training material sonar v1
DESCRIPTION
Presentation on SonarTRANSCRIPT
Training MaterialSonar
11th October 2013By Shinu Suresh
Agenda
• Introduction• Sonar Portal• Statistics• Navigation• Violations
Introduction
• A platform to manage code quality• Free, Open source, LGPL web based portal• Aggregates will know Code Review tools
• Static Analysis – PMD, Findbugs, Checkstyle• Duplicate Code – (Squid, CPD)• Code Coverage – (Cobertura, JaCoCo)
• Easy to integrate with Jenkins build
Sonar Portal
Sonar Basic Statistics
Quality Index
• Derived based on 4 pillarsQuality Index = 10 - 4.5 * Coding - 2 * Complexity - 2 * Coverage - 1.5 * Style
• Coding• Checks for PMD compliance. Rule applied is
Coding = (Blocker * 10 + Critical * 5 + Major * 3 + Minor + Info) / (Lines of Code - Duplicated Lines)
• Complexity• Checks for method complexities. Rule applied is
Complexity = (Complexity>30 * 10 + Complexity>20 * 5 + Complexity>10 * 3 + Complexity>1) / (Lines of Code - Duplicated Lines)
• Coverage• Coverage of Unit Tests
• Style• Check style compliance index. Rule applied isStyle = (Errors * 10 + Warnings) / (Lines of Code - Duplicated Lines) * 10
Size Metrics
• Lines of Code• Classes• Packages• Methods• Accessors
Complexity
• Cyclomatic Complexity• Method• Class• File
Complexities over 10 will be flagged
Rules Compliance
• Issues• Rules Compliance• Issue Types
Duplications
• Analyses duplications with in• Class File• Project• Multiple Projects
Navigation
Navigating to Issue Drill down
Navigating to Specific file
Violations
Violations - Examples
Violations – Examples Cont
Managing Violations
• For Each violation You Can• Comment• Change its severity• Declare it as a false-positive• Assign it to someone• Assign it to an action plan
Unresolved issues in Project
What now
• What to Start With• Check violations for your project• Remove duplicate code• Improve test coverage