Analyse code metrics with Sonar - codecentric AG Blog

:

Code metrics are one means of quality assurance for software projects. Most likely everyone has already worked with tools like Cobertura, FindBugs or Checkstyle.

Sonar combines the functionalities of these (and additional) tools for static code analysis and offers a comfortable web frontend to analyze the collected data.

Sonar_Screenshot

The easiest way to take Sonar into use is together with Maven once the initial problems with the plugin are solved (see box). It is also possible to use other build systems. Hudson is supported with an an own Sonar PlugIn. But it is also easily possible to integrate Sonar as a “Freestyle” project in Hudson, which has the advantage that this project can then be scheduled individually. When using the startup from the command line of course also other CI-Systems (Continuous Integration) can be used. In the following box it is explained how to take Sonar into use and start it from the command line for an existing project.

When trying to take Sonar into use in a Maven project for the first time this results typically in the following error message:
The plugin ‘org.apache.maven.plugins:maven-sonar-plugin’ does not exist or no valid version could be found
POM ‘org.codehaus.sonar:sonar-maven-plugin’ not found in repository: Unable to download the artifact from any repository

None of the suggestions for solving this problem (e.g. deleting org/codehaus/mojo from the Maven repository) I found in the internet was really working for me. In the end the solution was to add the following lines of code to the project’s pom.xml file and thus including the Sonar PlugIn explicitly:

<plugin>
<groupId>org.codehaus.sonar</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>1.8</version>
</plugin>

After this change all required artefacts are downloaded automatically when calling Maven with the Sonar goal. Well, all but one. Somehow the stax2-api could not be retreived automatically and I had to download it manually. Then it could be added to the Maven repository with the following command:

mvn install:install-file -DgroupId=org.codehaus.woodstox -DartifactId=stax2-api -Dversion=3.0.1 -Dpackaging=jar -Dfile=<file>

Now Sonar can be taken into use for the corresponding Maven project by starting Maven as follows:

mvn -e -B -f <Path-to-POM-File> sonar:sonar

Of course this requires that already a Maven-install has been executed for this project beforehand. Otherwise it is also possible to combine all those Maven goals in one step.

Sonar as such is running as an own Web-Server and should be connected to an enterprise database system. It is recommended to really use the integrated Derby database only for evaluation purposes. The details of the system requirements for Sonar can be found from here.

Once installed and configured Sonar offers a real added value. By combining the different tools under one frontend it enables the user to find potential problems in the code very quickly. In addition it is possible to have individual profiles for different projects. Those profiles can be created best as a copy from one of the three predefined profiles.

I think Sonar is really a great tool and definitly worth a very close look. The straight integration with Maven and Hudson (or another CI-System) are a big advantage. The web frontend is showing all the collected information in an excellent way and is thus supporting the user in finding potential problems. The possibility to edit the rules easily using the web frontend is fitting perfectly into the good overall picture.