SlideShare ist ein Scribd-Unternehmen logo

[DOC] Java - Code Analysis using SonarQube

•Als DOCX, PDF herunterladen•
•
Angelin R
Angelin R

[Word document] Java - Code Analysis using SonarQube

Technologie
1 von 30
@ardentlearner 1 CODE ANALYSIS USING SONARQUBE Author - ANGELIN
@ardentlearner 2 TABLE OF CONTENTS 1. INTRODUCTION....................................................................................................................................................4 1.1 SonarQube ...................................................................................................................................................4 1.2 SonarQube Features ....................................................................................................................................4 2. Environment setup to use SonarQube.................................................................................................................5 2.1 SonarQube Server and SonarQube Runner – Setup ....................................................................................5 2.2 SonarQube Server Setup Validation.............................................................................................................6 2.3 Environment Variables Setup.......................................................................................................................8 3. Analyzing a Non - Maven project.........................................................................................................................9 3.1 Setup Of Non - Maven Project For SonarQube Analysis ..............................................................................9 3.2 Generating and Viewing the SonarQube report ........................................................................................11 4. Analyzing a Maven project.................................................................................................................................12 4.1 Maven and Environment Setup .................................................................................................................12 Installing Maven.................................................................................................................................................12 Configuring Maven.............................................................................................................................................12 4.2 Setup Of Maven Project For SonarQube Analysis......................................................................................14 4.3 Generating and Viewing the SonarQube report ........................................................................................16 Run SonarQube analysis.....................................................................................................................................16 Viewing the SonarQube report ..........................................................................................................................16 5. Analyzing with SonarQube Ant Task ..................................................................................................................17 5.1 Installing and Configuring SonarQube Ant Task.........................................................................................17 Prerequisites ......................................................................................................................................................17 SonarQube Ant Task Installation........................................................................................................................17 5.2 Ant Build Script configuration ....................................................................................................................17 5.3 Generating and Viewing the SonarQube report ........................................................................................18 Run SonarQube analysis.....................................................................................................................................18 Viewing the SonarQube report ..........................................................................................................................19
@ardentlearner 3 6. Analysis using SonarQube Eclipse Plugin ...........................................................................................................19 6.1 Installing SonarQube Eclipse plugin ...........................................................................................................19 6.2 Configuring SonarQube Eclipse plugin .......................................................................................................23 6.3 Linking a Project to One Analyzed on a SonarQube Server .......................................................................24 6.4 Working with SonarQube in Eclipse...........................................................................................................26 Run SonarQube analysis.....................................................................................................................................26 Viewing Issues using SonarQube Views in Eclipse .............................................................................................26 7. References .........................................................................................................................................................30
@ardentlearner 4 1. INTRODUCTION This document contains all essential information required to install and configure SonarQube and execute SonarQube analysis in Maven and non-Maven projects. 1.1 SONARQUBE SonarQube™ software (previously known as “Sonar”) is an open source project for Continuous Inspection of code quality hosted at Codehaus. It is distributed under license LGPL v3. 1.2 SONARQUBE FEATURES SonarQube covers the 7 axes of code quality:  Architecture & Design  Comments  Coding rules  Potential Bugs  Duplications  Unit Tests  Complexity SonarQube can perform analysis on 25+ different languages. The outcome of this analysis will be quality measures and issues (instances where coding rules were broken). However, what gets analyzed will vary depending on the language:  On all languages, a static analysis of source code is performed (Java files, COBOL programs, etc.)  A static analysis of compiled code can be performed for certain languages (.CLASS files or jars in Java, .DLL files in C#, etc.)  A dynamic analysis of code can be performed on certain languages (execution of unit tests in Java, C#, etc.)
@ardentlearner 5  SonarQube is also used for Android Development.  SonarQube internally uses PMD, Findbugs, CheckStyle etc.  Integration of SonarQube with standard ALM components such as Maven, Ant, SVN, Git, Mercurial, JIRA, Mantis, Google Analytics, Piwik, Fortify etc. comes out of the box. 2. ENVIRONMENT SETUP TO USE SONARQUBE 2.1 SONARQUBE SERVER AND SONARQUBE RUNNER – SETUP  Java - Download and install latest version of Java if it is not already available.  SonarQube - Download latest version of SonarQube from http://www.SonarQube.org/downloads and unzip to desired location.  SonarQube Runner - Download latest version of SonarQube runner from http://docs.codehaus.org/display/SONAR/Installing+and+Configuring+Sonar+Runner and unzip to desired location. NOTE: SonarQube Runner is recommended as the default launcher to analyze a project with SonarQube.
@ardentlearner 6 2.2 SONARQUBE SERVER SETUP VALIDATION 1. Start the SonarQube server using the startup script available in SONAR_HOMEbin folder. NOTE: In SONAR_HOMEbin folder, subfolders appropriate to the Operating System will be available and they will in turn contain the SonarQube server startup scripts.
@ardentlearner 7 EXAMPLE: SONAR_HOMEbinwindows-x86-32StartSonar.bat 2. After the server starts, access the web interface of the SonarQube at http://localhost:9000/ Note: ď‚· For remote access, replace localhost with the address of the SonarQube server. ď‚· 9000 is the default port and can be changed in SONAR_HOMEconfsonar.properties ď‚· Default credentials is admin/admin
@ardentlearner 8 2.3 ENVIRONMENT VARIABLES SETUP 1. Set a new environment variable as SONAR_RUNNER_HOME. And its value should be the unzipped path of sonar-runner zip file. Example, “C:Program Files (x86)sonar-runner-2.4” 2. Append Sonar Runner’s bin path (%SONAR_RUNNER_HOME%bin) to the environment variable “PATH”. 3. Update the global settings (database connection, server URL) by editing sonar-runner.properties file under Sonar Runner’s conf folder. <Sonar_runner_installed_directory>/conf/sonar-runner.properties
@ardentlearner 9 3. ANALYZING A NON - MAVEN PROJECT 3.1 SETUP OF NON - MAVEN PROJECT FOR SONARQUBE ANALYSIS A sonar-project.properties file has to be placed into the root of the project folder.
@ardentlearner 10 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 1. Prepare a similar file with content relevant to the Project to be analyzed. 2. Place the sonar-project.properties files into the root of the project folder.
@ardentlearner 11 3.2 GENERATING AND VIEWING THE SONARQUBE REPORT 1. Ensure that the steps in Section 2 above are executed and the SonarQube server is started. 2. Go to command line and change directory (cd) to the project’s root directory and run the command [path of sonar-runner]binsonar-runner.bat 3. Upon successful execution of the above command, check the SonarQube dashboard by opening SonarQube Server’s admin page at http://localhost:9000 (default URL). Default credentials – admin/admin. 4. The project will be listed on the dashboard with the name given in sonar-project.properties file. 5. Click on the project name and explore further to view the code analysis report. A sample report is shown below: Note: The above result is only from PMD and Checkstyle execution by SonarQube. To run code coverage as well as Findbug plugins, the binary path is needed in the sonar-project.properties file.
