You are previewing Sonar Code Quality Testing Essentials.
O'Reilly logo
Sonar Code Quality Testing Essentials

Book Description

"

Achieve higher levels of Software Quality with Sonar with this book and ebook.

  • Take full advantage of the Sonar platform and its visual components to track code quality and defects.

  • Create step by step software quality profiles that match your needs

  • Real world examples that use Sonar efficiently to assess quality and improve Java code

In Detail

Sonar is an open source platform used by development teams to manage source code quality. Sonar has been developed with this main objective in mind: make code quality management accessible to everyone with minimal effort. As such, Sonar provides code analyzers, reporting tools, manual reviews, defect-hunting modules, and TimeMachine as core functionalities. It also comes with a plugin mechanism enabling the community to extend the functionality, making Sonar the one-stop-shop for source code quality by addressing not only the developer’s requirements, but also the manager’s needs.

The "Sonar Code Quality Testing Essentials" book will help you understand the different factors that define code quality and how to improve your own or your team's code using Sonar.

You will learn to use Sonar effectively and explore the quality of your source code in the following axes:

  • Coding Standards

  • Documentation and Comments

  • Potential Bugs and Defects

  • Unit Testing Coverage

  • Design and Complexity

Through practical examples, you will customize Sonar components and widgets to identify areas where your source code is lacking. The book goes down to proposing good practices and common solutions that you can put to use to improve such code.

You will start with installing and setting up a Sonar server and performing your first project analysis. Then you will go through the process of creating a custom and balanced quality profile exploring all Sonar components through practical examples. After reading the book, you will be able to analyze any project using Sonar and know how to read and evaluate quality metrics.

Hunting potential bugs and eliminating complexity are the hottest topics regarding code quality. The book will guide you through the process of finding such problematic areas, leveraging and customizing the most appropriate components. Knowing the best tool for each task is essential. While you improve code and design through the book, you will notice that metrics go high and alerts turn green. You will use the Time Machine and the Timeline to examine how your changes affected the quality.

"Sonar Code Quality Testing Essentials" will enable you to perform custom quality analysis on any Java project and quickly gain insight on even large code bases, as well as provide possible solutions to code defects and complexity matters.

"

