SonarQube for Automated Code Review

SonarQube is a fantastic piece of software which lets you code review in an automated way. As per wikipedia SonarQube (formerly Sonar^[1]) is an open source platform for continuous inspection of code quality.

Its a really nice tool, a single developer can use it to perform automated code review on his code prior to code review by his lead. Additionally it can also be used to review the code with statistics saved in database by usine SonarQube Runner which will be demonstrated later in this tutorial as well.

First go to http://www.sonarqube.org/downloads/ & download the latest edition, in my case it was sonarqube-5.1.2.zip.

extract it to some location, I extracted it to /optI will add sonar binary to the path so that I can run it from anywhere. Choose the right executable file, I selected executable file in bin/linux-x86-64 because I am running a Ubuntu OS 64 bit. Open the .bashrc file
sudo gedit /home/asad/.bashrc
Add following 2 lines at the end
export SONARQUBE_HOME=/opt/sonarqube-5.1.2/
export PATH=$SONARQUBE_HOME/bin/linux-x86-64:$PATH
Save the contents and then start SonarQube by issuing command
sonar.sh start
Verify that SonarQube started properly by accessing http://localhost:9000 Login and browse different areas of the interface. More importantly go to Settings> System > Update Center and then Plugins, here you can install different plugins which will be helpful in code reviewNext you need to Install SonarQube in eclipse as well. Open Market and search for it then press InstallI have selected following components/features of the plugin which suits me for Java code reviewPress confirm and then eclipse will start installing the pluginA security warning will be shown, Press Ok to ignore itIt will ask for the restart, then restart eclipse. If you don’t see views related to Sonar as shown below then you need to select themIn eclipse go to Window > Show View > Other ..

Select following 2 views under SonarQubeNext Go to Window > Preferences > SonarQube and edit the server thereInsert the right credentials, in my case they were default admin/admin as I have not changed them in SonarQube

Now you need to add SonarQube nature to your project. You can do so by Right clicking on project and selecting Configure > Associate with SonarQubeYou will be presented by following window. It means that you need to define a remote Project in SonarQube then this local project will be associated with that remote project

Login as Admin in SonarQube and Go to Settings > System > ProvisioningClick on Create linkMention Key and Name. Click Create Project

Now type in the Name of the SonarQube Project (If it does not work then restart eclipse and try to associate it again)Once Project is associated with SonarQube, you can Analyze the project as follows

After Analysis Issues will be listedClicking on any issue will take you to the line of the file where this problem is reported.Now you can fix these problems.

A better approach is to analyze your project with SonarRunner which dumps the statistics in the database. We will download SonarRunner and configure it to use MySql database, after analysis it will dump the results in database. We will configure our Sonar web interface to point to the MySql database so it can fetch results from there and present the user with these issues in a presentable view. First we will stop the Sonar and create the database and configure sonar to use our created database.
Stop Sonar by issuing command
sonar.sh stop

Next Create a database sonar_analysis_db in MySql

Create a user by command
GRANT ALL ON sonar_analysis_db.* TO 'sonar_user' IDENTIFIED BY 'sonar_userpassword' WITH GRANT OPTION;
Now modify SonarQube web-application to use this databaseEdit pointed out properties.

Next download the Sonar Runner by going to http://docs.sonarqube.org/display/SONAR/Installing+and+Configuring+SonarQube+Runner and download the latest version, in my case it is sonar-runner-dist-2.4.zip. I extracted it to /optNext open the sonar-runner.properties file in conf folder and point it to the above created database so that Sonar webapp and Sonar-Runner both point to the same databaseEdit pointed out properties.

Save the file. Then again edit .bashrc to add SonarRunner to the path. Issue command

sudo gedit /home/asad/.bashrc
add following 2 lines
export SONAR_RUNNER_HOME=/opt/sonar-runner-2.4
export PATH=$SONAR_RUNNER_HOME/bin:$PATH

Next we need to create a properties file in eclipse project. Select File under General CategoryName it sonar.propertiesEdit the contents like shown below
# required metadata
sonar.projectKey=hw1-3
sonar.projectName=My ProjectName
sonar.projectVersion=1.0
# Comma-separated list of library directories
#sonar.libraries=lib/*.jar
# comma-delimited list of paths to source directories (required)
sonar.sources=main/java
# comma-delimited list of paths to test source directories (optional)
#sonar.tests=testDir1,testDir2
# path to project binaries (optional)
#sonar.binaries=bin
sonar.language=java

Next we will run Sonar-Runner by moving into the directory of above created file and issuing command
sonar-runner -Dproject.settings=sonar.properties
It will take a little time and finally it will show the status of the execution.Next check SonarQube by going to its Dashboard and you will see the project

Click on the Project will take you to the Issues pointed outFurther you can install any plugin you need by login as admin and going to Settings > System > Update Center > Available Plugins

We are done here 🙂