SonarQube 5.1. Code Analysis Study. Study. Version: 1.0 Status from: 04.11.2015 09:09:00 Status: Draft Author: Karin Zölzer



Similar documents
TestLink 1.8. Test Management Tool Study. Analysis. Version: 1.0 Status of: :42:00 Status: Released Autor: Jaroslav Klimes

Appium App Automation Study. Study. Version: 1.0 Date: 4/14/2015 5:38:00 PM Status: Erstellt Author: Kai Höher, MSc

Squish 6.0. Test Automation Study. Study. Version: 1.0 Stand vom: :41:00 Status: Erstellt Author: Mohamed Mahmoud

SmartBear SoapUI 5.1

Bredex GUIdancer 4.2. Test Automation Study. Study. Version: 1.0 Stand vom: :38:00 Status: Erstellt Author: Liljana Pendovska

Neotys NeoLoad Test Automation Study. Study. Version: 1.0 Status from: :40:00 Status: Released Author: Ing.

Grinder 3.4. Test Automation Study. Study. Version: 1.0 Stand vom: :40:00 Status: Erstellt Author: Liljana Pendovska

NUnit Study. Unit Test Study. Version: 1.3 Status from: :44:00 Status: Released Authors: Ing. Jaroslav Klimes

SmartBear SoapUI 5.1

VERIFICATION AND VALIDATION AUTOMATED TESTING TOOLS CLAUDIU ADAM

HP SAP. Where Development, Test and Operations meet. Application Lifecycle Management

1.0 Hardware Requirements:

MEGA Web Application Architecture Overview MEGA 2009 SP4

How To Develop A System For A Car Dealership

Introduction to Programming Tools. Anjana & Shankar September,2010

Symbio system requirements. Version 4.x

Automation using Selenium

Sophos Mobile Control Installation guide. Product version: 3.5

Sophos Mobile Control Installation guide. Product version: 3.6

SOFTWARE TESTING TRAINING COURSES CONTENTS

Hardwarekrav. 30 MB. Memory: 1 GB. Additional software Microsoft.NET Framework 4.0.

System requirements. Java SE Runtime Environment(JRE) 7 (32bit) Java SE Runtime Environment(JRE) 6 (64bit) Java SE Runtime Environment(JRE) 7 (64bit)

Test Automation Integration with Test Management QAComplete

LoadRunner and Performance Center v11.52 Technical Awareness Webinar Training

Test Automation Tool comparison HP UFT/QTP vs. Selenium - Prashant Malhotra

CDUfiles User Guide. Chapter 1: Accessing your data with CDUfiles. Sign In. CDUfiles User Guide Page 1. Here are the first steps to using CDUfiles.

Know the Difference. Unified Functional Testing (UFT) and Lean Functional Testing (LeanFT) from HP

System Requirements for Microsoft Dynamics NAV 2016

Content. Development Tools 2(63)

Comparative Market Analysis of Project Management Systems

Benchmark Performance Test Results for Magento Enterprise Edition

This document is provided to you by ABC E BUSINESS, Microsoft Dynamics Preferred partner. System Requirements NAV 2016

inforouter V8.0 Server & Client Requirements

LDAPCON Sébastien Bahloul

System Requirements for Microsoft Dynamics NAV 2016

Kony MobileFabric. Sync Windows Installation Manual - WebSphere. On-Premises. Release 6.5. Document Relevance and Accuracy

Viewpoint. Choosing the right automation tool and framework is critical to project success. - Harsh Bajaj, Technical Test Lead ECSIVS, Infosys

FDT for Mobile Devices

This guide specifies the required and supported system elements for the application.

SOFTWARE TESTING SERVICES

System Requirements for Microsoft Dynamics NAV 2016

OnCommand Performance Manager 1.1

Continuous integration for databases using


Nanda Kishor K N. nandakishorkn@gmail.com

Professional Test Automation. The GUI Test Tool for Java and Web

DESIGN OF AUTOMATION SCRIPTS EXECUTION APPLICATION FOR SELENIUM WEBDRIVER AND TestNG FRAMEWORK

Axivion Bauhaus Suite Technical Factsheet

Cisco is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

<Insert Picture Here> Oracle Policy Automation System Requirements

SIEMENS. Teamcenter Windows Server Installation PLM

System Requirements. Microsoft Dynamics NAV 2016

MSWL Development & Tool. Eclipse IDE

Sophos Mobile Control Installation guide. Product version: 3

Jenkins: The Definitive Guide

Effective Team Development Using Microsoft Visual Studio Team System

System Requirements for Microsoft Dynamics NAV 2015

ADAM 5.5. System Requirements

What's New in BlackBerry Enterprise Server 5.0 SP4 for Novell GroupWise

Zend Server 4.0 Beta 2 Release Announcement What s new in Zend Server 4.0 Beta 2 Updates and Improvements Resolved Issues Installation Issues

A Comprehensive Review of Web-based Automation Testing Tools

WHITE PAPER. Domo Advanced Architecture

VERSION 9.02 INSTALLATION GUIDE.

