An Introduction to SonarQube

sonarQuality of the code is essential for agile development environment as there can be frequent changes in requirements which lead to frequent code changes. Therefore the source code should be written in a way that it can be maintained and extended easily. In order to achieve this, developers should be thoroughly concerned about the coding standards and best practices.  SonarQube can be highly beneficial for developers to ensure that their code is in high quality. This article gives you a brief introduction about the SonarQube and its major advantages.

What is SonarQube ?
SonarQube is a free and open source code quality measuring and management tool which is developed using java and maintained by sonarsource.  You can download SonarQube, install locally and use it as it is, or else you can develop a customized version by specifying your own rules.

It is a static code analysis tool which is consisted of multiple third party analysis tools, embedded into the core system. Source code files and relevant binaries are given as the input to SonarQube. It analyzes the given source code along with the binaries and calculates a set of metrics which is called “Developers’ Seven Deadly Sins”. SonarQube saves the calculated measures in a database and showcases them in a rich web based dashboard. Recursive implementation of the aforementioned process helps to get multiple snapshot analysis of the source code and understand how the code improved over time.

Seven axes of quality

Why we need SonarQube? 
There are number of standalone code analysis tools available which focus on different programming languages and code quality metrics. For example, ReShaper and Fxcop for C#, Findbugs and PMD for Java and JSHint for JavaScript.  Even though both PMD and Findbugs are developed, focusing on the same programming language, they assess different code quality metrics. Therefore, it is a tedious task to execute these standalone tools separately to identify different types of code quality issues in a source code. SonarQube helps to overcome this issue since it is a combination of multiple code quality measuring tools which focus on different types of quality aspects. Developers can view the code issues through one single interface.

This not only for developers

Developers
SonarQube assists not only to improve the code quality but also to improve the coding skills of developers. It provides a vast knowledge about the coding standards, best practices and etc. When developers regularly use the SonarQube and identify the coding standard violations, they tend to adhere to those standards even at the time of coding.

Technical management
SonarQube can be configured with version control system to track down the code changes along with developers who made those changes. This is useful to identify which developers need more training in the team’s coding practices.

Non technical management
Technical debt is invisible in most of the organizations. Technical debt is important to non technical and financial people. Technical management wants to see how measurable code quality going on. They don’t understand complexity and duplications. If we can give them numbers or we can present it using working days or code quality measure in currency then they can take decisions form it.

How to use it ?
You can download and install SonarQube very easily using their documentation.

You can integrate SonarRunner to your CI environment or run it in command line. It will take approximately 10-15 min for a typical project. If we configure CI environment to run analysis nightly, next day morning all developers can see dashboard and see what happened from previous day. They also can subscribe to receive rule violations via email.

It is useful for developers, if they can identify the standard violations before committing the code the version control system. There is an officially supported plugin for Eclipse and, community developed plugins for Visual Studio. But, it is always recommended to use official plugins such as ReShaper and FxCop. There are no major disadvantages of integrating these plugins with your IDE.

They provide features to asses the quality of all 7 metrics. I will give brief introduction, but you can check documentation for more details

Duplications
It is the worst one and easiest to make. All developers do code duplications. So they duplicate complexity,  lack of unit test coverage and bugs.
duplications
Lack of Unit Tests
They not only provide unit test coverage but also integration test coverage.
TestsAndCoverage
Bad Distribution of Complexity
They use cyclomatic complexity and lack of cohesion of method, responsibilities for class and class coupling for calculate the complexity.
Complexity
Spaghetti Design
Currently this service is compatible with Java projects only.
PackageDesign
Not Enough or Too Many Comments
This plugin provide the amount of documentation and comments used in your project. Although comments may not be important in agile development, there may be projects which need thorough documentation.
Documentation
Bugs and Potential Bugs/Coding Standards Breach
This plugin shows a summary of coding rule violations which you can drill down to find out further details.
IssuesAndTechDebt
Above widget also shows the technical debt. It uses 7 axes of the quality and produce one number. But how does it compare to this other project that has about the same amount of technical debt but that is far smaller?

This is where the Technical Debt Ratio metric is interesting.
TechnicalDebtSysnopsis (1)
This metric gives the ratio estimated based on either the number of lines of code or the overall complexity, which means that the value for this metric depends on the size of the project.

Important fact about Technical Debt
When you first adopt SonarQube, the technical debt is likely to be too high because you can easily address a large number of issues. There can be rules that may be not correct in your context and places may be false positive.  When you have tuned the rule set and fixed the easy-to-fix issues, the number may be to low in many cases.

Can SonarQube identify all the code quality issues in your code ?
The Answer is No. It will help you to write good intended, duplication free, unit tested source code which can be understood easily. It also helps you to maintain your code according to the standard coding best practices. But with this we need to do peer reviews because still there can be places that need to refactor or that can be replaced by a design pattern. Beyond that there are extensive amount of features available in SonarQube to improve the quality of your code.

The main intention of this article was to give you a brief introduction about SonarQube and its advantages. Using SonarQube will help you get your quality up, your team aligned and your client happy.

3 thoughts on “An Introduction to SonarQube

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s