Table of Contents

  1. Sonar Code Quality Testing Essentials
    1. Sonar Code Quality Testing Essentials
    2. Credits
    3. About the Author
    4. About the Reviewers
    5. www.PacktPub.com
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
    6. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    7. 1. An Overview of Sonar
      1. What is Sonar
        1. How it works
        2. What makes Sonar different
        3. Sonar in the lifecycle
      2. Features of Sonar
        1. Overview of all projects
        2. Coding rules
        3. Standard software metrics
        4. Unit tests
        5. Drill down to source code
        6. Time Machine
        7. Maven ready
        8. User friendly
        9. Unified components
        10. Security measures
        11. Extensible plugin system
      3. Covering software quality on Seven Axes
        1. How Sonar manages quality
      4. Architecture of Sonar
      5. Source code analyzers
        1. Squid
        2. Checkstyle
        3. PMD
        4. FindBugs
        5. Cobertura and Clover
      6. The Sonar community and ecosystem
        1. The SonarSource company
        2. Awards and conferences
        3. Sonar license
      7. Summary
    8. 2. Installing Sonar
      1. Prerequisites for Sonar
        1. Checking your Java installation
        2. Installing Maven on Linux
        3. Installing Maven on Windows
        4. Installing MySQL on Linux
        5. Installing MySQL on Windows
      2. Downloading Sonar
      3. Installing the Sonar web server
        1. Sonar server basic configuration
      4. Configuring MySQL
        1. Creating the database
        2. Setting up Sonar with MySQL
      5. Starting Sonar as a service
        1. Run as a service on Linux
        2. Run as a service on Windows
      6. Logging in to Sonar for the first time
      7. Securing your Sonar instance
        1. Sonar authentication and sources visibility
      8. Creating users and groups
        1. Managing project roles
      9. Backing up your data
        1. Sonar instance configuration backup
        2. Filesystem backup
        3. Backing up the MySQL sonar database
      10. Extending Sonar with plugins
        1. Installing the Useless Code Tracker plugin
      11. Upgrading Sonar from the Update Center section
        1. Checking compatibility of plugins
        2. Upgrading to latest Sonar version
      12. Summary
    9. 3. Analyzing your First Project
      1. Using a Java runner
        1. Configuring the runner
        2. Setting up a Sonar server for remote connections
        3. Configuring the project
      2. Analysis with the Sonar Maven plugin
        1. Installing Maven
        2. Configuring the Sonar Maven plugin
        3. Performing the analysis
      3. Analysis with Ant
        1. Installing Ant
        2. Configuring and running Sonar analysis task
      4. Browsing the Sonar web interface
        1. The treemap gadget
        2. Filtering your projects
        3. The "What Coverage?" filter
      5. Sonar components—an overview
        1. Dashboard
        2. Components
        3. Violations drilldown
        4. Time Machine
        5. Clouds
        6. Design
        7. Hotspots
        8. Libraries
      6. Anatomy of the dashboard
        1. Layout and widget arrangement
      7. Eliminating your first violations
        1. Unused modifier violation
          1. Modified Order violation
          2. Correctness - Repeated conditional tests
        2. Creating your first analysis event
        3. Getting visual feedback
      8. Summary
    10. 4. Following Coding Standards
      1. A brief overview of coding standards and conventions
        1. Java standards
      2. Sonar profiles, rules, and violations
        1. The Rules Compliance Index
      3. Managing quality profiles
        1. Creating a profile
        2. Associating projects to profiles
      4. Managing rules
        1. Adding a rule
        2. Configuring a rule
          1. Regular expressions
          2. Boolean expressions
          3. Token and value-based rules
        3. Backing up and restoring profiles
      5. Creating a coding standards profile
        1. Selecting the rules
        2. Naming conventions and declarations rules
          1. Declaration order
            1. Abstract class name
            2. Variable, parameter, and method names
            3. Multiple variable declarations
            4. Local home naming
            5. Variable lengths
            6. Naming - Avoid field name matching method name
            7. Naming - Suspicious equals method name
          2. Standards rules
            1. Unused imports
            2. Unnecessary final modifier
            3. Unused modifier
            4. Magic number
            5. Final class
            6. Missing constructor
            7. Abstract class without any methods
          3. Code layout and indentation
            1. Avoid inline conditionals
            2. Left Curly
            3. Paren Pad
            4. Trailing comment
            5. Multiple String literals
            6. The for loops must use braces
        3. Inspecting violations with the Radiator component
          1. Installing the Radiator plugin
        4. Watch the quality improving
          1. Configuring the Timeline widget
        5. Summary
    11. 5. Managing Measures and Getting Feedback
      1. Reviewing code
      2. Sonar manual reviews
        1. Assigning reviews
        2. Browsing reviews
      3. Configuring notifications
      4. Defining metric thresholds and alerts
        1. The Build Breaker
      5. Sonar manual measures
        1. Creating the Story Points measure
        2. Managing manual measures
      6. Quality reporting on your project
        1. Installing the PDF report plugin
        2. Getting the project report
        3. Customizing the report
      7. Getting visual feedback
        1. Timeline plugin
        2. Motion Chart plugin
          1. Bubble chart
          2. Bar chart
      8. Summary
    12. 6. Hunting Potential Bugs
      1. Potential bugs violations
        1. Dodgy code rules
          1. Use notifyAll instead of notify
          2. StringBuffer instantiation with char
