training material sonar v1

Training MaterialSonar

11th October 2013By Shinu Suresh

Agenda

• Introduction• Sonar Portal• Statistics• Navigation• Violations

Introduction

• A platform to manage code quality• Free, Open source, LGPL web based portal• Aggregates will know Code Review tools

• Static Analysis – PMD, Findbugs, Checkstyle• Duplicate Code – (Squid, CPD)• Code Coverage – (Cobertura, JaCoCo)

• Easy to integrate with Jenkins build

Sonar Portal

Sonar Basic Statistics

Quality Index

• Derived based on 4 pillarsQuality Index = 10 - 4.5 * Coding - 2 * Complexity - 2 * Coverage - 1.5 * Style

• Coding• Checks for PMD compliance. Rule applied is

Coding = (Blocker * 10 + Critical * 5 + Major * 3 + Minor + Info) / (Lines of Code - Duplicated Lines)

• Complexity• Checks for method complexities. Rule applied is

Complexity = (Complexity>30 * 10 + Complexity>20 * 5 + Complexity>10 * 3 + Complexity>1) / (Lines of Code - Duplicated Lines)

• Coverage• Coverage of Unit Tests

• Style• Check style compliance index. Rule applied isStyle = (Errors * 10 + Warnings) / (Lines of Code - Duplicated Lines) * 10

Size Metrics

• Lines of Code• Classes• Packages• Methods• Accessors

Complexity

• Cyclomatic Complexity• Method• Class• File

Complexities over 10 will be flagged

Rules Compliance

• Issues• Rules Compliance• Issue Types

Duplications

• Analyses duplications with in• Class File• Project• Multiple Projects

Navigation

Navigating to Issue Drill down

Navigating to Specific file

Violations

Violations - Examples

Violations – Examples Cont

Managing Violations

• For Each violation You Can• Comment• Change its severity• Declare it as a false-positive• Assign it to someone• Assign it to an action plan

Unresolved issues in Project

What now

• What to Start With• Check violations for your project• Remove duplicate code• Improve test coverage