http://www.sonarsource.org

Quality Management Platform

What is ‘Code quality platform’?Sonar is an open platform to manage code quality. As such, it covers the 7 axes of code quality: Architecture & Design, Comments, Coding rules, Potential bugs, Complexity, Unit tests, Duplications.

Benefit of using ‘Code quality platform’ - quality is central and you can easily manage it.

Quality Management Platform

Sonar has been a very popular quality management platform. The platform is billed as to continuously analyze and measure the code quality.

Sonar is an aggregate tool for complex source code management and quality measures. It uses Clover2, Cobertura, PMD, Checkstyle, and Findbugs under the hood.

What is Sonar ?

o Many languages are covered (Java, C, .Net, Flex, PHP, PL/SQL, Cobol, JSP, JSF, Visual Basic 6);

o Extended with plugins;o All quality in one central place; o Web-based application and everything is in 3 clicks;

o All projects are in the open o Easy drill down to source codeo Coding ruleso Unit Testso Standard Metricso TimeMachineo Maven readyo Leverage existing componentso Pluginso Security

Why use Sonar ?

There are several ways Sonar analysis can be performed:

Using the Maven Plugin Using the Ant Task Using the Java Runner Using a CI engine Inject data manually at any time from the Sonar UI.

Any manual measures can be easily managed directly from the component (project, module or package) dashboard

There is a possibility to integrate with Bamboo, CruiseControl, Hudson, TeamCity.

How Sonar works ?

There is a very simple procedure: Create a file named 'pom.xml' into the root directory

of your project Execute the maven2 plugin (#> mvn sonar:sonar) And that’s it!

How Sonar works – 1 ?

There is a very simple procedure: Create/modify a Ant script file named ‘build.xml’ Execute the ant command (#> ant sonar) And that’s it!

How Sonar works – 2 ?

There is a very simple procedure: Download bat/sh files from Sonar site Configure Sonar runner

How Sonar works – 3 ?

Home page | filters | favourites Browsing project | customising dashboards | Rules Compliance Index (RCI) | Treemap | Events |

Alerts The resource viewer | violation tab| duplication tab|

coverage tab | dependencies tab | Quality profiles | Alert configuration Time machine | custom chart Tendencies Coding rule mapping (Checkstyle, PMD, Findbugs) Update center | plug-in Library

Sonar in actions

Physical lines | Lines of code Comment lines | Commented-out lines of code Packages | Files | Classes | Directories Accessors | methods | Public API Duplicated lines | blocks | files Statements | Complexity | complexity by method |

Average complexity by file Unit tests | Line coverage Tags | etc

Sonar metrics

CHECKSTYLE | PMD | FindBugs

Main features: Possible bugs - empty try/catch/finally/switch

statements Dead code - unused local variables, parameters and

private methods Suboptimal code - wasteful String/StringBuffer usage Overcomplicated expressions - unnecessary if

statements, for loops that could be while loops Duplicate code - copied/pasted code means

copied/pasted bugs

PMD (Programming Mistake Detector)

SQALESoftware Quality Assessment based on Lifecycle

Expectations Overview

Pyramid

Time Machine

Sonar - Useful Featureso TimeMachine o Code Review o Changelog of Quality Profiles o Compare Quality profileso Manual Measureso Notificationo Cross Project Duplicationso Coverage of new/updated source code

Sonar is a web application and requires a maven plugin that uses both a databases.

System Requirements

o Java Development Kit v.1.5 or latero Maven 2.x or 3.x (since Sonar 2.4)o Database (Mysql, Oracle, PostgreSQL, MSSQL)o Web Server needs a healthy 500Mb of RAM o Browser should allow Javascript

Thank you! :)

Author: Trusov Aleksey

Any questions?