          3. Use StringBuffer for String appends
          4. Constructor calls overridable method
          5. Close Resource
          6. Ambiguous invocation of either an inherited or outer method
          7. Consider returning a zero length array rather than null
          8. Method ignores return value
          9. Method does not release lock on all paths
          10. Null pointer dereference
          11. Suspicious reference comparison
          12. Misplaced null check
          13. Impossible cast
        2. Program flow rules
          1. Do not throw exception in finally
          2. Finalize does not call Super Finalize
          3. Avoid calling finalize
          4. Avoid catching NPE
          5. Method ignores exceptional return value
          6. Switch statement found where default case is missing
          7. Missing break in switch
          8. Avoid catching Throwable
        3. Security rules
          1. Class exposes synchronization and semaphores in its public interface
          2. Method returns internal array
          3. Hardcoded constant database password
      2. Installing the Violation Density plugin
      3. Integrating Sonar to Eclipse
        1. Installing the Sonar Eclipse plugin
        2. Linking an Eclipse project to Sonar server
        3. Using the Sonar perspective
      4. Summary
    13. 7. Refining Your Documentation
      1. Writing effective documentation
        1. Comments structure
          1. Javadoc block comment
          2. Javadoc line comment
        2. Javadoc common tags
      2. Documentation metrics definitions
        1. Comment lines
        2. Commented-out Lines of Code
        3. Density of Comment Lines
        4. Density of Public Documented API
          1. Monitoring documentation levels
        5. Statements
      3. Overview of Sonar documentation violations
        1. Javadoc rules
          1. Undocumented API
          2. Javadoc Method
          3. Javadoc Package
          4. Javadoc Style
          5. Javadoc Type
          6. Javadoc Variable
            1. Inline Comments Rules
          7. Uncommented Empty Constructor
          8. Uncommented Empty Method
          9. Uncommented Main
      4. Locating undocumented code
        1. Creating the documentation filter
      5. Generating documentation automatically
        1. Installing Graphviz
        2. Installing Doxygen
        3. Using the Sonar Documentation plugin
      6. Summary
    14. 8. Working with Duplicated Code
      1. Code duplication
        1. Don't Repeat Yourself (DRY)
      2. Sonar code duplication metrics
        1. Creating Duplicated Code Alert
      3. Locating duplicated code with Sonar
        1. Cross-project duplication detection
        2. Using the Radiator component to detect duplication
      4. The Useless Code Tracker plugin
        1. Tracking duplicated lines
        2. Tracking dead code
        3. Installing the Useless Code plugin
      5. Using extraction and inheritance to attack duplication
        1. The Extract Method refactoring pattern
        2. Refactoring with inheritance
      6. Summary
    15. 9. Analyzing Complexity and Design
      1. Measuring software complexity
        1. The Cyclomatic Complexity metric
      2. Cohesion and coupling
        1. Afferent coupling
        2. Efferent coupling
      3. Sonar Code Complexity metrics
        1. Boolean Expression Complexity
        2. Class Data Abstraction Coupling
        3. Class Fan Out Complexity
        4. Cyclomatic Complexity
        5. JavaNCSS
        6. Nested For Depth
        7. Simplify Boolean Return
        8. Too many methods
        9. Too many fields
        10. Avoid too complex class
        11. Avoid too deep inheritance tree
      4. The Response for Class metric
      5. Lack of Cohesion in Methods and the LCOM4 metric
        1. Exceptions to the LCOM4 metric
      6. Locating and eliminating dependencies
        1. Using the Sonar design matrix
      7. Summary
    16. 10. Code Coverage and Testing
      1. Measuring code coverage
      2. Code coverage tools
        1. Selecting a code coverage tool for Sonar
        2. Cobertura
        3. JaCoCo
        4. Clover Sonar plugin
        5. Emma Sonar plugin
      3. Code coverage analysis
        1. Statement coverage
        2. Branch/decision coverage
        3. Condition coverage
        4. Path coverage
      4. Assessing the impact of your tests
        1. Uncovered lines
        2. Uncovered branches
      5. Using the coverage tag cloud component
        1. Quick wins mode
        2. Top risk mode
        3. Where to start testing
          1. The Top risk approach
      6. jUnit Quickstart
        1. Writing a simple unit test
      7. Reviewing test results in Sonar
      8. Summary
    17. 11. Integrating Sonar
      1. The Continuous Inspection paradigm
        1. Continuous integration servers
      2. Installing Subversion
        1. Ubuntu/Debian Subversion installation
        2. Red Hat Subversion installation
        3. Installing Subversion on other Linux distributions
        4. Windows Subversion installation
      3. Setting up a Subversion server
        1. Creating a Subversion repository
        2. Subversion security and authorization
        3. Importing a project into Subversion
      4. Installing the Jenkins CI server
        1. Ubuntu/Debian Jenkins installation
        2. Redhat/Fedora/CentOS Jenkins installation
        3. Windows Jenkins installation
      5. Configuring Jenkins
        1. JDK configuration
        2. Maven configuration
        3. Repository configuration
        4. E-mail server configuration
        5. Securing Jenkins
      6. Creating a build job
        1. Cron expression and scheduling
      7. Installing the Sonar plugin
        1. Building and monitoring your project
      8. Summary
    18. A. Sonar Metrics Index
      1. Sonar metrics
        1. Complexity metrics
        2. Design metrics
        3. Documentation metrics
        4. Duplication metrics
        5. General metrics
        6. Code Coverage and Unit Test metrics
        7. Rules Compliance metrics
        8. Size metrics
        9. Management metrics