Is your code really that good? Let's check it with SonarQube

SonarQube is a universal tool for static code analysis. Keeping code clean, code coverage, simple and easy to read is also a lot easier with it.

Is your code really that good? Let's check it with SonarQube

Preface

Hello everyone, my name is Long, I'm a young software developer.
A few years ago, when I was just starting my career as a software developer, I had a lot of trouble with optimizing and improving code quality. This has led me to receive a lot of criticism from my superiors and myself. Sometimes I ask myself, "Is my code good enough?". I was joined in an outsourcing project in the UK, the client had very high requirements for optimization, as well as code coverage, and I was suggested to use SonarQube to do that.
I have learned and tried to apply it to the project I am participating in, this makes my code quality significantly improved, the code coverage is also improved.
That's why I wrote this blog post to introduce it to you.

"Any fool can write code that a computer can understand. Good programmers write code that humans can understand" – Martin Fowler –

Sonarqube: What it is? Why to use it?

SonarQube is a universal tool for static code analysis. Keeping code clean, code coverage, simple and easy to read is also a lot easier with it.

Capture_v2-1

What is SonarQube?

SonarQube is an open source platform developed by SonarSource for continuous code quality testing.
Sonar performs static code analysis, providing a detailed report on bugs, code smells, security holes, code duplication, and test code coverage.
Capture2
It supports over 27 major programming languages through its built-in rule sets and can also be extended with various plugins. See more...

Benefits of SonarQube:

  1. Sustainability - Reduces complexity, possible vulnerabilities, and code duplications, optimising the life of applications.
  2. Increase productivity - Reduces the scale, cost of maintenance, and risk of the application.
  3. Quality code - Code quality control is an inseparable part of the process of software development.
  4. Detect Errors - Detects errors or smell code in the each file and alerts developers to fix them automatically before submitting them for output.
  5. Increase consistency - Determines the code criteria are breached and enhances the quality.
  6. Code coverage rate statistics - Code coverage ratio calculation based on unit tests.
  7. Enhance developer skills - Regular feedback on quality problems helps developers to improve their coding skills.

Why to use SonarQube?

While there are many tools to improve code quality, if I were to choose the most appropriate for it, it would definitely be SonarQube. Why not? The developer team has developed SonarLint plugins on several IDEs such as: VS code, IntelliJ IDEA, Eclipse, .. it will help you quickly apply the utilities it brings right on the IDE.
In addition, you can build a sonarQube server yourself on your local side to scan code and check errors easily.

Also you can see more about Sonarlint. Here
SonarLint is an IDE extension that helps you detect and fix quality issues as you write code.

Getting started!

This section will explain the steps or procedures to configure the sonarqube plugin for all the major programming languages.

Prerequisites:

  • Oracle JRE 11 or OpenJDK 11
  • 2GB RAM and does not support 32-bit systems

Install:

Download LTS version of sonarqube(download)

Configuration:

We can configure properties on conf/sonar.properties

  • database
  • host, port
  • user, password
  • update JDK, JRE version used

You can see more here

Run Sonarqube server

Step 1: To start the sonar server open cmd or terminal and set sonarqube bin folder path and choose the platform and run the following command:

For Windows(cmd):
C:\sonarqube\bin\windows-x86-64>StartSonar.bat
For other OS (terminal): 
C:\sonarqube\bin\[OS]>sonar.sh

capture3

Once the sonar server up successfully, then Log in to http://localhost:9000 with System Administrator credentials (default: login=admin, password=admin).

sonarQubeServer-1

Step 2: Creating a new Project or Configing a existing Project
I will use an existing gradle project as an example:

  1. Add plugin id("org.sonarqube") for build.gradle.kts or build.gradle file
  2. Add command to this file:
sonarqube { 
    properties { 
        property("sonar.sourceEncoding", "UTF-8") 
    } 
} 

You can see more properties that need to be configured here

Finally, run cmd: gradle sonarqube
reopen link http://localhost:9000

Conclusion

SonarQube's goal is first and foremost to empower developers and develop an open community for code quality and security.
Hopefully my sharing will help you know more about SonarQube and maybe from there, you can improve your code quality if you apply it to your code reviews.
Please leave a comment if you are interested or want to contribute your opinion about this blog post.

Thanks for watching.