Performance Management from black-art to process

System requirements. for Installation of LANDESK Service Desk Clarita-Bernhard-Str. 25 D Muenchen. Magelan GmbH

SOFTWARE TESTING PROCESSES PRESENTATION

TG Web. Technical FAQ

Quark Publishing Platform 10.2 ReadMe

TECHNICAL REQUIREMENTS

SIEMENS. Teamcenter Windows Client Installation PLM

Lab: Application Lifecycle Management (ALM) Across Heterogeneous Platforms (Java/.NET)

Exposé Ing. Jörg Pöschko


Jenkins User Conference Herzelia, July #jenkinsconf. Testing a Large Support Matrix Using Jenkins. Amir Kibbar HP

Installation, Configuration and Administration Guide

Sandesh Prasanna Kumar

<Insert Picture Here> Oracle Policy Automation System Requirements

Coding in Industry. David Berry Director of Engineering Qualcomm Cambridge Ltd

Source Code Review Using Static Analysis Tools

We ( have extensive experience in enterprise and system architectures, system engineering, project management, and

vcenter Chargeback User s Guide

System Requirements for Microsoft Dynamics NAV 2016

ORACLE BUSINESS INTELLIGENCE WORKSHOP. Prerequisites for Oracle BI Workshop

Continuous integration for databases using Redgate tools

Quark Publishing Platform 10.1 ReadMe

System Requirements for Microsoft Dynamics NAV 2013 R2

TeamCity A Professional Solution for Delivering Quality Software, on Time

Tool-Assisted Knowledge to HL7 v3 Message Translation (TAMMP) Installation Guide December 23, 2009

SQS-TEST /Professional

TEST AUTOMATION FRAMEWORK

owncloud Architecture Overview

Synchronizer Installation

Automated Process Center Installation and Configuration Guide for UNIX

Testhouse Training Portfolio

How To Write Unit Tests In A Continuous Integration

Quark Publishing Platform ReadMe

Getting Started with Attunity CloudBeam for Azure SQL Data Warehouse BYOL

Transcription:

SonarQube 5.1 Code Analysis Study Study Version: 1.0 Status from: 04.11.2015 09:09:00 Status: Draft Author: Karin Zölzer Document-ID: Classification: Internal Software Quality Lab. SWQL-SonarQube Alle Rechte vorbehalten. Druckdatum: 04.11.2015

Contents DOCUMENT INFORMATION... III General... III Document-History... III Dokument-Qualitätssicherung... III Purpose and contents of this document... III 1. INTRODUCTION... 1 1.1. Components... 1 2. CONFIGURATION... 2 2.1. Requirements... 2 2.2. Quick analysis with SonarQube Runner... 2 2.3. Install and configure SonarQube... 3 2.4. Java environment... 7 2.5. Integration in.net environment... 12 2.6. Plugins... 15 3. ANALYSIS... 16 3.1. Web frontend... 16 3.2. Seven Axes of Quality... 17 3.2.1. Bugs and potential bugs... 17 3.2.2. Coding standards... 17 3.2.3. Code duplications... 18 3.2.4. Test coverage... 19 3.2.5. Complexity... 19 3.2.6. Architecture and design... 20 3.2.7. Comments... 20 3.3. Technical debt... 21 3.4. Quality gates... 21 3.5. Differential Views... 22 3.6. Reporting... 23 3.7. Tags... 23 3.8. Issue review... 24 4. CONCLUSION... 25 5. REFERENCES... 26 Version: 1.0 vom 04.11.2015 Author: Karin Zölzer Status: Draft I / III

APPENDIX... 27 List of Pictures... 27 Version: 1.0 vom 04.11.2015 Author: Karin Zölzer Status: Draft II / III

Document information General Relation to other documents: This document is a part of the Unit Test Study by Software Quality Lab. Distribution: Document-History Version Status Date Responsible Person Reason for change / Notes Dokument-Qualitätssicherung Role Name Availability: (Org.+Tel.+e-mail) Activity Date Signature Author Karin Zölzer created Reviewer Jürgen Plasser reviewed 2015-10- 10 Release Jürgen Plasser released 2015-11- 01 Purpose and contents of this document This document contains an objective analysis of a chosen code analysis tool and should serve as a decision support in the process of acquiring a new code analysis tool. Version: 1.0 vom 04.11.2015 Author: Karin Zölzer Status: Draft III / III

