Static code analysis with sonar qube
-
Upload
hayi-nukman -
Category
Technology
-
view
162 -
download
3
Transcript of Static code analysis with sonar qube
![Page 1: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/1.jpg)
Static Code Analysis with SonarQube
hayi.nkm - Software Engineer in Test
![Page 2: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/2.jpg)
“All code is guilty, until proven innocent.” – Anonymous
![Page 3: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/3.jpg)
Static Analysis
Static analysis or also known as Static Code Analysis is a process to analyze the source code of a software without running the software itself. Static Analysis are generally used by developers as part of the development and component testing process.
![Page 4: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/4.jpg)
Benefits...
Detecting the possible bugs on your code (crash, memory leak, stack overflow, buffer overflow, etc),
Find any vulnerabilities in the corner of your applications (clumsy developer miss),
Finding possible wrong logic and any bad practice on your project,
Finding areas of the code that may need more testing or deeper review,
![Page 5: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/5.jpg)
Benefits… (cont)
Finding duplicate code which is could be moved into another methods to reduce code complexity,
Identifying design issues such as Cyclomatic Complexity and helping reduce the code complexity improve maintainability,
Identifying potential software quality issues before the code moves to production.
![Page 6: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/6.jpg)
Sonar Qube
![Page 7: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/7.jpg)
Architecture...
img src: http://tech.gaeatimes.com
![Page 8: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/8.jpg)
Setting up SQ Server. (Mac)
$ brew install sonar
![Page 9: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/9.jpg)
Setting up SQ Server. (Linux)# download SonarQube
$ wget http://dist.sonar.codehaus.org/sonarqube-5.X.zip
# Unzip and move file into /opt/
$ unzip sonarqube-5.X.zip$ mv sonarqube-5.X /opt/sonar
![Page 10: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/10.jpg)
Setting up Databases (MySQL)$ mysql -u root -p
CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;CREATE USER 'sonar' IDENTIFIED BY 'sonar';GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar';GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar';FLUSH PRIVILEGES;
![Page 11: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/11.jpg)
Connect SQ to Databases
Open /opt/sonar/conf/sonar.properties
sonar.jdbc.username=sonarsonar.jdbc.password=sonar
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
![Page 12: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/12.jpg)
Setting up web server.
Open /opt/sonar/conf/sonar.properties
sonar.web.host=127.0.0.1sonar.web.context=/sonarsonar.web.port=9000
![Page 13: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/13.jpg)
Starting sonar...
$ sonar start
Or
$ sudo sonar start
![Page 14: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/14.jpg)
Analyzing
Maven Projects
Gradle Projects
![Page 15: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/15.jpg)
Maven
![Page 16: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/16.jpg)
Setting up Maven.
Edit the settings.xml file, located in $MAVEN_HOME/conf or ~/.m2
<settings> <pluginGroups><pluginGroup>org.sonarsource.scanner.maven</pluginGroup></pluginGroups> <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url>http://myserver:9000</sonar.host.url> </properties> </profile> </profiles></settings>
![Page 17: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/17.jpg)
Analyzing Maven Projects
$ mvn clean verify sonar:sonar
## In some cases:
$ mvn clean install$ mvn sonar:sonar
![Page 18: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/18.jpg)
Gradle
![Page 19: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/19.jpg)
Setting up Gradle Projects
Add this line into build.gradleplugins { id "org.sonarqube" version "1.2" }
apply plugin: "org.sonarqube"
sonarqube {
properties {
property "sonar.host.url", "http://myserver:9000"
property "sonar.sourceEncoding", "UTF-8"
property "sonar.language", "java"
property "sonar.profile", "Android Lint"
property "sonar.projectKey","PROJECT-KEY"
property "sonar.projectName","PROJECT_NAME"
property "sonar.projectVersion","VERSION"
property "sonar.java.source", "1.7"
property "sonar.sources", "./"
}
}
![Page 20: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/20.jpg)
Analyzing Gradle Project
$ ./gradlew clean check sonarqube
![Page 21: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/21.jpg)
Sample Reports
![Page 22: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/22.jpg)
Sample Reports.
![Page 23: Static code analysis with sonar qube](https://reader035.fdocuments.us/reader035/viewer/2022062823/5879c9ce1a28abb42a8b6edd/html5/thumbnails/23.jpg)
Thank you….
Image credits:www.sonarqube.orghttp://tech.gaeatimes.com