This tutorial will show you how to analyze code quality of Java applications using SonarQube. Maintaining the quality of code is an important part of the application and it is required to find out any bugs, issues in the developed code so that we can remove any kind of vulnerabilities from the application before moving to the production.

SonarQube provides the capability to not only show health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality mechanically.

For more information on SonarQube please read https://www.sonarqube.org/

In this example we will first create a simple Java project (you can create any Java based application – spring, jsf, struts or any Java based application). Then we will use two different configurations – maven and gradle, for maintaining code quality using SonarQube. Once we configure the SonarQube and run the simple maven or gradle command then the project or application will automatically be appeared in the SonarQube dashboard where you can analyze the code smells, bugs or any other vulnerabilities in the application and fix accordingly.

Prerequisites

SonarQube, JDK, Maven, Gradle, Java based IDE

Create Java application

Create below class

package jeejava;

public class Calculator {
    public int add(int a, int b) {
        return a + b;
    }

    public int subtract(int a, int b) {
        return a - b;
    }

    public int multiply(int a, int b) {
        return a * b;
    }

    public int divide(int a, int b) {
        return a / b;
    }
}

Create below main class

package jeejava;

public class App {
    public static void main(String[] args) {
        System.out.println("Test App");

        Calculator calculator = new Calculator();

        System.out.println(calculator.add(5, 4));
        System.out.println(calculator.subtract(5, 4));
        System.out.println(calculator.multiply(5, 4));
        System.out.println(calculator.divide(5, 4));
    }
}

Create below junit test class

package jeejava;

import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

public class CalculatorTest {
    private Calculator calculator;

    @Before
    public void setup() {
        calculator = new Calculator();
    }

    @Test
    public void testAdd() {
        int result = calculator.add(5, 4);
        Assert.assertEquals(9, result);
    }

    @Test
    public void testSubtract() {
        int result = calculator.subtract(5, 4);
        Assert.assertEquals(1, result);
    }

    @Test
    public void testMultiply() {
        int result = calculator.multiply(5, 4);
        Assert.assertEquals(20, result);
    }

    @Test
    public void testDivide() {
        int result = calculator.divide(5, 4);
        Assert.assertEquals(1, result);
    }

    @After
    public void clean() {
        calculator = null;
    }
}

If you need gradle based configuration then use below gradle.build file

build.gradle

group 'com.jeejava'
version '1.0-SNAPSHOT'

apply plugin: 'java'
apply plugin: 'org.sonarqube'

sourceCompatibility = 1.8
targetCompatibility = 1.8

sonarqube {
    properties {
        property "sonar.projectName", "java-sonarqube"
        property "sonar.projectKey", "org.sonarqube:java-sonarqube"
    }
}

buildscript {
    repositories {
        maven {
            url "https://plugins.gradle.org/m2/"
        }
        maven {
            url "https://plugins.gradle.org/m2/"
        }
        mavenLocal()
    }
    dependencies {
        classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.5-rc1"
    }
}

test {
    ignoreFailures = true
}

repositories {
    mavenCentral()
}

dependencies {
    compile 'org.slf4j:slf4j-api:1.7.5'
    testCompile('junit:junit:4.12') {
        exclude group: 'org.hamcrest'
    }
    testCompile 'org.hamcrest:hamcrest-library:1.3'
}

In the above gradle build file we see that we have used the plugin for using the SonarQube. We have also mentioned the project name and project key for appearing in the SonarQube dashboard. We have used below instruction in the build file to avoid build failing in case junit tests are failed

test { ignoreFailures = true }

Gradle command to build the application

gradle sonarqube

If you need maven based configuration then you can use the below pom file

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>com.jeejava</groupId>
	<artifactId>java-sonarqube</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>jar</packaging>

	<name>java-sonarqube</name>
	<url>http://maven.apache.org</url>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<java.version>1.8</java.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>4.12</version>
			<scope>test</scope>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<configuration>
					<source>${java.version}</source>
					<target>${java.version}</target>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

We see in the above pom.xml file that there is no special configuration for SonarQube.

Maven command to build  the application

mvn sonar:sonar

SonarQube configuration in Windows

  1. Download SonarQube from https://www.sonarqube.org/
  2. Install SonarQube. Simply unzip the zip folder to any drive.
  3. Open command prompt and navigate to the directory <physical drive>:\sonarqube-6.1\bin\windows-x86-32
  4. Now execute the batch file StartSonar.bat
  5. Wait for few minutes to start-up the SonarQube until you see something like jvm 1 | 2017.07.16 08:14:18 INFO app[][o.s.p.m.Monitor] Process[ce] is up in the console
  6. Now hit the URL http://localhost:9000/ in the browser
  7. You will see no project in the dashboard
  8. Now build the application using either gradle or maven command
  9. Now refresh the SonarQube dashboard
  10. You will find your Java application as shown below in the screen-shot

code quality using SonarQube

Thanks for reading.

I am a professional Web developer, Enterprise Application developer, Software Engineer and Blogger. Connect me on Roy Tutorials Twitter Facebook  Google Plus Linkedin Or Email Me

Leave a Reply

Your email address will not be published. Required fields are marked *