1. Introduction SonarQube is an open source platform for continuous code inspection and management of code quality. It analyzes the source code with respect to different quality measures. The results are presented on a web interface. It is platform independent and published under the GNU LGPLv3 license. SonarQube itself is implemented in Java, but supports over 20 languages, including C#, C/C++, JavaScript, PHP, Python and ABAP. Those languages can be included as plugins. Most of them are freely available, however some are commercial. A number of additional plugins are offered for integrating SonarQube into your IDE and CI server. Since version 4.5 SonarQube also provides long term support versions. 1.1. Components In general, SonarQube consists of three components: 1. A webserver to provide the web frontend for the user to view results and configure SonarQube. 2. An external database for storing SonarQube configuration properties as well as code quality analysis snapshots. 3. Analyzers that perform the code analysis. There are different analyzer available, e.g. for Maven, Ant or Gradle projects. Picture 1: SonarQube components Technically it is not mandatory to install a third party database since SonarQube has an embedded database. However this should be only used for evaluation purposes. Please note that the embedded database does not scale and does not support data migration into a different database system or upgrading to a newer version. Version: 1.0 vom 04.11.2015 Autor: Karin Zölzer Status: Draft 1 / 28

2. Configuration 2.1. Requirements For the recent SonarQube version (5.1.2) the following system requirements are a prerequisite. The web server requires at least 1 GB RAM to run efficiently. Required disk space depends on the amount of code that is analyzed. The following platforms are supported by SonarQube 4.5: Java platform o Oracle JRE 7, 8 o OpenJDK 7, 8 Databases o Microsoft SQL Server 9.0 and 10.0 with bundled jtds driver (Microsoft drivers are not supported, only Express Edition) o Microsoft SQL Server 11.0 support is scheduled for Q4 2014 o MySQL 5.1 5.7 o Oracle 11G, 12C, XE Editions o PostgreSQL 8.x 9.x Web Browser: IE 9 11, Mozilla Firefox, Google Chrome, Safari 2.2. Quick analysis with SonarQube Runner This section demonstrates how you can quickly analyze a project. For this purpose the SonarQube Runner (which is the default analyzer) will be used as a simple command-line tool for analyzing source code. The following steps are necessary to analyze a simple project: 1. Download and unzip the current SonarQube distribution and the SonarQube Runner 1 2. Start the SonarQube server by executing StartSonar.bat (for windows user) or sonar.sh (for other operating systems). These files an located in the bin/<os> folder. E.g. for starting the server on a Windows 64 host execute: # change to SonarQube directory > bin/windows-x86-64/startsonar.bat 3. Analyze a project 2 by executing the SonarQube Runner in the project root directory. # change to project directory > <path to sonar runner>/bin/sonar-runner.bat 4. After successful execution the result for the analyzed project is available at http://localhost:9000. 1 http://www.sonarqube.org/downloads/ 2 Project samples (for different languages) can be found at https://github.com/sonarsource/sonar-examples/ Version: 1.0 vom 04.11.2015 Autor: Karin Zölzer Status: Draft 2 / 28

Picture 2: Result of a simple Java project analyzed with SonarQube Runner 2.3. Install and configure SonarQube This section demonstrates how to integrate SonarQube in existing project environments. We integrate SonarQube in both, a Java and a.net environment with continuous integration. Our goals are as followed: User management should not be done manually; we want to use our existing user base for authentication and authorization in SonarQube. Synchronization should be done automatically. The static code analysis should be conducted as a build step. Issues should be communicated back to the developer and displayed in the IDE. Version: 1.0 vom 04.11.2015 Autor: Karin Zölzer Status: Draft 3 / 28

Picture 3: Continuous code inspection scenario The following tools have been used: SonarQube 5.1.2 o LDAP Plugin 1.4 PostgreSQL 9.4.4 Java environment o Jenkins 1.629 with Sonar plugin 2.2.1 o Visual SVN Server 3.0.1 o Eclipse Luna 4.4.1 with SonarQube plugin 3.5 o SonarQube Runner 2.4.NET environment o SonarQube C# plugin 4.2 o SonarQube Runner for MSBuild 1.01 o Team Foundation Server 2015 o Visual Studio 2015 with VSSonar Extension 4.0.2 1. Set up a database: Create empty schema and a user for SonarQube who is granted permissions to create, update and delete objects for this schema. Depending on the DBMS you use, some custom settings are necessary. Those can be found in the database installation guide 1. 2. Configure SonarQube: a. Download and unzip the SonarQube distribution 2. 1 http://docs.sonarqube.org/display/sonar/installing#installing-installingdatabaseinstallingthedatabase 2 http://www.sonarqube.org/downloads/ Version: 1.0 vom 04.11.2015 Autor: Karin Zölzer Status: Draft 4 / 28

