For developers, ensuring efficient and quality source code is a prime responsibility. Moreover, generating the quality report of the source code is required as well. SonarQube is a Code Quality Assurance tool that collects and analyzes source code and provides reports on the source code quality of our project. It is usually a static code analyzer tool on the server side and is now considered as most useful in writing efficient and quality code. It is utilized for easy bug fixes as well. We should have SonarQube running on a local host or server.
Table of Contents
What is SonarQube?
SonarQube is an open-source framework developed by SonarSource. SonarQube is available for free under the GNU Lesser General Public License. Currently, it offers reports on duplicated code, code coverage, code complexity, coding standards, comments, unit tests, bugs, and security recommendations.
SonarQube offers support for the 20 programming languages including Java, Swift, Python, JavaScript, C, C++, C#, TypeScript, and Go.
Why use SonarQube?
SonarQube is one of the highly recommended application security testing solutions, trusted by developers worldwide. For the developers, it provides an all-inclusive listing of errors and bugs in source code as per the coding standards. We can write our custom standards as well.
SonarQube increases productivity by enabling development teams to detect duplication and redundancy of the code. It reduces the cost of maintenance, application size, code complexity & saves time. Besides, it makes code easier to read and understandable.
SonarLint V/S SonarQube:
Now, let’s understand the difference between SonarLint and SonarQube, both are the products of SonarSource.
Both SonalLint and SonarQube depend on the same analyzers for static source code; most of which are written using SonarSource technology.
Generally, the SonarLint plugin is used for our source code quality check, the plugin is inbuilt and available with the Android Studio IDE. We need to install that plugin. In SonarQube, It will give our code base a 360-degree view of the quality. It is a Central server that performs a full analysis of the project.
Below are the key differentiators of SonarLint & SonarQube
SonarLint:
- SonarLint works more like a plugin and exists only in the IDE (IntelliJ, Visual Studio and Eclipse).
- We use SonarLint at the developing stage only, we can’t generate the quality report using this.
- It aims to provide immediate feedback as you type in your code.
- It is an agent that allows us to connect with SonarQube and execute the analysis remotely.
- It focuses on what code you add or update for this function.
- SonarLint does not perform scans with 3rd party analyzers.
SonarQube:
- Developers can generate the Quality report using SonarQube easily.
- SonarQube is a central server that performs full analysis (This is managed by the different SonarQube scanners).
- SonarQube periodically analyzes all of the source lines of your project.
- SonarQube gives a vision of the quality of the complete project code base.
- SonarQube majorly performs scans with 3rd party analyzers such as style corp, findBugs, check style, and PMD.
SonarQube integration with Android Studio:
Now comes the SonarQube integration which includes two major steps-
- SonarQube Android Studio – (IDE) related changes.
- SonarQube Local server setup-related things.
For Integrated Development Environment (IDE), software and app developers need to follow below steps:
- Install Sonar Plugin in IDE (Android Studio).
- Go to File –> Settings –> Plugins —> install the Sonar plugin.
- Next, you need to add the Project, Module level dependencies like below:
At the module level, we can set the credentials as per preference for the local server. By default, admin is set for both username and password. In the properties, we can define custom properties based on the project requirements.
For Local Server Setup, we need to follow these steps:
- Download SonarQube from the official site, here is the link. After a successful download, we will get a SonarQube Zip folder. This folder is supported by all kinds of OS-level machines like Windows, Mac, and Linux. Here, I am using a Windows OS machine.
- Unzip the folder and then open the wrapper class file. This file is available in the path below, SonarQube Unzip folder—> Conf –> Wrapper. Now, set the JDK (11.0) path of your system.
- Start the sonar window batch file. Now, you will have to follow the below path- SonarQube Unzip folder —> bin —> Select your machine OS (In my case windows) –>Start Sonar
- You may see the status of the Sonar when it is getting started. Once the server is up you may see the SonarQube is up message in cmd.
Once the Sonar is up, go to the Browser and open the default local host with the port 9000 (localhost:9000). If everything is done successfully you should analyze your project code and generate the quality report as well.
To Generate the Quality report, you should import the project to Server. You can import the Project from IDE or Through Cmd. If you want to import the project from cmd execute the below command, gradlew sonarqube -Dsonar.host.url=http://localhost:9000.
After executing the above command successfully without any errors you will see the project is imported into the local server and you may generate the quality
report if needed.
Commonly Faced Issues:
Below are the common challenges while working with the SonarQube:
- Unable to start the Sonar
We might get this issue due to the following reasons-
1. JDK Path Setup
2. Already started Sonar and JVM is still running in the background. - Sometimes we may not be able to generate the report of our project.
How to Overcome SonarQube Challenges
- Please check the JDK version and the Path Setting in the wrapper class file as well as Env Variables.
- If you already started Sonar and killed the process on the command prompt, your JVM would still be running in the background. Kill the Java process and try again. To avoid JVM background running, prefer the stop sonar service once you are done with the sonar. You can close the sonar smoothly using this shortcut (ctrl+c).
- Sometimes you may also get a previous report and not be able to generate the new report. In that case, please remove the existing project from the server and try to import the same again.
Conclusion:
The prime goal of SonarQube is to empower developers’ quality and security of code point of view. However, using SonarQube facilitates code quality control and decreases the number of real and potential bugs that arise. With this solution, developers should focus more on the desired business outcomes instead of checking code quality and all. I have tried to compile all the details on sonarqube integration with Android Studio in this blog. If you have any other query regarding this, do connect now!