@ardentlearner 12 4. ANALYZING A MAVEN PROJECT 4.1 MAVEN AND ENVIRONMENT SETUP INSTALLING MAVEN Download and install Maven (with a version compatible with the SonarQube version installed) if not already installed. CONFIGURING MAVEN 1. Edit the settings.xml file located in $MAVEN_HOME/conf or ~/.m2, to set the database parameters to be used as well as the SonarQube server URL. Example: <settings> <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Example for MySQL--> <sonar.jdbc.url>
@ardentlearner 13 jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8 </sonar.jdbc.url> <sonar.jdbc.username>sonar</sonar.jdbc.username> <sonar.jdbc.password>sonar</sonar.jdbc.password> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url> http://localhost:9000 </sonar.host.url> </properties> </profile> </profiles> </settings> Note: The Maven plugin requires some additional configuration to establish a connection to the web platform, where it reports the results of the analysis – sonar.host.url and sonar.jdbc.url will help with that. Other properties, like sonar.analysis.mode, sonar.profile and sonar.dynamicAnalysis configure the plugin to gather certain statistics only. 2. Restart the SonarQube server.
@ardentlearner 14 4.2 SETUP OF MAVEN PROJECT FOR SONARQUBE ANALYSIS 1. Go to the Maven project and edit pom.xml file adding the SonarQube plugin for the Maven version (http://docs.codehaus.org/display/SONAR/Analyzing+with+Maven) Maven3 configuration: <build> <pluginManagement> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>2.0</version> </plugin> <plugins> </pluginManagement> </build> 2. A sonar-project.properties file has to be placed into the root of the project folder.
@ardentlearner 15 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 a) Prepare a similar file with content relevant to the Project to be analyzed. b) Place the sonar-project.properties files into the root of the project folder.
@ardentlearner 16 4.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS From the project root directory where the pom.xml file is also placed, execute the following command giving user/password credentials: mvn sonar:sonar Note: # The sonar:sonar goal must be executed in a dedicated mvn command mvn clean install mvn sonar:sonar # The following command may lead to unexpected issues mvn clean install sonar:sonar VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report.
@ardentlearner 17 5. ANALYZING WITH SONARQUBE ANT TASK 5.1 INSTALLING AND CONFIGURING SONARQUBE ANT TASK The SonarQube Ant Task allows integration of SonarQube analysis into an Apache Ant build script. PREREQUISITES ď‚· Ant 1.7.1 or higher ď‚· Java 1.6 or higher SONARQUBE ANT TASK INSTALLATION Download the SonarQube Ant Task on your machine. Download Path: http://repository.codehaus.org/org/codehaus/sonar-plugins/sonar-ant-task/2.1/sonar-ant-task-2.1.jar 5.2 ANT BUILD SCRIPT CONFIGURATION Define a new sonar Ant target in your Ant build script: build.xml <project name="My Project" default="all" basedir="." xmlns:sonar="antlib:org.sonar.ant"> ... <!-- Define the SonarQube global properties (the most usual way is to pass these properties via the command line) --> <property name="sonar.jdbc.url" value="jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8" /> <property name="sonar.jdbc.username" value="sonar" /> <property name="sonar.jdbc.password" value="sonar" /> ... <!-- Define the SonarQube project properties -->
@ardentlearner 18 <property name="sonar.projectKey" value="org.codehaus.sonar:example-java-ant" /> <property name="sonar.projectName" value="Simple Java Project analyzed with the SonarQube Ant Task" /> <property name="sonar.projectVersion" value="1.0" /> <property name="sonar.language" value="java" /> <property name="sonar.sources" value="src" /> <property name="sonar.binaries" value="build/*.jar" /> ... <!-- Define the SonarQube target --> <target name="sonar"> <taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml"> <!-- Update the following line, or put the "sonar-ant-task-*.jar" file in your "$HOME/.ant/lib" folder --> <classpath path="path/to/sonar/ant/task/lib/sonar-ant-task-*.jar" /> </taskdef> <!-- Execute the SonarQube analysis --> <sonar:sonar /> </target> ... 5.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS Run the following command from the project base directory to launch the analysis: ant sonar
@ardentlearner 19 VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report. 6. ANALYSIS USING SONARQUBE ECLIPSE PLUGIN The SonarQube Eclipse Plugin provides a comprehensive integration of SonarQube in Eclipse for Java, C/C++ and Python projects. 6.1 INSTALLING SONARQUBE ECLIPSE PLUGIN  If a previous version of SonarQube Eclipse plugin is already installed, you can update it. Go to Help > Check for Updates.  To install SonarQube Eclipse plugin in Eclipse IDE: 1. Go to Help > Eclipse Marketplace... and search for "SonarQube"
@ardentlearner 20 This should display the list of available plugins and components:
@ardentlearner 21 Or Go to Help > Install New Software... This should display the Install dialog box. Paste the Update Site URL (http://dist.sonar-ide.codehaus.org/eclipse/ the latest version or http://dist.sonar-ide.codehaus.org/eclipse-archives/ for previous ones) into the field Work with and press Enter. This should display the list of available plugins and components:
@ardentlearner 22 1. Check the SonarQube components to install. 2. Click Next. Eclipse will then check to see if there is any issue which would prevent a successful installation. 3. Click Finish to begin the installation process. Eclipse will then download and install the necessary components. 4. Once the installation process is finished, Eclipse will ask if you want to restart the IDE. It is strongly recommended that you restart the IDE.
@ardentlearner 23 6.2 CONFIGURING SONARQUBE ECLIPSE PLUGIN ď‚· A project should have been already created and configured with SonarQube server in order to start analyzing it with SonarQube in Eclipse. ď‚· The SonarQube server connection should be established before attempting to run the analysis. This can be ensured by testing the Server connection in Eclipse through the menu option: Windows > Preferences > SonarQube > Servers. Default server is http://localhost:9000/
@ardentlearner 24 If the test does not return the message “Successfully connected!”, then start the SonarQube server and retest the connection using the same steps. 6.3 LINKING A PROJECT TO ONE ANALYZED ON A SONARQUBE SERVER LINKING FOR THE FIRST TIME Once the SonarQube server is defined, the next step is to link your Eclipse project with a project defined on this SonarQube server. To do so, right-click on the project in the Project Explorer, and then choose the option Configure > Associate with SonarQube
@ardentlearner 25 A dialog appears with the SonarQube project text field. Start typing the name of the project in the text field against SonarQube project column and select it in the list box: Click on Finish. Now the project is associated to the one analyzed on the SonarQube server and the SonarQube reports can be viewed within eclipse. Note: Automatic association for Maven projects For Maven projects, the association is performed automatically.
@ardentlearner 26 6.4 WORKING WITH SONARQUBE IN ECLIPSE RUN SONARQUBE ANALYSIS To run a new analysis, right click on the project and go to SonarQube > Analyze. Note: You can also hit Ctrl+Alt+Q wherever you are in your project to trigger a new analysis. VIEWING ISSUES USING SONARQUBE VIEWS IN ECLIPSE Four different views are available in Eclipse to browse the quality of the projects: ď‚· SonarQube Issues that list the issues on the selected component ď‚· SonarQube Issue Editor to review the issue
@ardentlearner 27 ď‚· SonarQube Rule Description to get the detailed description of the rule that is violated ď‚· SonarQube Web Browser SONARQUBE ISSUES The SonarQube Issues view displays the list of issues of the selected component (project, module, file, etc.). To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issues. Problems and Markers views also display issues. Issues are flagged in the source code viewer. New issues (compared to the latest version on the SonarQube server) are highlighted in yellow. This allows you to focus on the new issues that you have introduced.
@ardentlearner 28 You can add/remove/order columns, group issues (by severity, new issues only, ...), filter issues (new issues only, issues assigned to me, ...), sort (by assignee, ...). Note: "Resolved" issues are not displayed. SONARQUBE ISSUE EDITOR This view allows you to review the selected issue (add comments, confirm it, plan it, etc.) the same way you would do it through the web interface. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issue Editor.
@ardentlearner 29 Note: It is not possible to review new issue that you have introduced. SONARQUBE RULE DESCRIPTION This view allows you to access the detailed description of the coding rule of the selected issue. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Rule Description. SONARQUBE WEB BROWSER This view allows you to access the SonarQube web interface. This view is automatically displayed when clicking on SonarQube > Open in SonarQube server. It can also be displayed by going to Window > Show View > Other... > SonarQube > SonarQube Web Browser.
@ardentlearner 30 7. REFERENCES 1. Compatibility matrix showing the versions compatible between SonarQube, SonarQube Ant Task, SonarQube Runner and Maven at : http://docs.codehaus.org/display/SONAR/Analyzing+Source+Code#AnalyzingSourceCode- CompatibilityMatrix 2. http://docs.codehaus.org/display/SONAR/Working+with+SonarQube+in+Eclipse