Thank you very much for downloading a public preview of our well known and highly appreciated tool studies. If you re interested in reading the whole document just apply here and request the document you want to read from our comprehensive set of studies already available. For further information on our tool studies visit our web site. Or, you can always use the following form to request the studies you want to read. Seite 1 von 2

Bestellformular für Tool-Studien/Order form for tool studies An/to Software Quality Lab GmbH Gewerbepark Urfahr 6 4040 Linz AUSTRIA Bitte ausgefüllt per Email an/ Please fill out and send to info@software-quality-lab.com Name/full name: Adresse/address: Firma/company: Email/email: Funktion/role: Telefon/phone: / [bitte füllen Sie die Daten vollständig und korrekt aus/please supply correct and complete data] Bestellliste/Order list [bitte kreuzen Sie die gewünschten Tools an/please select the tool studies] ALM, RM IBM Rational Requirements Composer 4.0.2 Jama Contour 3.61 NEU! Micro Focus Borland Caliber Microsoft Team Foundation Server 2013 Polarion ALM 2014 HP ALM 11 VersioneOne 13.0 Visure Solutions IRQA 4 Test Management Imbus TestBench 1.6.1 Micro Focus SilkCentral 2008 Microsoft VSTS 2010 Mozilla Testopia 2.1 Orcanos QPack 5 Polarion ALM 20121 NEU! Siemens SiTEMPPO 5.8 TestLink 1.9.12 Seapine TestTrack 2012 Static Code Analysis SonarQube 4.5 GUI Test Automation Appium 1.2.2 Bredex GUIdancer 4.2 HP UFT Professional 10 IBM Functional Tester 8.1.0.3 Microsoft VSTS 2010 QF-Test 3.5.1 NEU! Ranorex 3.3 SAP ecatt Selenium 2.0 SmartBear TestComplete 9.3 SmartBear SoapUI 5.1 Weitere Informationen auf unserer Website www.software-quality-lab.com. Embedded Systems LDRA 8.0 Razorcat Tessy 2.6 Load/Performance Apache JMeter 2.8 Grinder 3.4 HP LoadRunner 9.5 Neotys Neoload 3.0.3 SmartBear LoadUI 2.8.0 Unit Tests Google Test 1.5 JUnit 4.11 NUnit 2.5.7 Die Toolnamen und eingetragenen Warenzeichen sind Eigentum der jeweiligen Toolhersteller/Tool names are property of tool vendors. Die Studien sind grundsätzlich auf Anfrage frei erhältlich. Software Quality Lab behält sich jedoch vor, die Aufwände für gewisse Branchen und Privatpersonen in Rechnung zu stellen (z.b. Beratungsfirmen, Toolhersteller usw.) Studenten erhalten die Studie zum halben Preis/All studies are basically free, except for certain branches of industry or private persons, for whom we invoice at cost. Students get a discount of 50%. Seite 2 von 2

Tool Evaluation Center Efficient, goal-oriented and professional tool evaluation Unique in Europe What is TEC? The Tool Evaluation Center (TEC) is a neutral environment for evaluating software tools related to software development, through which you will receive a detailed, vendorindependent overview of the suitability of different tools for your software projects. Your Partner for software quality and testing Consulting Implementation Training Automation Evaluation Software Quality Lab is your competent partner in software quality and testing and one of the leading independent consulting companies in Austria. We specialize ourselves in the improvement of efficiency, quality and security in the fields of software development and system processes. All tools in TEC are up to date, installed and configured, furnished with examples and ready for demonstration. Practical work and getting to know the tools in a handson manner is also possible. Your Benefit EETime-saving: Tool selection in a few days. No time-consuming research and product requests, no installation and testing. EEPreparation of information for different target groups from technicians to the managing board. EESupport provided by specialists, ranging from requirements through to a proof of concept or a pilot project. Our services around the tool selection Tool categories in the TEC EEApplication Life Cycle Management EERequirements Management EETest Management EEGUI Test Automation EETest Data Management EEComprehensible decision criteria: Using special techniques we evaluate the tools together with you, basing on your requirements as a foundation for your investment decision. EELarge selection and direct comparison of products ranging from market leaders through newcomers to open source software and freeware. Linz / Vienna / Graz / Lustenau / Munich Requirements elicitation, Creating a list of criteria Tool review, Pre-selection of tools, Practical getting to know the tools in the TEC Workshop with 3-5 suitable tools, Proof of Concept, Planning and implementing the pilot project Integration with other tools Tools in TEC www.software-quality-lab.com Our TEC includes more then 40 installed tools from reputable manufacturer (e.g. IBM, HP, Micro Focus, Microsoft, Polarion, Siemens) as well as interesting newcomer products and alternatives from the open source area (e.g. JMeter, Selenium). Further details can be found at www.tool-evaluation.com. V. 2011-12 Software Quality Lab GmbH info@software-quality-lab.com www.software-quality-lab.com