SonarQube in Java
SonarQube is an open-source static testing analysis software. Developers use it to manage source code quality and consistency. Some of the code quality checks are:
It is a debugging method that examines source code before the program is run, that is, testing the code without executing it. It does so by analyzing the code against a pre-set of coding rules and ensuring that it conforms to the guidelines.
The developer writes the code, and while he is writing it, a static testing tool reads through it and then analyses it.
After it is done, if an error is found, it informs the developer about it, and then the developer can fix it right there.
Static code analysis
Many tools help in static testing and provide an analysis for better comprehension.
We previously discussed that static testing takes the code while it is being written and then analyses it.
When we take the example of SonarQube, while the developer is writing the code, SonarQube goes through the code and based on the set of already predefined rules, sees whether the testing standards are performed or not.
Static testing happens only during development, whereas in dynamic testing, the testing happens during execution.
Static testing is early testing which is not precisely done by the testers and is done by a static testing tool.
Features of SonarQube
It can work with 25 languages like Java, .NET, COBOL, PHP, Python, C++, JS, Ruby, Kotlin, and Scala.
It is used to find tricky issues, and there can be many types of challenging problems, and they are:
Initially, there are three steps for installation:
Install Doker to make the usage of Sonar easy
First, we need to open the website named sonarqube.org, and we have many options like products, what's new, documentation, community, and a download button. We can download the executables of SonarQube.
We will check the documentation part where we want to see the requirements. So, in the left panel, we have a requirements session, and in that, we have prerequisites and an overview, and it mentioned that we could either use oracle orJRE or open jdk with version 11.
We also have supported web browsers like google chrome, Microsoft edge, Mozilla Firefox, etc.
Different Components of SonarQube
On the same page that we opened above, in that click on setup and upgraded, we have an option called install server, and we can see a diagram over there which shows the different components of SonarQube and the communication between them.
We have a scanner component, a SonarQube server, and a database server. We go through each element and know about each in depth.
In the database server, we store all the metrics, issues, or analysis reports for a project. This database will show all the information on the SonarQube dashboard.
The scanner component scans our project, and these reports are sent to the SonarQube server; this scanner is included either in the build or in the continuous integration tool.
Setting up the SonarQube Server
We can download SonarQube in google chrome, and for this, we have the sonarcube.org website; and when we open that link, we have many editions like community, developer, enterprise and data center, and we use only the default one called community and click on download for free, and it will allow us to download.
When our zip file is downloaded, we must unzip that file, and then it will show us how it looks, and we have kept it in the SonarQube directory.
When we go inside the folder, we see many options like bin, conf, data, and other logs.
First, we need to edit the configuration, but before editing the configurations, we have to make sure that whatever requirements or dependencies we see are required should be there. For this, we need to have java 11 present in it.
Apart from java, we also need to have a database server. For that, we have Postgres SQL 11.
When our JDK and databases are in place, then we are good to edit the configurations.
From there, we have two different files one is the sonar property, and the other is the wrapper.conf.