Automate code reviews using SonarCube

Posted by Anuraj on Friday, May 1, 2015

.Net ASP.Net ASP.Net MVC Code coverage CodeProject Version Control

SonarQube is an open platform to manage code quality. SonarQube is a web-based application. Rules, alerts, thresholds, exclusions, settings… can be configured online. By leveraging its database, SonarQube not only allows to combine metrics altogether but also to mix them with historical measures. More than 20 programming languages are covered through plugins including Java, C#, Javascript, CSS, Swift, C/C++, PL/SQL, Cobol, ABAP etc. This post is about installing and configuring SonarQube to review C# code.

First you need to download following applications.

Once downloaded, you need to extract the zip files, both SonarQube and SonarRunner. Sonar Qube is the server and Sonar runner is the client application which does the analysis using various plugins and updates the result back to the server. You can verify the installation by invoking the StartSonar.bat inside the C:\sonarqube-5.1\bin\windows-x86-64 folder. You will see a console window like this, if your environment is configured properly.

SonarCube - running

You can also open http://localhost:9000, to verify SonarCube is running or not.You will find something like this.

SonarCube Web Portal

You require Oracle JRE 7+. You can get the detailed system requirements from here. As mentioned earlier, you require Sonar Runner to execute the review process in the client side. You need to add the Sonar runner to the system variables, which will helps to execute sonar runner from any folder location.

Sonar Runner - System variables

You can verify Sonar runner is working or not by providing Sonar-runner -h command on commandline. If it is crashing there is some problem with your Java installation, otherwise it will printout something like this.

SonarRunner Help command

You require various plugins to do analysis. You can install the plugins either using the web portal or you can download the plugins and copy the files to C:\sonarqube-5.1\extensions\plugins folder. To install plugins via Web Portal, you need to login to SonarQube as administrator (Default credentials are admin/admin), Click on Settings < System and under System select Update Center.

SonarCube - Update Center - Available Plugins

It will display the already installed plugins, and you can install new plugins from available plugins tab. You may need to restart the SonarQube server to complete the installation.

SonarCube - Restart the server after plugin installation

You have completed the environment setup to do the code review. You require a “sonar-project.properties” file for each solution. This file will need to exist in the folder from which you execute the sonar-runner. Here is the minimal sonar-project.properties file.

# must be unique in a given SonarQube instance
sonar.projectKey=my:project
# this is the name displayed in the SonarQube UI
sonar.projectName=My project
sonar.projectVersion=1.0
 
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# Since SonarQube 4.2, this property is optional if sonar.modules is set. 
# If not set, SonarQube starts looking for source code from the directory containing 
# the sonar-project.properties file.
sonar.sources=.
 
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8

You can the analysis by executing sonar-runner command.

SonarRunner - Analysis Completed

Once the analysis completes, you can see the analysis results in the Sonarcube webportal.

SonarCube Analysis Results on WebPoral

In the next post I will cover how to configure ReSharper and StyleCop for C# code analysis.

Happy Programming. :)



Did you like this article? Share it with your friends

Facebook Twitter Google+ LinkedIn Reddit StumbleUpon



MVP
Subscribe


Copyright © 2017 - Anuraj P. Blog content licensed under the Creative Commons CC BY 2.5 | Unless otherwise stated or granted, code samples licensed under the MIT license. This is a personal blog. The opinions expressed here represent my own and not those of my employer. Hosted with ❤ by GitHub