Empfohlen

Sonarqube
SonarqubeSonarqube
SonarqubeKalkey
 
Java Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeJava Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeAngelin R
 
Sonar
SonarSonar
Sonarprabakaranbrick
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qubeHayi Nukman
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning TalkJonathan Gregory
 
Jenkins with SonarQube
Jenkins with SonarQubeJenkins with SonarQube
Jenkins with SonarQubeSomkiat Puisungnoen
 
Sonarqube
SonarqubeSonarqube
SonarqubePeerapat Asoktummarungsri
 
SonarQube
SonarQubeSonarQube
SonarQubeGnanaseelan Jeb
 

Empfohlen

Sonarqube
SonarqubeSonarqube
SonarqubeKalkey
 
Java Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeJava Source Code Analysis using SonarQube
Java Source Code Analysis using SonarQubeAngelin R
 
Sonar
SonarSonar
Sonarprabakaranbrick
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qubeHayi Nukman
 
Code Quality Lightning Talk
Code Quality Lightning TalkCode Quality Lightning Talk
Code Quality Lightning TalkJonathan Gregory
 
Jenkins with SonarQube
Jenkins with SonarQubeJenkins with SonarQube
Jenkins with SonarQubeSomkiat Puisungnoen
 
Sonarqube
SonarqubeSonarqube
SonarqubePeerapat Asoktummarungsri
 
SonarQube
SonarQubeSonarQube
SonarQubeGnanaseelan Jeb
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? Geeks Anonymes
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisPrashant Gupta
 
Tracking your Technical Debt with Sonarqube
Tracking your Technical Debt with SonarqubeTracking your Technical Debt with Sonarqube
Tracking your Technical Debt with SonarqubePuppet
 
KARMA: Adaptive Android Kernel Live Patching
KARMA: Adaptive Android Kernel Live PatchingKARMA: Adaptive Android Kernel Live Patching
KARMA: Adaptive Android Kernel Live PatchingYue Chen
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzern|u - The Open Security Community
 
