Improving Code Quality with SonarQube
For a developer, nothing is more important than improving the quality of the code. You probably had this experience that when a project was growing bigger and bigger, you had to spend more time debugging code for inspecting issues – memory leak, null pointer and so on. SonarQube is a tool that helps developers check and analyze code quality. It also integrated with some popular IDEs like Visual Studio, Eclipse, and IntelliJ IDEA.
Download
In the download page, you can get SonarQube and related tools.
- SonarQube: the platform.
- SonarQube Scanners: scan and analyze code.
- SonarQube Plugins: code analyzers, integration, SCM engines, visualization and etc.
- SonarLint: extension for IntelliJ IDEA, Eclipse, Visual Studio, VS Code and Atom.
SonarQube License
There are four SonarQube editions: Community Edition, Developer Edition, Enterprise Edition, and Data Center Edition. Only Community Edition is free. No doubt, the programming language coverage is the first thing we care. Let’s take a look.
Community Edition
Developer Edition
Enterprise Edition and Data Center Edition
If you are a C++ developer, the Community Edition is apparently not enough for you.
Analyzing Code Quality with SonarQube
Run SonarQube
Download and extract the package of SonarQube 6.7.2 or SonarQube 7.0.
Add sonarqube-6.7.2\bin\windows-x86-64 to system path.
Download and extract the package of SonarQube Scanner.
Add sonar-scanner-3.0.3.778-windows\bin to system path.
Run SonarQube in command line tool.
Open localhost:9000 in your web browser. Login the page (username: admin, password: admin).
Install plugins
Click Administration > Marketplace to see which edition you are using and what plugins you can install.
To install plugins manually, download jar files and copy them to sonarqube-7.0\extensions\plugins directory, and then restart SonarQube.
Assume you need to install a C++ plugin, you can do as follows.
Online
Offline
Check the code on the fly
When writing code, we’d better avoid writing low-quality code. In Visual Studio Code, we can install SonarLint extension to find code problem in real-time.
SonarQube Example: analyze an Android projects
Create a configuration file sonar-project.properties in the root directory of the project and run sonar-scanner.
If you follow the official tutorial to create the configuration file, you will get the error message when running.
Add sonar.java.binaries to the configuration file:
# must be unique in a given SonarQube instance
sonar.projectKey=dynamsoft:barcode
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=Barcode
sonar.projectVersion=4.2
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=.
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
sonar.java.binaries=.
Once the scanning is done, open http://localhost:9000/dashboard?id=dynamsoft%3Abarcode to view the analysis report.
Now you can optimize your code referring to the report.