Analysing Android code with SonarQube
SonarQube, formerly known as Sonar, is a platform to analyze code quality. Analysis covers such aspects as code duplications, potential bugs, coding rules, complexity, unit tests, comments, and architecture & design.
It supports supports more than 20 programming languages and has a reach set of useful plugins that gives you the opportunity to inspect different aspects of the code.
What is caracteristic about SonarQube is that it comes as a platform in the form of a web application. This means that the results of the analysis will be displayed in a web page.
The installation is pretty straightforward, you have just to download an archive and extract it in a folder of your choice.
1. Go to http://www.sonarqube.org/downloads/ and download the latest release.
2. Unzip the archive
1. Go to sonarqube-4.3/bin (or whatever version you downloaded)
2. Open a corresponding folder according to your operating system (linux-x86-64 in my case). There you should see a file called sonar.sh (or StartSonar.bat for Windows)
3. Open up a terminal window and execute: sonar.sh start (or just double click StartSonar.bat on windows). This command will start sonar listening on localhost:9000.
4. Open a browser and enter localhost:9000. The sonar web page should open.
Note that it may take some time until sonar loads, so if you get “page not found” in your browser, try to refresh the page later.
Installing SonarQube Runner
There are several ways to analyse the source code and in this tutorial we will choose to analyse with SonarQube Runner, recommended as the default launcher to analyze a project.
1. Once again go to http://www.sonarqube.org/downloads/ and download SonarQube Runner
2. Extract the downloaded archive into a directory of your choise, which we will refer as: <install_directory>
3. Update global settings by editing: <install_directory>/conf/sonar-runner.properties (if you are running sonar on localhost, like in this tutorial, you don’t have to modify any settings):
#----- Default SonarQube server
#----- Microsoft SQLServer
#----- Global database settings
4. Create a new SONAR_RUNNER_HOME environment variable set to <install_directory>, so that you could invoke sonar runner from any location.
5. Add the <install_directory>/bin directory to your path.
To check that sonar runner was installed properly, open a terminal window and execute sonar-runner -h.
You should get a message like this:
usage: sonar-runner [options]
-D,--define Define property
-e,--errors Produce execution error messages
-h,--help Display help information
-v,--version Display version information
-X,--debug Produce execution debug output
Analysing source code of a project
Once the sonar runner is properly installed, we can proceed to code analysis.
1. Navigate to the root directory of your project and create a file called sonar-project.properties, which will specify the project settings such as the code source directory, language used, and the project name:
Note: for Android Studio, which follows the gradle directory structure, set the sourses as:
2. Run sonar-runner command to start the analysis.
3. Once the analysis complets, head to localhost:9000 to see the results for your project.
Removing a project from SonarQube
First login as an administrator, admin/admin default username and password.
1. Go to your project dashboard
2. In the top right corner click on Configuration -> Deletion -> Delete Project