A new Codemodel for Codemetrics
A new Codemodel for Codemetrics A new Codemodel for Codemetrics
A new Codemodel for CodemetricsMax Kleiner
 
Best Practices of Static Code Analysis in the SDLC
Best Practices of Static Code Analysis in the SDLCBest Practices of Static Code Analysis in the SDLC
Best Practices of Static Code Analysis in the SDLCParasoft_Mitchell
 
Beyond the basics of SonarQube: improve your Java(Script) code even further
Beyond the basics of SonarQube: improve your Java(Script) code even furtherBeyond the basics of SonarQube: improve your Java(Script) code even further
Beyond the basics of SonarQube: improve your Java(Script) code even furtherJohan Janssen
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQubeDmytro Patserkovskyi
 
Code Review with Sonar
Code Review with SonarCode Review with Sonar
Code Review with SonarMax Kleiner
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Applicationn|u - The Open Security Community
 
Introduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationIntroduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationKelwin Yang
 
Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoEvgeny Mandrikov
 
Vinayak_Sdet_DevOps_Bigdata_5_years
Vinayak_Sdet_DevOps_Bigdata_5_yearsVinayak_Sdet_DevOps_Bigdata_5_years
Vinayak_Sdet_DevOps_Bigdata_5_yearsVinayaka V Ladwa
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applicationshubx
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerManu Pk
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualityLarry Nung
 
Java convention
Java conventionJava convention
Java conventionTan Tran
 
Subversion howto
Subversion howtoSubversion howto
Subversion howtoChandra Shekar Goud Panugulla
 

Weitere ähnliche Inhalte

Was ist angesagt?

Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? Geeks Anonymes
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisPrashant Gupta
 
Tracking your Technical Debt with Sonarqube
Tracking your Technical Debt with SonarqubeTracking your Technical Debt with Sonarqube
Tracking your Technical Debt with SonarqubePuppet
 
KARMA: Adaptive Android Kernel Live Patching
KARMA: Adaptive Android Kernel Live PatchingKARMA: Adaptive Android Kernel Live Patching
KARMA: Adaptive Android Kernel Live PatchingYue Chen
 
A new Codemodel for Codemetrics
A new Codemodel for Codemetrics A new Codemodel for Codemetrics
A new Codemodel for CodemetricsMax Kleiner
 
Best Practices of Static Code Analysis in the SDLC
Best Practices of Static Code Analysis in the SDLCBest Practices of Static Code Analysis in the SDLC
Best Practices of Static Code Analysis in the SDLCParasoft_Mitchell
 
Beyond the basics of SonarQube: improve your Java(Script) code even further
Beyond the basics of SonarQube: improve your Java(Script) code even furtherBeyond the basics of SonarQube: improve your Java(Script) code even further
Beyond the basics of SonarQube: improve your Java(Script) code even furtherJohan Janssen
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQubeDmytro Patserkovskyi
 
Code Review with Sonar
Code Review with SonarCode Review with Sonar
Code Review with SonarMax Kleiner
 
Introduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationIntroduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationKelwin Yang
 
Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoEvgeny Mandrikov
 
Vinayak_Sdet_DevOps_Bigdata_5_years
Vinayak_Sdet_DevOps_Bigdata_5_yearsVinayak_Sdet_DevOps_Bigdata_5_years
Vinayak_Sdet_DevOps_Bigdata_5_yearsVinayaka V Ladwa
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applicationshubx
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerManu Pk
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualityLarry Nung
 

Was ist angesagt? (20)

Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ?
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysis
 
Tracking your Technical Debt with Sonarqube
Tracking your Technical Debt with SonarqubeTracking your Technical Debt with Sonarqube
Tracking your Technical Debt with Sonarqube
 
KARMA: Adaptive Android Kernel Live Patching
KARMA: Adaptive Android Kernel Live PatchingKARMA: Adaptive Android Kernel Live Patching
KARMA: Adaptive Android Kernel Live Patching
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzer
 
A new Codemodel for Codemetrics
A new Codemodel for Codemetrics A new Codemodel for Codemetrics
A new Codemodel for Codemetrics
 
Best Practices of Static Code Analysis in the SDLC
Best Practices of Static Code Analysis in the SDLCBest Practices of Static Code Analysis in the SDLC
Best Practices of Static Code Analysis in the SDLC
 
Beyond the basics of SonarQube: improve your Java(Script) code even further
Beyond the basics of SonarQube: improve your Java(Script) code even furtherBeyond the basics of SonarQube: improve your Java(Script) code even further
Beyond the basics of SonarQube: improve your Java(Script) code even further
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQube
 
Code Review with Sonar
Code Review with SonarCode Review with Sonar
Code Review with Sonar
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
 
Introduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationIntroduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android Application
 
Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android apps
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCo
 
Vinayak_Sdet_DevOps_Bigdata_5_years
Vinayak_Sdet_DevOps_Bigdata_5_yearsVinayak_Sdet_DevOps_Bigdata_5_years
Vinayak_Sdet_DevOps_Bigdata_5_years
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applications
 
The story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps EngineerThe story of SonarQube told to a DevOps Engineer
The story of SonarQube told to a DevOps Engineer
 
SonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code QualitySonarQube - The leading platform for Continuous Code Quality
SonarQube - The leading platform for Continuous Code Quality
 

Ă„hnlich wie [DOC] Java - Code Analysis using SonarQube

Java convention
Java conventionJava convention
Java conventionTan Tran
 
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...Felipe Prado
 
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_ReportAnomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_ReportCiaran McDonald
 
installation_manual
installation_manualinstallation_manual
installation_manualtutorialsruby
 
installation_manual
installation_manualinstallation_manual
installation_manualtutorialsruby
 
Linux_kernelmodule
Linux_kernelmodule Linux_kernelmodule
Linux_kernelmodule sudhir1223
 
