Improving Code Quality with SonarQube

For a developer, nothing is more important than improving the quality of the code. You probably had this experience that when a project was growing bigger and bigger, you had to spend more time debugging code for inspecting issues – memory leak, null pointer and so on. SonarQube is a tool that helps developers check and analyze code quality. It also integrated with some popular IDEs like Visual Studio, Eclipse, and IntelliJ IDEA.

Download

In the download page, you can get SonarQube and related tools.

  • SonarQube: the platform.
  • SonarQube Scanners: scan and analyze code.
  • SonarQube Plugins: code analyzers, integration, SCM engines, visualization and etc.
  • SonarLint: extension for IntelliJ IDEA, Eclipse, Visual Studio, VS Code and Atom.

SonarQube License

There are four SonarQube editions: Community Edition, Developer Edition, Enterprise Edition, and Data Center Edition. Only Community Edition is free. No doubt, the programming language coverage is the first thing we care.  Let’s take a look.

Community Edition

SonarQube community

Developer Edition

SonarQube developer

Enterprise Edition and Data Center Edition

SonarQube enterprise

If you are a C++ developer, the Community Edition is apparently not enough for you.

Analyzing Code Quality with SonarQube

Run SonarQube

Download and extract the package of SonarQube 6.7.2 or SonarQube 7.0.

Add sonarqube-6.7.2\bin\windows-x86-64 to system path.

Download and extract the package of SonarQube Scanner.

Add sonar-scanner-3.0.3.778-windows\bin to system path.

Run SonarQube in command line tool.

SonarQube start

Open localhost:9000 in your web browser. Login the page (username: admin, password: admin).

SonarQube login

Install plugins

Click Administration > Marketplace to see which edition you are using and what plugins you can install.

SonarQube marketplace

To install plugins manually, download jar files and copy them to sonarqube-7.0\extensions\plugins directory, and then restart SonarQube.

Assume you need to install a C++ plugin, you can do as follows.

Online

SonarQube c++ plugin

Offline

SonarQube extension

Check the code on the fly

When writing code, we’d better avoid writing low-quality code. In Visual Studio Code, we can install SonarLint extension to find code problem in real-time.

SonarQube vscode

SonarQube Example: analyze an Android projects

Create a configuration file sonar-project.properties in the root directory of the project and run sonar-scanner.

If you follow the official tutorial to create the configuration file, you will get the error message when running.

SonarQube error

Add sonar.java.binaries to the configuration file:

# must be unique in a given SonarQube instance
sonar.projectKey=dynamsoft:barcode
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=Barcode
sonar.projectVersion=4.2
 
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set. 
sonar.sources=.
 
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
sonar.java.binaries=.

Once the scanning is done, open http://localhost:9000/dashboard?id=dynamsoft%3Abarcode to view the analysis report.

SonarQube code quality

Now you can optimize your code referring to the report.