Setup SonarQube for C# Projects

Recently I have started to use SonarQube and I have to say that I like it. In this post I will talk about this tool and the process of installation and configuration. My objective is to analyse C# projects.Setup_SonarQube_for_ C# _Projects_img1

SonarQube is an open source platform for continuous inspection of code quality. It  uses various static source code analysis tools like Checkstyle, PMD or FindBugs to obtain metrics that can help improve the quality of our programs’ code.

The main features of SonarQube are:

  • Supports many languages: Java (including Android), C/C++, Objective-C, C#, PHP, Flex, Groovy, JavaScript, Python, PL/SQL, COBOL, Swift, etc.
  • Offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities.
  • Records metrics history and provides evolution graphs.
  • Provides fully automated analysis: integrates with Maven, Ant, Gradle, MSBuild and continuous integration tools  like TFS, Bamboo, Jenkins, etc.
  • Integrates with Eclipse, Visual Studio and IntelliJ IDEA development environments through the SonarLint plugins.
  • Integrates with external tools like LDAP, Active Directory, GitHub, etc.
  • Is expandable with the use of plugins.

Some of the metrics provided for each C# project include:

  • General analysis: it uses several rule-based static analysis tools like FxCop, StyleCop, etc.
  • Details and statistics, with drill-downs, on rule violations.
  • Percentage of code commented.
  • Percentage of public APIs that are (un)documented.
  • Percentage of code that is duplicated.
  • Counts by duplicated lines of code, blocks, files.
  • Unit test Coverage using OpenCover, NCover, etc.
  • Unit Test Success/Failure statistics using Gallio.
  • Unit test Time to run.

In addition, it will track changes over time, so you can see where issues are increasing/decreasing in your code.

SonarQube is designed to provide a follow-up throughout the development and / or maintenance of a computer program and to support continuous improvement. However, it can also be used to perform isolated analyzes and obtain reports about our projects.

Prerequisites

  1. Install Java JDK
  2. Set JAVA_HOME environment variable to point the JDK folder. You can find a guide here

Installation of the SonarQube Web Server on Windows

  1. Go to the SonarQube page and download  the latest version of the server
  2. Unzip the file to a folder in your drive, in my case I will use C:\sonar-server
  3. Go to the path bin\\windows-x86-64\\ and open a command prompt and run the command StartSonar.bat. This will install the server in your machine.
  4. Now we will install SonarQube as a windows service, this step is optional but I think is a good idea to do it.
    • a. Give full permissions to the user Local Service in the server folder in my case C:\sonar-server
    • Go to the path bin\\windows-x86-64\\  and run the file InstallNTService.bat
    • Go to the Services Manager and make sure that the service called “SonarQube” is up and running.
  5. Open a browser and hit the Url http://localhost:9000/. This is where the server is installed by default.Setup_SonarQube_for_ C# _Projects_img2

Installation of the SonarQube Plugin for C#

  1. Go to the Url http://localhost:9000/ and click on Log in icon and then use the credentials Login: admin and Password: admin. This are the default credentials for the administration of the server, this credentials can be changed.
  2. Once logged in go to Administration > System > Updated Center
  3. Make sure that you have installed the C# Plugin which enables SonarQube to scan C# source files. If this plugin is not installed by default you can search for it in the available tab on the same page. The plugins installed by default in my case are the following:

Setup_SonarQube_for_ C# _Projects_img3

Installation of the SonarQube Runner

    1. Download and unzip sonar runner in another folder, in my case I will use C:\sonar-runner
    2. Update the system environment variable called “Path” with the location of the runner folderSetup_SonarQube_for_ C# _Projects_img4
    3. Open a brand new console and run the command sonar-scanner -h command to verify that everything is working properlySetup_SonarQube_for_ C# _Projects_img5

Creation of the C# project and the sonar-project.properties file

  1. Create a console application that only print a message like this:Setup_SonarQube_for_ C# _Projects_img6
  2. Then add the  sonar-project.properties file with the following code:sonar-project.properties
    # must be unique in a given SonarQube instance
    sonar.projectKey=my:Sonar_C_Sharp
    # this is the name and version displayed in the SonarQube UI.
    sonar.projectName=SonarTestApp_C#
    sonar.projectVersion=1.0

    # Path is relative to the sonar-project.properties file. Replace “\” by “/” on Windows.
    # Since SonarQube 4.2, this property is optional if sonar.modules is set.
    # If not set, SonarQube starts looking for source code from the directory containing
    # the sonar-project.properties file.
    sonar.sources=.

  3. Open a console on the same path where the sonar-project.properties file is and then run the tool sonar-runner in this case with the command sonar-scanner

Results

  1. Go to the server web page at http://localhost:9000 to see the resultsSetup_SonarQube_for_ C# _Projects_img7
  2. Click on the project name to see a more detailed reportSetup_SonarQube_for_ C# _Projects_img8.png
    In this case we have one code smell:
    Setup_SonarQube_for_ C# _Projects_img9

    If we fix it with the suggested solution (add the static keyword to the class) and re-run the scanner again.  We will see that the above code smell disappear.

    Setup_SonarQube_for_ C# _Projects_img10

    Setup_SonarQube_for_ C# _Projects_img11

    Now we have everything setup with the default configuration to start analyzing our projects.

Troubleshooting

Testing one of my projects scanner was throwing the following exception:
ERROR: Error during SonarQube Scanner execution java.lang.IllegalArgumentException: Start pointer [line=1, lineOffset=0] should be before end pointer [line=1, lineOffset=0]

If you get this error Please follow the solution on the FAQ section  step 5 in the following post: https://codethrob.wordpress.com/2016/11/23/setup-sonar-in-local-step-by-step/

Plugins

SonarQube provides wide array of plugin support to cover various aspects such as Governance, Reporting, Source control Engines, Localization, Authentication, Authorization etc. A full list of plugins are listed here.

They can be install Automatically using the Update Uenter or manually. For Manual installation you can do the following:

  1. 1. Lookup your plugins from the library here
  2. Navigate to the plugin project page and click on the “Download” link of the version compatible with your SonarQube version.
  3. 3. Upload the downloaded jar file in your SonarQube Server and put it in the directory $SONARQUBE_HOME/extensions/plugins. In our case it would be C:\sonar-server\sonarqube-6.2\extensions\plugins
  4. Restart your SonarQube Server by restarting the SonarQube Service.
  5. If you have downloaded a Commercial Plugin, you need a License Key before using it. Go to Administration > Configuration > Licenses and click on the Update button to set the license Key and Save

Final Notes

To configure SonarQube to work with Team Foundation Server you can use this guide in conjunction with this article 

Futher Information can be located in the SonarQube offical web site

References

 

 

 

 

 

 

 

 

Advertisements
This entry was posted in Continuous Integration. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s