Oracle ebs-r12-1-3installationlinux64bit
Oracle ebs-r12-1-3installationlinux64bitOracle ebs-r12-1-3installationlinux64bit
Oracle ebs-r12-1-3installationlinux64bitRavi Kumar Lanke
 
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianOracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianPan Tian
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNagios
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.Marc Trimble
 
Sonar qube configuration
Sonar qube configurationSonar qube configuration
Sonar qube configurationAyan Bhattacharjee
 
Coding guideline
Coding guidelineCoding guideline
Coding guidelineVu Nguyen
 
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoenvdmchallenge
 
20091112 - Mars Jug - Apache Maven
20091112 - Mars Jug - Apache Maven20091112 - Mars Jug - Apache Maven
20091112 - Mars Jug - Apache MavenArnaud HĂ©ritier
 
Jenkins log monitoring with elk stack
Jenkins log monitoring with elk stackJenkins log monitoring with elk stack
Jenkins log monitoring with elk stackSubhasis Roy
 
Codeconventions 150003
Codeconventions 150003Codeconventions 150003
Codeconventions 150003Tomasz Waszczyk
 

Ă„hnlich wie [DOC] Java - Code Analysis using SonarQube (20)

Java convention
Java conventionJava convention
Java convention
 
Subversion howto
Subversion howtoSubversion howto
Subversion howto
 
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
DEF CON 27 - workshop - ISAAC EVANS - discover exploit and eradicate entire v...
 
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_ReportAnomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
 
installation_manual
installation_manualinstallation_manual
installation_manual
 
installation_manual
installation_manualinstallation_manual
installation_manual
 
Linux_kernelmodule
Linux_kernelmodule Linux_kernelmodule
Linux_kernelmodule
 
Oracle ebs-r12-1-3installationlinux64bit
Oracle ebs-r12-1-3installationlinux64bitOracle ebs-r12-1-3installationlinux64bit
Oracle ebs-r12-1-3installationlinux64bit
 
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianOracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
 
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
NRPE - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core 4 and others.
 
Sonar qube configuration
Sonar qube configurationSonar qube configuration
Sonar qube configuration
 
Coding guideline
Coding guidelineCoding guideline
Coding guideline
 
Maven.pptx
Maven.pptxMaven.pptx
Maven.pptx
 
ROS ROS
ROS ROSROS ROS
ROS ROS
 
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
#VirtualDesignMaster 3 Challenge 4 - Steven Viljoen
 
20091112 - Mars Jug - Apache Maven
20091112 - Mars Jug - Apache Maven20091112 - Mars Jug - Apache Maven
20091112 - Mars Jug - Apache Maven
 
Jenkins log monitoring with elk stack
Jenkins log monitoring with elk stackJenkins log monitoring with elk stack
Jenkins log monitoring with elk stack
 
textconfig
textconfigtextconfig
textconfig
 
Codeconventions 150003
Codeconventions 150003Codeconventions 150003
Codeconventions 150003
 

Mehr von Angelin R

Comparison of Java Web Application Frameworks
Comparison of Java Web Application FrameworksComparison of Java Web Application Frameworks
Comparison of Java Web Application FrameworksAngelin R
 
The principles of good programming
The principles of good programmingThe principles of good programming
The principles of good programmingAngelin R
 
Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)Angelin R
 
A Slice of Me
A Slice of MeA Slice of Me
A Slice of MeAngelin R
 
Team Leader - 30 Essential Traits
Team Leader - 30 Essential TraitsTeam Leader - 30 Essential Traits
Team Leader - 30 Essential TraitsAngelin R
 
Action Script
Action ScriptAction Script
Action ScriptAngelin R
 
Agile SCRUM Methodology
Agile SCRUM MethodologyAgile SCRUM Methodology
Agile SCRUM MethodologyAngelin R
 
Exception handling and logging best practices
Exception handling and logging best practicesException handling and logging best practices
Exception handling and logging best practicesAngelin R
 
Tamil Christian Worship Songs
Tamil Christian Worship SongsTamil Christian Worship Songs
Tamil Christian Worship SongsAngelin R
 
Flex MXML Programming
Flex MXML ProgrammingFlex MXML Programming
Flex MXML ProgrammingAngelin R
 
Introduction to Adobe Flex
Introduction to Adobe FlexIntroduction to Adobe Flex
Introduction to Adobe FlexAngelin R
 
Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)Angelin R
 
Restful Web Services
Restful Web ServicesRestful Web Services
Restful Web ServicesAngelin R
 
Effective Team Work Model
Effective Team Work ModelEffective Team Work Model
Effective Team Work ModelAngelin R
 
Team Building Activities
Team Building ActivitiesTeam Building Activities
Team Building ActivitiesAngelin R
 
XStream
XStreamXStream
XStreamAngelin R
 

Mehr von Angelin R (16)

Comparison of Java Web Application Frameworks
Comparison of Java Web Application FrameworksComparison of Java Web Application Frameworks
Comparison of Java Web Application Frameworks
 
The principles of good programming
The principles of good programmingThe principles of good programming
The principles of good programming
 
Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)
 
A Slice of Me
A Slice of MeA Slice of Me
A Slice of Me
 
Team Leader - 30 Essential Traits
Team Leader - 30 Essential TraitsTeam Leader - 30 Essential Traits
Team Leader - 30 Essential Traits
 
Action Script
Action ScriptAction Script
Action Script
 
Agile SCRUM Methodology
Agile SCRUM MethodologyAgile SCRUM Methodology
Agile SCRUM Methodology
 
Exception handling and logging best practices
Exception handling and logging best practicesException handling and logging best practices
Exception handling and logging best practices
 
Tamil Christian Worship Songs
Tamil Christian Worship SongsTamil Christian Worship Songs
Tamil Christian Worship Songs
 
Flex MXML Programming
Flex MXML ProgrammingFlex MXML Programming
Flex MXML Programming
 
