SonarQube (previously known as Sonar) is a very good tool for such static analysis. It was made to be used for Java language, but its popularity made it work with other languages as well now (including C, C++, C#, PL/SQL etc).
This text is about using Sonar for a Java project, and how to benefit from it.
First - download and install Sonar. It's very easy, for test purpouse you need just to unzip the package in any directory and choose the startup script according to your system. When Sonar is started you can browse to localhost:9000 to see the web interface. From it you can configure rules that you're interested in (I recommend the Sonar way with Findbugs quality profile), or browse thru projects that were analyzed to see the violations and warnings. See sonar docs to understand all the possible options and configurations.
The easiest way to analyze your java project with sonar, is to use maven. If your project is using maven, all you have to do is run
mvn sonar:sonarfrom the command line. After it is finished you can browse the project in the web console and even drill down to the code to see exactly what and where is wrong
But that's not all. Not everyone want's or has time to do it by hand. Sonar can easily integrate with hudson/jenkins CI tool. You can configure your CI job to launch sonar after each build, so developers will not spend time on launching the analysis. And the results on the web interface will be always up to date.
See Jenkins integration page for details how to set up this. Sonar also has other CI integration options. All guides can be found here.
If you dont like web interface for checking what needs to be fixed, Sonar also can be integrated into your Eclipse. Just install Sonar plugin from Eclipse marketplace, and connect it to your sonar instance. You can then retrive the last analysis from the server and view it in eclipse, or even run a local analysis from eclipse.
Brak komentarzy:
Prześlij komentarz