When delivering a software project, most of the businesses concentrate on meeting the defined functionality and deliver the project on time but forgetting other vital factors. One such factor that commonly gets compromised intentionally or unintentionally is code quality. Code duplication, potential bugs, a bad distribution of complexities and unused methods & variables are signs of poor code quality.
Applications would function in the desired manner, but it is not an appropriate way to deliver the client’s project. Code quality affects the security, reliability, and safety of the codebase; hence, the project function. It is always significant to deliver the project with clean code, less code complexity, without code duplication and any other potential bugs.
Maintaining good coding practice during development is not adequate to achieve code quality. It is imperative to consistently analyze the source code before forwarding it to production. This is where the importance of SonarQube comes in.
What is SonarQube?
SonarQube, also known as Sonar is an open-source tool for continuous code quality that measure and analyze the source code. It is built in Java, but capable to analyze code in 20 diverse languages. SonarQube that not only checks the code and highlights the issues, but also tracks and monitors the code continuously and ensures flawless code integration as well as deployment. It can display the result of the analysis in a visually appealing way using nice charts, ‘green & red lights’, and issues list. Here is an example of Sonarscanner analysis result.
Sonar incorporates the following sections of code quality:
- Architecture and Design
- Unit tests
- Duplicated code
- Potential bugs
- Complex code
- Coding standards
Benefits of SonarQube
- Detects And Alerts - It detects the errors in the code and automatically alert developers to address them before sending for production
- Sustainability – Reduces complexity, potential bugs and duplications in the code, thereby maximizes the lifetime of applications
- Productivity – Reduces the application size, maintenance cost and risk; as such, eliminates the need to spend more time on changing code
- Raise Quality – Determines where the code standards are violated and increases the quality
- Increase Developer Skills – Consistent feedback on the quality issues encourages the developers to increase their coding skills
- Scale With Business Needs – No limitation in the number of projects to be tested
- Enable Continuous Code Quality Management – Code quality checking constitutes an inseparable part of the software development process
- Define & Increment Requirements Efficiently – Equipped with predefined quality standards that can give instant insight into the code quality
Steps to setup Sonarscanner in your Linux System
Note:- To run .sh file, use bash command
- Run shell script file sonarscanner.sh
- After that, you have to tweak some settings to persuade the scanner to work with the Linux server. To edit, open the config file:
sudo nano /opt/sonarscanner/sonar-scanner-22.214.171.1247-linux/conf/sonar-scanner.properties
- First, mention where you want the scanner to show the result of code analysis. Set the URL of your server on the line starting with sonar.host.url :
#----- Default SonarQube server
sonar.host.url=<Your SonarQubeserver URL>
- It’s time to run the sonar-scanner by passing the token:
sonar.login=<Your SonarQubeserver Token>
@sonar.login:- To get this token you have to login into URL, which you have given as host URL:
Go to My account page
Go to the security tab and generate a token by giving any name, which you like.
After that, place the generated token into the sonar.login parameter
Save and close the sonar-scanner.properties file.
- Run shell script file sonar-project.properties.sh to createproperties file in which project/ folder you need to run the sonar scanner:
- Then, execute the script file using the command below:
bash sonar-project.properties.sh @sonar.projectKey @sonar.projectName @sonar.projectVersion @sonar.exclusions
Substitute @variable with your original values. Avoid using any space while declaring variable values
- Acceptable:- Test-key, TestKey
- Non-Acceptable:- Test Key
@sonar.projectKey :- This is the Unique Key for the project - To get this, go to project detail page on SonarQube
@sonar.projectName:-This is optional, as per your project name.
@sonar.exclusions:- Folder or files name which you want to exclude from the scanner.
- Go to the folder where you have added sonar-project.properties file and open terminal and run following command:-
- After solving bugs related to Sonarqube and again run the sonar scanner command
Focusing on innovation and automating as many manual tasks you can makes you the best choice for your customers. Source code is the core of each project and making code quality is imperative to ensure the overall quality of the product. With this SonarQube setup on your server, you can simply run a scan and find where the potential bug is!