Getting Ready To Static Code Analyze With Sonar-Runner (for Windows)

As a developer, I think static code analysis is very important. Our code is getting bigger day by day with the wishes of our customers. We have super time constraints and we must finish our development before strict deadlines. Because of these situations, we can skip some best practices or miss some important points like using ‘==’ instead of ‘equals()’ to compare two objects in Java.

Sonar is a free static code analyzer with different specifications. My post basicly cover working with Sonar Runner, but you can find more version in this site.

First of all you must download sonar server from here. After you download this, unzip it and locate wherever you want. You must first start sonar server when you want use sonar-runner. Under sonar-3.2.x/bin folder you can find binaries and run appropriate program for starting server.
Sonar-Server bin

Then you must download sonar-runner from this address. Sonar-runner requires JDK 1.5 or later version to run. After you unzip the download, locate sonar-runner folder to appropriate location(I directly put the folder under C:\ for example). Then you must define some environment variables. Right click to Computer and then Properties->Advanced System Settings->Advanced->Environment Variables is our path. Click new for System Variables and then supply necessary informations like below. You must change value accordingly your sonar-runner folder location and name.
Environment Variable Set
Then find the ‘Path’ system variable and click edit. Copy and Paste same value with adding \bin at the end of the line like this.
Path Environment Variable

Now we must set some properties about project that we want to analyze. Go to project root directory and create a property file called ‘sonar-project.properties’ like this.Project Root Directory
Then open the file and insert necessary properties. My property file is like(‘#’ is comment):

# required metadata
sonar.projectKey=test:prj
sonar.projectName=Sonar Test Project
sonar.projectVersion=1.0
 
# path to source directories (required)
sonar.sources=src
 
# path to test source directories (optional)
# tests=testDir1,testDir2
 
# path to project binaries (optional), for example directory of Java bytecode
# when you build the project, where the .class files are gone
binaries=bin/myproject
 
# optional comma-separated list of paths to libraries. 
# Only path to JAR file and path to directory of classes are supported.
# libraries=path/to/library.jar,path/to/classes/dir
 
 
# Uncomment this line to analyse a project which is not a java project. 
# The value of the property must be the key of the language.
# sonar.language=cobol
 
# Additional parameters
# my.property=value

Now we are ready to analyze the project. Firstly we must open sonar server from sonar-3.2.x/bin. My computer is Windows 64 bit, so I go under that folder and run the StartSonar.bat. Here is the result:
Sonar Server Running
You can check the server with connecting to http://localhost:9000/. When you type this address to your browser you will see this screen:
Sonar Login Page
Log in with usr/pswd:admin/admin and click configuration link. Make default the Sonar way with Findbugs for more detailed anaylsis.Sonar Configurations
Finally we get to the analysis part. It is actually easiest part of everything. Just go to the root directory that you’ve located ‘sonar-project.properties’ with command shell. Then run the ‘sonar-runner’ command. That’s all. Note: Your project must be builded for FindBug option.
Running Sonar-Runner
When you look at the http://localhost:9000/ it will be like this and you can dig into analysis with clicking the project name.
Sonar-Runner Result

Developers Rock!!!

About these ads
This entry was posted in Java and tagged , , , , , , , . Bookmark the permalink.

5 Responses to Getting Ready To Static Code Analyze With Sonar-Runner (for Windows)

  1. Kavita says:

    Thank you for the post, it is very easy to understand.
    please provide the detailed for using inclusions/Exclusions in SONAR.

    • Aykut Akin says:

      Hi Kavita,

      Sonar is a very sophisticated tool with a lot of different features. I only use it for static code review and as soon as I find some free time, I will try other plugins and features of Sonar. Because of my limited experiences with Sonar I can only tell you about code review features.

      You can find detailed rules for different languages from this link. Sonar basically check this pre-defined rules. Sonar can not interpret your business logic and it can not help you to create new code or understand existing code. Sonar also can not help you to define your architecture. However, you can learn best practices of your coding language and you can find more detailed error explanations with using Sonar. Sonar also calculates a lot of statistics about your code. You can see improvements of your code with Sonar using it in different stages of your project.

      If you have specific requirement, I would like to help you to investigate Sonar or other tools.

      Regards.

  2. Robson says:

    Hi thank for you explain. it’s very well detailed. but I have a problem. I can’t run the ‘sonar-runner’ command. I respected all the configurations start. Can you help me please? Thank you in advance.

    • Aykut Akin says:

      Hi,

      Please be sure that you edit ‘Path’ system variable correctly. ‘sonar-runner.bat’ file is inside SONAR_RUNNER_HOME/bin directory. You must define it in the Path system variable correctly. You can directly try to run ‘C:\sonar-runner-2.0\bin\sonar-runner’ command from the command line (I assume you put directory to there. Otherwise you must change the prefix directory). If you still can not run the command please contact with me again.

      • Robson says:

        Thank I had finally got it but the problem now is that nothing about analysis is shown in the interface. Just the name of the project but no issue. Thank for your help!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s