Introduction to Adobe Flex
Introduction to Adobe FlexIntroduction to Adobe Flex
Introduction to Adobe Flex
 
Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC)
 
Restful Web Services
Restful Web ServicesRestful Web Services
Restful Web Services
 
Effective Team Work Model
Effective Team Work ModelEffective Team Work Model
Effective Team Work Model
 
Team Building Activities
Team Building ActivitiesTeam Building Activities
Team Building Activities
 
XStream
XStreamXStream
XStream
 

KĂĽrzlich hochgeladen

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂşjo
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

KĂĽrzlich hochgeladen (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

[DOC] Java - Code Analysis using SonarQube

  • 2. @ardentlearner 2 TABLE OF CONTENTS 1. INTRODUCTION....................................................................................................................................................4 1.1 SonarQube ...................................................................................................................................................4 1.2 SonarQube Features ....................................................................................................................................4 2. Environment setup to use SonarQube.................................................................................................................5 2.1 SonarQube Server and SonarQube Runner – Setup ....................................................................................5 2.2 SonarQube Server Setup Validation.............................................................................................................6 2.3 Environment Variables Setup.......................................................................................................................8 3. Analyzing a Non - Maven project.........................................................................................................................9 3.1 Setup Of Non - Maven Project For SonarQube Analysis ..............................................................................9 3.2 Generating and Viewing the SonarQube report ........................................................................................11 4. Analyzing a Maven project.................................................................................................................................12 4.1 Maven and Environment Setup .................................................................................................................12 Installing Maven.................................................................................................................................................12 Configuring Maven.............................................................................................................................................12 4.2 Setup Of Maven Project For SonarQube Analysis......................................................................................14 4.3 Generating and Viewing the SonarQube report ........................................................................................16 Run SonarQube analysis.....................................................................................................................................16 Viewing the SonarQube report ..........................................................................................................................16 5. Analyzing with SonarQube Ant Task ..................................................................................................................17 5.1 Installing and Configuring SonarQube Ant Task.........................................................................................17 Prerequisites ......................................................................................................................................................17 SonarQube Ant Task Installation........................................................................................................................17 5.2 Ant Build Script configuration ....................................................................................................................17 5.3 Generating and Viewing the SonarQube report ........................................................................................18 Run SonarQube analysis.....................................................................................................................................18 Viewing the SonarQube report ..........................................................................................................................19
  • 3. @ardentlearner 3 6. Analysis using SonarQube Eclipse Plugin ...........................................................................................................19 6.1 Installing SonarQube Eclipse plugin ...........................................................................................................19 6.2 Configuring SonarQube Eclipse plugin .......................................................................................................23 6.3 Linking a Project to One Analyzed on a SonarQube Server .......................................................................24 6.4 Working with SonarQube in Eclipse...........................................................................................................26 Run SonarQube analysis.....................................................................................................................................26 Viewing Issues using SonarQube Views in Eclipse .............................................................................................26 7. References .........................................................................................................................................................30
  • 4. @ardentlearner 4 1. INTRODUCTION This document contains all essential information required to install and configure SonarQube and execute SonarQube analysis in Maven and non-Maven projects. 1.1 SONARQUBE SonarQube™ software (previously known as “Sonar”) is an open source project for Continuous Inspection of code quality hosted at Codehaus. It is distributed under license LGPL v3. 1.2 SONARQUBE FEATURES SonarQube covers the 7 axes of code quality:  Architecture & Design  Comments  Coding rules  Potential Bugs  Duplications  Unit Tests  Complexity SonarQube can perform analysis on 25+ different languages. The outcome of this analysis will be quality measures and issues (instances where coding rules were broken). However, what gets analyzed will vary depending on the language:  On all languages, a static analysis of source code is performed (Java files, COBOL programs, etc.)  A static analysis of compiled code can be performed for certain languages (.CLASS files or jars in Java, .DLL files in C#, etc.)  A dynamic analysis of code can be performed on certain languages (execution of unit tests in Java, C#, etc.)
