Sonar’s Quality Alphabet
Posted by Patroklos Papapetrou on August 31, 2012
Sonar (by SonarSource.com) is getting more and more popular among developer teams. It’s an open source platform measuring software quality in the following 7 axes
- Architecture and Design
- Coding Rules
- Code Duplication
- Potential Bugs
- Unit Tests
If you’re a Sonar newbie then you might find this blog post very useful. On the other hand if you’re an experienced user then you can refresh your memory and what you’ve learned so far. Sonar’s Alphabet is not a user manual. It’s a reference to help you learn (and teach others) some basic terms and words used in the world of Sonar.
- A for Analysis : Sonar’s basic feature is the ability to analyse source with various ways (Maven, Ant, Sonar runner, trigger by CI system ) . You can have static and/or dynamic analysis if supported by the analyzed language.
- B for Blockers : These are violations of the highest severity. They are considered real (not potential bugs ) so fix them as soon as possible
- C for Continuous Inspection : Continuous Inspection requires a tool to automate data collection, to report on measures and to highlight hot spots and defects and yes, Sonar is currently the leading “all-in-one” Continuous Inspection engine.
- D for Differential Views : Sonar’s star feature let you compare a snapshot analysis with a previous analysis. Fully customizable and dynamic makes continuous inspection a piece of cake.
- E for Eclipse. If you’re an Eclipse fan then did you know that you can have most of Sonar’s features in your IDE without leaving it. If not then you should give a try the Sonar’s Eclipse plugin.
- F for Filters : Filters are used to specify conditions and criteria on which projects are displayed. They can be used in dashboards or in widgets that require a filter.
- G for Global Dashboards : Global dashboards are available at instance level and can be accessed through the menu on the left. One of those global dashboards is set as your home page.Any widget can be added to a global dashboard. Thus, any kinds of information from a project or from the Sonar instance can be displayed at will.
- H for Historical Information : Knowing the quality level of your source code in a specific time instance is not enough. You need to be able to compare it with previous analysis. Sonar keeps historical information that can be viewed with many ways such as Timeline widget, Historical table widget or metric tendencies.
- I for Internationalization : Sonar (and some of the open source plugins) supports internationalization. It’s available in 7 languages.
- J for Jenkins : Although jenkins is not a term of Sonar, you’ll read it in many posts and articles. A best practice to run Sonar analysis and to achieve Continuous Inspection is to automate it by using a CI server. Sonar folks have created a very simple, still useful plugin, that integrates Sonar with Jenkins
- K for Key : If you want to dive in Sonar’s technical details or write your own plugin then don’t forget that most of core concepts are identified by a key ( project key, metric key, coding rule key etc. )
- L for Languages : Sonar was initially designed to analyze Java source code. Today, more than 20 languages are supported by free or commercial plugins.
- M for Manual Measures : You can even define your own measures and set their values when automated calculation is not feasible ( such as team size, project budget etc. )
- N for Notifications : Let Sonar sends you an email when
- Changes in review assigned to you or created by you
- New violations on your favorite projects introduced during the first differential view period.
- O for Opensource : Sonar core as well as most of the plugins are available in CodeHaus or GitHub.
- P for plugins. More than 50 Sonar plugins are available for a variety of topics. New languages, reporting, integration with other systems and many more. The best way to Install / update them through the Update Center.
- Q for Quality Profiles. Sonar comes with default Quality profiles. For each language you can create your own profiles or edit the existing ones to adjust sonar analysis according to your demands. For each quality profile you activate/deactivate rules from the most popular tools such as PMD, FindBugs, Checkstyle and of course rules directly created by Sonar guys.
- R for Reviews : Code Reviews made easy with Sonar. You can assign reviews directly to Sonar users and associate them with a violation. Create action plans to group them and track their progress from analysis to analysis.
- S for Sonar in Action book. The only Sonar book that covers all aspects of Sonar. For beginners to advanced users even for developers that want to write their own plugins.
- T for Testing : Sonar provides many test metrics such as line coverage, branch coverage and code coverage. It’s integrated with most popular coverage tools (jacoco, emma, cobertura, clover). It can show also metrics on integration tests and by installing opensource plugins you can integrate it with other test frameworks ( JMeter, Thucycides, GreenPepper etc.)
- U for User mailing list. Being an active member of this list I can assure you that you can get answers for all your issues and problems.
- V for Violations : A very popular term in Sonar. When a source code file (tests files apply also) doesn’t comply with a coding rule then Sonar creates a violation about it.
- W for Widgets : Everything you see in a dashboard is a widget. Some of them are only available only for global dashboards. You can add as many as you want in a dashboard and customize them to fit your needs. There are many Sonar core widgets and usually plugins may offer some additional widgets.
- X for X-ray : You can consider Sonar as your x-rays glasses to actually see IN your code. Nothing is hidden anymore and everything is measured.
- Y for Yesterday’s comparison : One of the most common differential views usages is to compare the current analysis snapshot with the analysis triggered yesterday. Very useful if you don’t want to add up your technical debt and handle it only at the end of each development cycle.
- Z for Zero values : For many Sonar metrics such as code duplications, critical/blocker violations, package cycles your purpose should be to minimize or nullify them that means seeing a lot of Zero values in your dashboard.
When I was trying to create this alphabet in some cases/letters I was really in big dilemma which word/term to cover. For instance the Sonar runner, which is not mentioned above, is the proposed and standard way to analyze any project with Sonar regardless the programming language.
If you think that an important Sonar term is missing feel free to comment and I’ll adjust the text.