Recently I have started to use SonarQube and I have to say that I like it. In this post I will talk about this tool and the process of installation and configuration. My objective is to analyse C# projects.
SonarQube is an open source platform for continuous inspection of code quality. It uses various static source code analysis tools like Checkstyle, PMD or FindBugs to obtain metrics that can help improve the quality of our programs’ code.
The main features of SonarQube are:
- Offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities.
- Records metrics history and provides evolution graphs.
- Provides fully automated analysis: integrates with Maven, Ant, Gradle, MSBuild and continuous integration tools like TFS, Bamboo, Jenkins, etc.
- Integrates with Eclipse, Visual Studio and IntelliJ IDEA development environments through the SonarLint plugins.
- Integrates with external tools like LDAP, Active Directory, GitHub, etc.
- Is expandable with the use of plugins.
Some of the metrics provided for each C# project include:
- General analysis: it uses several rule-based static analysis tools like FxCop, StyleCop, etc.
- Details and statistics, with drill-downs, on rule violations.
- Percentage of code commented.
- Percentage of public APIs that are (un)documented.
- Percentage of code that is duplicated.
- Counts by duplicated lines of code, blocks, files.
- Unit test Coverage using OpenCover, NCover, etc.
- Unit Test Success/Failure statistics using Gallio.
- Unit test Time to run.
In addition, it will track changes over time, so you can see where issues are increasing/decreasing in your code.
SonarQube is designed to provide a follow-up throughout the development and / or maintenance of a computer program and to support continuous improvement. However, it can also be used to perform isolated analyzes and obtain reports about our projects.
- Install Java JDK
- Set JAVA_HOME environment variable to point the JDK folder. You can find a guide here
Installation of the SonarQube Web Server on Windows
- Go to the SonarQube page and download the latest version of the server
- Unzip the file to a folder in your drive, in my case I will use C:\sonar-server
- Go to the path bin\\windows-x86-64\\ and open a command prompt and run the command StartSonar.bat. This will install the server in your machine.
- Now we will install SonarQube as a windows service, this step is optional but I think is a good idea to do it.
- a. Give full permissions to the user Local Service in the server folder in my case C:\sonar-server
- Go to the path bin\\windows-x86-64\\ and run the file InstallNTService.bat
- Go to the Services Manager and make sure that the service called “SonarQube” is up and running.
- Open a browser and hit the Url http://localhost:9000/. This is where the server is installed by default.
Installation of the SonarQube Plugin for C#
- Go to the Url http://localhost:9000/ and click on Log in icon and then use the credentials Login: admin and Password: admin. This are the default credentials for the administration of the server, this credentials can be changed.
- Once logged in go to Administration > System > Updated Center
- Make sure that you have installed the C# Plugin which enables SonarQube to scan C# source files. If this plugin is not installed by default you can search for it in the available tab on the same page. The plugins installed by default in my case are the following:
Installation of the SonarQube Runner
- Download and unzip sonar runner in another folder, in my case I will use C:\sonar-runner
- Update the system environment variable called “Path” with the location of the runner folder
- Open a brand new console and run the command sonar-scanner -h command to verify that everything is working properly
Creation of the C# project and the sonar-project.properties file
- Create a console application that only print a message like this:
- Then add the sonar-project.properties file with the following code:sonar-project.properties
# must be unique in a given SonarQube instance
# this is the name and version displayed in the SonarQube UI.
# Path is relative to the sonar-project.properties file. Replace “\” by “/” on Windows.
# Since SonarQube 4.2, this property is optional if sonar.modules is set.
# If not set, SonarQube starts looking for source code from the directory containing
# the sonar-project.properties file.
- Open a console on the same path where the sonar-project.properties file is and then run the tool sonar-runner in this case with the command sonar-scanner
- Go to the server web page at http://localhost:9000 to see the results
- Click on the project name to see a more detailed report
In this case we have one code smell:
If we fix it with the suggested solution (add the static keyword to the class) and re-run the scanner again. We will see that the above code smell disappear.
Now we have everything setup with the default configuration to start analyzing our projects.
Testing one of my projects scanner was throwing the following exception:
ERROR: Error during SonarQube Scanner execution java.lang.IllegalArgumentException: Start pointer [line=1, lineOffset=0] should be before end pointer [line=1, lineOffset=0]
If you get this error Please follow the solution on the FAQ section step 5 in the following post: https://codethrob.wordpress.com/2016/11/23/setup-sonar-in-local-step-by-step/
SonarQube provides wide array of plugin support to cover various aspects such as Governance, Reporting, Source control Engines, Localization, Authentication, Authorization etc. A full list of plugins are listed here.
They can be install Automatically using the Update Uenter or manually. For Manual installation you can do the following:
- 1. Lookup your plugins from the library here
- Navigate to the plugin project page and click on the “Download” link of the version compatible with your SonarQube version.
- 3. Upload the downloaded jar file in your SonarQube Server and put it in the directory $SONARQUBE_HOME/extensions/plugins. In our case it would be C:\sonar-server\sonarqube-6.2\extensions\plugins
- Restart your SonarQube Server by restarting the SonarQube Service.
- If you have downloaded a Commercial Plugin, you need a License Key before using it. Go to Administration > Configuration > Licenses and click on the Update button to set the license Key and Save
To configure SonarQube to work with Team Foundation Server you can use this guide in conjunction with this article
Futher Information can be located in the SonarQube offical web site