  • 5. @ardentlearner 5 ď‚· SonarQube is also used for Android Development. ď‚· SonarQube internally uses PMD, Findbugs, CheckStyle etc. ď‚· Integration of SonarQube with standard ALM components such as Maven, Ant, SVN, Git, Mercurial, JIRA, Mantis, Google Analytics, Piwik, Fortify etc. comes out of the box. 2. ENVIRONMENT SETUP TO USE SONARQUBE 2.1 SONARQUBE SERVER AND SONARQUBE RUNNER – SETUP  Java - Download and install latest version of Java if it is not already available.  SonarQube - Download latest version of SonarQube from http://www.SonarQube.org/downloads and unzip to desired location.  SonarQube Runner - Download latest version of SonarQube runner from http://docs.codehaus.org/display/SONAR/Installing+and+Configuring+Sonar+Runner and unzip to desired location. NOTE: SonarQube Runner is recommended as the default launcher to analyze a project with SonarQube.
  • 6. @ardentlearner 6 2.2 SONARQUBE SERVER SETUP VALIDATION 1. Start the SonarQube server using the startup script available in SONAR_HOMEbin folder. NOTE: In SONAR_HOMEbin folder, subfolders appropriate to the Operating System will be available and they will in turn contain the SonarQube server startup scripts.
  • 7. @ardentlearner 7 EXAMPLE: SONAR_HOMEbinwindows-x86-32StartSonar.bat 2. After the server starts, access the web interface of the SonarQube at http://localhost:9000/ Note: ď‚· For remote access, replace localhost with the address of the SonarQube server. ď‚· 9000 is the default port and can be changed in SONAR_HOMEconfsonar.properties ď‚· Default credentials is admin/admin
  • 8. @ardentlearner 8 2.3 ENVIRONMENT VARIABLES SETUP 1. Set a new environment variable as SONAR_RUNNER_HOME. And its value should be the unzipped path of sonar-runner zip file. Example, “C:Program Files (x86)sonar-runner-2.4” 2. Append Sonar Runner’s bin path (%SONAR_RUNNER_HOME%bin) to the environment variable “PATH”. 3. Update the global settings (database connection, server URL) by editing sonar-runner.properties file under Sonar Runner’s conf folder. <Sonar_runner_installed_directory>/conf/sonar-runner.properties
  • 9. @ardentlearner 9 3. ANALYZING A NON - MAVEN PROJECT 3.1 SETUP OF NON - MAVEN PROJECT FOR SONARQUBE ANALYSIS A sonar-project.properties file has to be placed into the root of the project folder.
  • 10. @ardentlearner 10 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 1. Prepare a similar file with content relevant to the Project to be analyzed. 2. Place the sonar-project.properties files into the root of the project folder.
  • 11. @ardentlearner 11 3.2 GENERATING AND VIEWING THE SONARQUBE REPORT 1. Ensure that the steps in Section 2 above are executed and the SonarQube server is started. 2. Go to command line and change directory (cd) to the project’s root directory and run the command [path of sonar-runner]binsonar-runner.bat 3. Upon successful execution of the above command, check the SonarQube dashboard by opening SonarQube Server’s admin page at http://localhost:9000 (default URL). Default credentials – admin/admin. 4. The project will be listed on the dashboard with the name given in sonar-project.properties file. 5. Click on the project name and explore further to view the code analysis report. A sample report is shown below: Note: The above result is only from PMD and Checkstyle execution by SonarQube. To run code coverage as well as Findbug plugins, the binary path is needed in the sonar-project.properties file.
  • 12. @ardentlearner 12 4. ANALYZING A MAVEN PROJECT 4.1 MAVEN AND ENVIRONMENT SETUP INSTALLING MAVEN Download and install Maven (with a version compatible with the SonarQube version installed) if not already installed. CONFIGURING MAVEN 1. Edit the settings.xml file located in $MAVEN_HOME/conf or ~/.m2, to set the database parameters to be used as well as the SonarQube server URL. Example: <settings> <profiles> <profile> <id>sonar</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!-- Example for MySQL--> <sonar.jdbc.url>
  • 13. @ardentlearner 13 jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8 </sonar.jdbc.url> <sonar.jdbc.username>sonar</sonar.jdbc.username> <sonar.jdbc.password>sonar</sonar.jdbc.password> <!-- Optional URL to server. Default value is http://localhost:9000 --> <sonar.host.url> http://localhost:9000 </sonar.host.url> </properties> </profile> </profiles> </settings> Note: The Maven plugin requires some additional configuration to establish a connection to the web platform, where it reports the results of the analysis – sonar.host.url and sonar.jdbc.url will help with that. Other properties, like sonar.analysis.mode, sonar.profile and sonar.dynamicAnalysis configure the plugin to gather certain statistics only. 2. Restart the SonarQube server.
  • 14. @ardentlearner 14 4.2 SETUP OF MAVEN PROJECT FOR SONARQUBE ANALYSIS 1. Go to the Maven project and edit pom.xml file adding the SonarQube plugin for the Maven version (http://docs.codehaus.org/display/SONAR/Analyzing+with+Maven) Maven3 configuration: <build> <pluginManagement> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>2.0</version> </plugin> <plugins> </pluginManagement> </build> 2. A sonar-project.properties file has to be placed into the root of the project folder.
  • 15. @ardentlearner 15 Minimum content of the sonar-project.properties file will be as follows. Sample sonar-project.properties file # Required metadata sonar.projectKey=java-sonar-runner-simple sonar.projectName=Simple Java Project analyzed with the SonarQube Runner sonar.projectVersion=1.0 # Comma-separated paths to directories of source codes to be analyzed. # Path is relative to the sonar-project.properties file. # Replace "" by "/" on Windows. # Since SonarQube 4.2, this property is optional. # If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.sources=src # Language sonar.language=java # Encoding of the source code sonar.sourceEncoding=UTF-8 a) Prepare a similar file with content relevant to the Project to be analyzed. b) Place the sonar-project.properties files into the root of the project folder.
  • 16. @ardentlearner 16 4.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS From the project root directory where the pom.xml file is also placed, execute the following command giving user/password credentials: mvn sonar:sonar Note: # The sonar:sonar goal must be executed in a dedicated mvn command mvn clean install mvn sonar:sonar # The following command may lead to unexpected issues mvn clean install sonar:sonar VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report.
  • 17. @ardentlearner 17 5. ANALYZING WITH SONARQUBE ANT TASK 5.1 INSTALLING AND CONFIGURING SONARQUBE ANT TASK The SonarQube Ant Task allows integration of SonarQube analysis into an Apache Ant build script. PREREQUISITES ď‚· Ant 1.7.1 or higher ď‚· Java 1.6 or higher SONARQUBE ANT TASK INSTALLATION Download the SonarQube Ant Task on your machine. Download Path: http://repository.codehaus.org/org/codehaus/sonar-plugins/sonar-ant-task/2.1/sonar-ant-task-2.1.jar 5.2 ANT BUILD SCRIPT CONFIGURATION Define a new sonar Ant target in your Ant build script: build.xml <project name="My Project" default="all" basedir="." xmlns:sonar="antlib:org.sonar.ant"> ... <!-- Define the SonarQube global properties (the most usual way is to pass these properties via the command line) --> <property name="sonar.jdbc.url" value="jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8" /> <property name="sonar.jdbc.username" value="sonar" /> <property name="sonar.jdbc.password" value="sonar" /> ... <!-- Define the SonarQube project properties -->
