Write better code with SonarQube

In this blog post I introduce a SonnarQube, a static code analytic tool, which can help you write more secured, less buggy and cleaner code. I show how to run it and play around with it.

SonarQube

To learn about all its features let’s install it and check on some of my project. Therefore you need to have an instance of SonarQube Community Edition up and running on your local machine.

Prerequisites

In order to follow my instructions you will need install:

Docker Compose

Once you’ve got installed all prerequisites we can move to setting up the SonarQube Docker container. I would like to use sonarqube:7.9-community Docker image, but there are also two additional things that I would like to configure:

  • I would like to enable SonarQube Server configuration with sonar.properties file.
develop-env/
├─ docker-compose.yml
└── sonar/
├── Dockerfile
└── sonar.properties
FROM sonarqube:7.9-communityCOPY sonar.properties /opt/sonarqube/conf/
sonar.junit.reportPaths=target/surefire-reportssonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml
$ docker-compose up -d

Maven configuration

Once we have SonarQube Server up and running let’s enable our projects to be able to generate reports that than can be consumed by SonarQube Server.

Project’s POM config

After setting up the global configuration of Maven you can go to your project.

Running the analysis

Everything should be set up now, so let’s run our first analysis!

$ mvn clean verify sonar:sonar
<properties>
<!--- Other properties --->
<sonar.exclusions>
**/model/**,**/config/**,**/KanbanApplication.java
</sonar.exclusions>
</properties>
$ mvn clean verify sonar:sonar

References

Java Software Developer, DevOps newbie, constant learner, podcast enthusiast.