Walk you through SonarQube installation and use

Introduction to the

Sonar is an open source platform for managing source code quality.

Sonar is not only a quality data reporting tool, but also code quality management platform.

Support Java, C#, C/C++, PL/SQL, Cobol, JavaScrip, Groovy and so on more than twenty programming languages code quality management and detection. Sonar can detect code quality from the following seven dimensions, with at least the first five code quality issues you need to deal with as a developer.

1. Sonar can regulate code writing with code rule checking tools like PMD,CheckStyle,Findbugs and more.
2. Sonar can detect potential flaws with code rule checking tools like PMD,CheckStyle,Findbugs, and more.
3. Poor complexity distribution files, classes, methods, etc., will be hard to change if their complexity is too high, making them difficult for developers to understand, and without automated unit testing, changes to any component in the program will likely result in the need for full regression testing.
4. Duplication obviously the program contains a lot of copy-and-paste code is of low quality, sonar can show the source code is heavily duplicated.
5. Too many or too few comments can make code less readable, especially when staff changes inevitably occur, and too many comments can cause developers to spend too much time reading comments, which defeats the purpose.
6. The lack of unit testing Sonar is a handy way to tally up and show unit test coverage.
7. Sonar can be used to manage third-party JAR packages. LCOM4 can be used to detect the application of individual task rules and detect coupling.

The installation

SonarQube has many versions and different JDK versions. This section uses 7.3 Community version as an example.

Based on CentOS system installation

Environmental information

Tools/Environment	version
CentOS	7.4
SonarQube	7.3
MySql	5.7
JDK	1.8

1. Official website to download the corresponding operating system installation package, download website link: www.sonarqube.org/downloads/

2. The installation

Matters needing attention:

• SonarQube requires JDK installation and configuration

• SonarQube is installed using a dependent database and ElasticSearch. Ensure that the database and ElasticSearch resources are available

Note: SonarQube 7.3 requires MySQL at least 5.6 and a database named Sonar has been created in advance

• The root account cannot be used to start SonarQube and ElasticSearch. Therefore, you need to create new user groups and users in advance and grant permissions to the SonarQube folder

Step 1: Upload and decompress the installation package to any working directory, for example, /home

Step 2: Create user groups sonar and user sonar and assign operational permissions to the sonar directory

Step 3: Switch to Sonar user to start SonarQube

During the startup, you can access the logs directory to view related service startup logs. After the startup is successful, visit http://IP: 9000

Step 4: Install the necessary plug-ins

The system interface is in English and the PDF report cannot be exported. The following describes how to install the plug-in

Chinese plug-in package download link

Export the PDF plug-in package download link

Upload the plug-in package to the Extensions /plugins/ directory under the Sonarqube installation directory and restart the system.

Step 5: Log in

The password for logging in to the Web system is admin and admin

use

How to use Sonar to analyze code with Maven

Run the following command in the project root directory to analyze the code quality

MVN sonar, sonar - Dsonar. Host. Url = http://180.8.2.99:9000 - Dsonar. Login = c3e9b746e26f0fef387a0e8eb4ccfc0d6c6a94b0Copy the code

Note: The last login parameter is available on the Web system page

1. The create Token page is displayed

2. Manually generate a token

3. Analyze code quality using maven commands

4. After the analysis is complete, log in to the Web system to view and download the analysis report

Q&A

SonarQube solves the problem of code misjudgment

SonarQube solves miscarriages of justice in two ways

1. The first is through comments

Comment the line of code that has been misjudged: //NOSONAR

// The user here may be null with sonar
String name = user.getName(); //NOSONAR
Copy the code

Note: Comments must come after the same line of code.

2. The second is to use the annotation @SuppressWarnings

Annotate a class or method with the @SuppressWarnings annotation

@SuppressWarnings("squid:S1309")
public class Example {
	...

	@SuppressWarnings("all")
	public void example(){
	}
}
Copy the code

@suppressWarnings (” all “) // Ignore all rules @SuppressWarnings(” squid:S2259 “) // Ignore specified rules @SuppressWarnings({” squid:S2259 “, “Squid :S1309”}) // Ignore multiple specified rules

Specify the id of the rule to be written to.

Click the rule details to see the id of the rule in the upper right corner

conclusion

Welcome to wechat public account “Code zonE”, focusing on sharing Java, cloud computing related content, including SpringBoot, SpringCloud, microservices, Docker, Kubernetes, Python and other related technology dry goods, looking forward to meeting you!