Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Static code analysis with sonar qube

836 Aufrufe

Veröffentlicht am

Static Code Analysis with Sonar Qube for Maven and Gradle Projects.

Veröffentlicht in: Technologie
  • Login to see the comments

  • Gehören Sie zu den Ersten, denen das gefällt!

Static code analysis with sonar qube

  1. 1. Static Code Analysis with SonarQube hayi.nkm - Software Engineer in Test
  2. 2. “All code is guilty, until proven innocent.”– Anonymous
  3. 3. Static Analysis Static analysis or also known as Static Code Analysis is a process to analyze the source code of a software without running the software itself. Static Analysis are generally used by developers as part of the development and component testing process.
  4. 4. Benefits... Detecting the possible bugs on your code (crash, memory leak, stack overflow, buffer overflow, etc), Find any vulnerabilities in the corner of your applications (clumsy developer miss), Finding possible wrong logic and any bad practice on your project, Finding areas of the code that may need more testing or deeper review,
  5. 5. Benefits… (cont) Finding duplicate code which is could be moved into another methods to reduce code complexity, Identifying design issues such as Cyclomatic Complexity and helping reduce the code complexity improve maintainability, Identifying potential software quality issues before the code moves to production.
  6. 6. Sonar Qube
  7. 7. Architecture... img src: http://tech.gaeatimes.com
  8. 8. Setting up SQ Server. (Mac) $ brew install sonar
  9. 9. Setting up SQ Server. (Linux) # download SonarQube $ wget http://dist.sonar.codehaus.org/sonarqube-5.X.zip # Unzip and move file into /opt/ $ unzip sonarqube-5.X.zip $ mv sonarqube-5.X /opt/sonar
  10. 10. Setting up Databases (MySQL) $ mysql -u root -p CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci; CREATE USER 'sonar' IDENTIFIED BY 'sonar'; GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar'; GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar'; FLUSH PRIVILEGES;
  11. 11. Connect SQ to Databases Open /opt/sonar/conf/sonar.properties sonar.jdbc.username=sonar sonar.jdbc.password=sonar sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&c haracterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=max Performance
  12. 12. Setting up web server. Open /opt/sonar/conf/sonar.properties sonar.web.host=127.0.0.1 sonar.web.context=/sonar sonar.web.port=9000
  13. 13. Starting sonar... $ sonar start Or $ sudo sonar start
  14. 14. Analyzing Maven Projects Gradle Projects
  15. 15. Maven
  16. 16. Setting up Maven. Edit the settings.xml file, located in $MAVEN_HOME/conf or ~/.m2 <settings> <pluginGroups><pluginGroup>org.sonarsource.scanner.maven</pluginGroup></pluginGroups> <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url>http://myserver:9000</sonar.host.url> </properties> </profile> </profiles> </settings>
  17. 17. Analyzing Maven Projects $ mvn clean verify sonar:sonar ## In some cases: $ mvn clean install $ mvn sonar:sonar
  18. 18. Gradle
  19. 19. Setting up Gradle Projects Add this line into build.gradle plugins { id "org.sonarqube" version "1.2" } apply plugin: "org.sonarqube" sonarqube { properties { property "sonar.host.url", "http://myserver:9000" property "sonar.sourceEncoding", "UTF-8" property "sonar.language", "java" property "sonar.profile", "Android Lint" property "sonar.projectKey","PROJECT-KEY" property "sonar.projectName","PROJECT_NAME" property "sonar.projectVersion","VERSION" property "sonar.java.source", "1.7" property "sonar.sources", "./" } }
  20. 20. Analyzing Gradle Project $ ./gradlew clean check sonarqube
  21. 21. Sample Reports
  22. 22. Sample Reports.
  23. 23. Thank you…. Image credits: www.sonarqube.org http://tech.gaeatimes.com

×