Static Code Analysis Tool: Sonarqube

Hello my friends,

I started use Sonarqube in my projects. In this post, I will try to tell Sonarqube in windows computer.

What will we examine in this post?

  • What is Sonarqube?
  • How to install Sonarqube?
  • How to create a new project in Sonarqube?
  • How to scan .NET project with Sonarqube?
  • What is the mean of results titles in report?

First topic is What is Sonarqube. Sonarqube is static code analysis tool. It’s open source and It is support 20+ language. Let’s start examine the Sonarqube.

Now, we are starting second topic. Firstly, we will download Sonarqube tool in this link for second topic.

Screenshot 1: Download Page

We will extract setup file from zip, when download finished. The setup files are in the bin folder.

Screenshot 2: Setup Files

We will use StartSonar.bat file for the install. Location for StartSonar.bat is as follows.

Screenshot 3: StartSonar.bat location

Sonarqube will be ready for use, when the installation finished. If you see the field marked with yellow text, It’s mean your application installation finished. The screenshot is as follows.

Screenshot 4: Sonarqube installation finish

Default address is http://localhost:9000 for Sonarqube. Start page screenshot is as follows. Now, we can login our application. Firstly we are click log in button for this. This button is right side on the header.

Screenshot 5: Sonarqube start page and log in button.

Default username and password are admin for login. Now, we can start create a new project in sonarqube. Firstly, we are click Create new project button in our Projects page.

Screenshot 6: Create new project

We need to input project key ad display name for create a new project. My area is as follows.

Screenshot 7: Project key and display name

Last step before analysis, We will create a token for scan. I am usually use default values in this step. The screenshot is as follows.

Screenshot 8: Project token

My token;

Screenshot 9: Token example

Now, we will choose main language and download files. Sonarqube will use this files for scan.

Screenshot 10: Main language select and download scan files.

After downloaded package, we will add package path in environment variable list. This step is as follows.

Screenshot 11: Environment variables list update

Finally, Sonarqube is ready for scan. Firstly, we will open example project folder in command prompt screen, after then we are copy first command from dashboard page and run in command prompt. The screenshot is as follows.

Screenshot 12: First command for scan

We will open Developer command prompt, when first command finished. We will run second command in this windowd. (Developer command prompt.)

Screenshot 13: Second command for scan.

After finished second step, we will turn back to command prompt for finally step. Now, we are copy third code from dashboard page and run. Sonarqube will open results in our screen, when scan finished. My results are as follows.

Screenshot 14: Results page

Scanning finished. Now we will examine results as follows 6 title.

Quality Gate: Sonarqube have some quality gates for projects. This quality gates is consist of some metrics. I used default Sonarqube quality gate. You can create a new quality gate or change available quality gates. Quality gate is important for project because developers will write high quality code for pass the this gate. My default quality gate metrics is as follows.

Screenshot 15: Quality gate metrics

Bugs: You can see code error in this project under this title. If you click 40 (It’s for my project), you can see code errors. For example my bugs are as follows.

Screenshot 16: Bugs

If we click any bug, what can we see?

For example, I clicked first code error;

  • This bug is in wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.css file.
  • This bug created 21 hours ago.
  • This bug’s effort is 1 minutes. 
  • This bug didn’t assign any user yet. You can click not assigned and assign any people.
Screenshot 17: Bug details

Vulnerabilities: This title about security and as important as bugs. My example project didn’t have error of this category but, this detail page as like as bugs detail page.

Code Smells: This title is about maintenance and legibility. We have a 23 code smells and we need 3 hours for solved this.

Screenshot 18: Code smells

If we have a look example code smell detail;

  • This code smell is in Pages/Index.cshtml.cs file. 
  • This code smell level is Critical.
  • This code smell effort is 5 minutes. 
  • This code smell created 21 hours ago. 
Screenshot 19: Code smell details.

Coverage: This category is about tests. We didn’t write test for our test project. If we write test, we can see rate in the project.

Duplications: This category is about ratio reused rows to total rows. Result for my example project is as follows.

Screenshot 20: Dublications

See you next posts. 

Good works 🙂 

Start the Discussion!

Your email address will not be published. Required fields are marked *