the build server. The server checks out source code from the repository, compiles and executes all unit or integration tests, after which it produces the necessary builds. Finally, Sonar takes over analyzing the source. A good practice for a time-consuming process such as this is to trigger it once a day, when developers are inactive. The process is then called a nightly job and the final build produced a nightly snapshot. Next time, developers will have access to the latest data and reports about the project, enabling them to review how recent changes affected the overall quality of the project.

Previous Section
End of Section 5
Next Section