  • 18. @ardentlearner 18 <property name="sonar.projectKey" value="org.codehaus.sonar:example-java-ant" /> <property name="sonar.projectName" value="Simple Java Project analyzed with the SonarQube Ant Task" /> <property name="sonar.projectVersion" value="1.0" /> <property name="sonar.language" value="java" /> <property name="sonar.sources" value="src" /> <property name="sonar.binaries" value="build/*.jar" /> ... <!-- Define the SonarQube target --> <target name="sonar"> <taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml"> <!-- Update the following line, or put the "sonar-ant-task-*.jar" file in your "$HOME/.ant/lib" folder --> <classpath path="path/to/sonar/ant/task/lib/sonar-ant-task-*.jar" /> </taskdef> <!-- Execute the SonarQube analysis --> <sonar:sonar /> </target> ... 5.3 GENERATING AND VIEWING THE SONARQUBE REPORT RUN SONARQUBE ANALYSIS Run the following command from the project base directory to launch the analysis: ant sonar
  • 19. @ardentlearner 19 VIEWING THE SONARQUBE REPORT 1. Upon successful execution of the mvn sonar:sonar command, check the SonarQube dashboard by opening SonarQube Server admin page http://localhost:9000 (default URL). Default credentials – admin/admin. 2. The project will be listed on the dashboard with the name given in sonar-project.properties. 3. Click on project name and explore further to view the code analysis report. 6. ANALYSIS USING SONARQUBE ECLIPSE PLUGIN The SonarQube Eclipse Plugin provides a comprehensive integration of SonarQube in Eclipse for Java, C/C++ and Python projects. 6.1 INSTALLING SONARQUBE ECLIPSE PLUGIN ď‚· If a previous version of SonarQube Eclipse plugin is already installed, you can update it. Go to Help > Check for Updates. ď‚· To install SonarQube Eclipse plugin in Eclipse IDE: 1. Go to Help > Eclipse Marketplace... and search for "SonarQube"
  • 20. @ardentlearner 20 This should display the list of available plugins and components:
  • 21. @ardentlearner 21 Or Go to Help > Install New Software... This should display the Install dialog box. Paste the Update Site URL (http://dist.sonar-ide.codehaus.org/eclipse/ the latest version or http://dist.sonar-ide.codehaus.org/eclipse-archives/ for previous ones) into the field Work with and press Enter. This should display the list of available plugins and components:
  • 22. @ardentlearner 22 1. Check the SonarQube components to install. 2. Click Next. Eclipse will then check to see if there is any issue which would prevent a successful installation. 3. Click Finish to begin the installation process. Eclipse will then download and install the necessary components. 4. Once the installation process is finished, Eclipse will ask if you want to restart the IDE. It is strongly recommended that you restart the IDE.
  • 23. @ardentlearner 23 6.2 CONFIGURING SONARQUBE ECLIPSE PLUGIN ď‚· A project should have been already created and configured with SonarQube server in order to start analyzing it with SonarQube in Eclipse. ď‚· The SonarQube server connection should be established before attempting to run the analysis. This can be ensured by testing the Server connection in Eclipse through the menu option: Windows > Preferences > SonarQube > Servers. Default server is http://localhost:9000/
  • 24. @ardentlearner 24 If the test does not return the message “Successfully connected!”, then start the SonarQube server and retest the connection using the same steps. 6.3 LINKING A PROJECT TO ONE ANALYZED ON A SONARQUBE SERVER LINKING FOR THE FIRST TIME Once the SonarQube server is defined, the next step is to link your Eclipse project with a project defined on this SonarQube server. To do so, right-click on the project in the Project Explorer, and then choose the option Configure > Associate with SonarQube
  • 25. @ardentlearner 25 A dialog appears with the SonarQube project text field. Start typing the name of the project in the text field against SonarQube project column and select it in the list box: Click on Finish. Now the project is associated to the one analyzed on the SonarQube server and the SonarQube reports can be viewed within eclipse. Note: Automatic association for Maven projects For Maven projects, the association is performed automatically.
  • 26. @ardentlearner 26 6.4 WORKING WITH SONARQUBE IN ECLIPSE RUN SONARQUBE ANALYSIS To run a new analysis, right click on the project and go to SonarQube > Analyze. Note: You can also hit Ctrl+Alt+Q wherever you are in your project to trigger a new analysis. VIEWING ISSUES USING SONARQUBE VIEWS IN ECLIPSE Four different views are available in Eclipse to browse the quality of the projects: ď‚· SonarQube Issues that list the issues on the selected component ď‚· SonarQube Issue Editor to review the issue
  • 27. @ardentlearner 27 ď‚· SonarQube Rule Description to get the detailed description of the rule that is violated ď‚· SonarQube Web Browser SONARQUBE ISSUES The SonarQube Issues view displays the list of issues of the selected component (project, module, file, etc.). To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issues. Problems and Markers views also display issues. Issues are flagged in the source code viewer. New issues (compared to the latest version on the SonarQube server) are highlighted in yellow. This allows you to focus on the new issues that you have introduced.
  • 28. @ardentlearner 28 You can add/remove/order columns, group issues (by severity, new issues only, ...), filter issues (new issues only, issues assigned to me, ...), sort (by assignee, ...). Note: "Resolved" issues are not displayed. SONARQUBE ISSUE EDITOR This view allows you to review the selected issue (add comments, confirm it, plan it, etc.) the same way you would do it through the web interface. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Issue Editor.
  • 29. @ardentlearner 29 Note: It is not possible to review new issue that you have introduced. SONARQUBE RULE DESCRIPTION This view allows you to access the detailed description of the coding rule of the selected issue. To display this view, go to Window > Show View > Other... > SonarQube > SonarQube Rule Description. SONARQUBE WEB BROWSER This view allows you to access the SonarQube web interface. This view is automatically displayed when clicking on SonarQube > Open in SonarQube server. It can also be displayed by going to Window > Show View > Other... > SonarQube > SonarQube Web Browser.
  • 30. @ardentlearner 30 7. REFERENCES 1. Compatibility matrix showing the versions compatible between SonarQube, SonarQube Ant Task, SonarQube Runner and Maven at : http://docs.codehaus.org/display/SONAR/Analyzing+Source+Code#AnalyzingSourceCode- CompatibilityMatrix 2. http://docs.codehaus.org/display/SONAR/Working+with+SonarQube+in+Eclipse