Getting Ready To Static Code Analyze With Sonar-Runner (for Windows)

As a developer, I think static code analysis is very important. Our code is getting bigger day by day with the wishes of our customers. We have super time constraints and we must finish our development before strict deadlines. Because of these situations, we can skip some best practices or miss some important points like using ‘==’ instead of ‘equals()’ to compare two objects in Java.

Sonar is a free static code analyzer with different specifications. My post basicly cover working with Sonar Runner, but you can find more version in this site.

First of all you must download sonar server from here. After you download this, unzip it and locate wherever you want. You must first start sonar server when you want use sonar-runner. Under sonar-3.2.x/bin folder you can find binaries and run appropriate program for starting server.
Sonar-Server bin

Then you must download sonar-runner from this address. Sonar-runner requires JDK 1.5 or later version to run. After you unzip the download, locate sonar-runner folder to appropriate location(I directly put the folder under C:\ for example). Then you must define some environment variables. Right click to Computer and then Properties->Advanced System Settings->Advanced->Environment Variables is our path. Click new for System Variables and then supply necessary informations like below. You must change value accordingly your sonar-runner folder location and name.
Environment Variable Set
Then find the ‘Path’ system variable and click edit. Copy and Paste same value with adding \bin at the end of the line like this.
Path Environment Variable

Now we must set some properties about project that we want to analyze. Go to project root directory and create a property file called ‘’ like this.Project Root Directory
Then open the file and insert necessary properties. My property file is like(‘#’ is comment):

# required metadata
sonar.projectName=Sonar Test Project
# path to source directories (required)
# path to test source directories (optional)
# tests=testDir1,testDir2
# path to project binaries (optional), for example directory of Java bytecode
# when you build the project, where the .class files are gone
# optional comma-separated list of paths to libraries. 
# Only path to JAR file and path to directory of classes are supported.
# libraries=path/to/library.jar,path/to/classes/dir
# Uncomment this line to analyse a project which is not a java project. 
# The value of the property must be the key of the language.
# sonar.language=cobol
# Additional parameters

Now we are ready to analyze the project. Firstly we must open sonar server from sonar-3.2.x/bin. My computer is Windows 64 bit, so I go under that folder and run the StartSonar.bat. Here is the result:
Sonar Server Running
You can check the server with connecting to http://localhost:9000/. When you type this address to your browser you will see this screen:
Sonar Login Page
Log in with usr/pswd:admin/admin and click configuration link. Make default the Sonar way with Findbugs for more detailed anaylsis.Sonar Configurations
Finally we get to the analysis part. It is actually easiest part of everything. Just go to the root directory that you’ve located ‘’ with command shell. Then run the ‘sonar-runner’ command. That’s all. Note: Your project must be builded for FindBug option.
Running Sonar-Runner
When you look at the http://localhost:9000/ it will be like this and you can dig into analysis with clicking the project name.
Sonar-Runner Result

Developers Rock!!!

This entry was posted in Java and tagged , , , , , , , . Bookmark the permalink.

11 Responses to Getting Ready To Static Code Analyze With Sonar-Runner (for Windows)

  1. Kavita says:

    Thank you for the post, it is very easy to understand.
    please provide the detailed for using inclusions/Exclusions in SONAR.

    • Aykut Akin says:

      Hi Kavita,

      Sonar is a very sophisticated tool with a lot of different features. I only use it for static code review and as soon as I find some free time, I will try other plugins and features of Sonar. Because of my limited experiences with Sonar I can only tell you about code review features.

      You can find detailed rules for different languages from this link. Sonar basically check this pre-defined rules. Sonar can not interpret your business logic and it can not help you to create new code or understand existing code. Sonar also can not help you to define your architecture. However, you can learn best practices of your coding language and you can find more detailed error explanations with using Sonar. Sonar also calculates a lot of statistics about your code. You can see improvements of your code with Sonar using it in different stages of your project.

      If you have specific requirement, I would like to help you to investigate Sonar or other tools.


  2. Robson says:

    Hi thank for you explain. it’s very well detailed. but I have a problem. I can’t run the ‘sonar-runner’ command. I respected all the configurations start. Can you help me please? Thank you in advance.

    • Aykut Akin says:


      Please be sure that you edit ‘Path’ system variable correctly. ‘sonar-runner.bat’ file is inside SONAR_RUNNER_HOME/bin directory. You must define it in the Path system variable correctly. You can directly try to run ‘C:\sonar-runner-2.0\bin\sonar-runner’ command from the command line (I assume you put directory to there. Otherwise you must change the prefix directory). If you still can not run the command please contact with me again.

      • Robson says:

        Thank I had finally got it but the problem now is that nothing about analysis is shown in the interface. Just the name of the project but no issue. Thank for your help!!

  3. Abdul Rehman says:

    Hi Any one help me
    am getting below issue while running sonar runner bat file like below

    ERROR: Error during Sonar runner execution
    org.sonar.runner.impl.RunnerException: Unable to execute Sonar
    at org.sonar.runner.impl.BatchLauncher$1.delegateExecution(BatchLauncher
    Caused by: java.lang.IllegalStateException: You must define the following mandat
    ory properties for ‘Unknown’: sonar.projectKey, sonar.projectName, sonar.project
    Version, sonar.sources

    • Aykut Akin says:


      Did you create the file with below parameters inside?
      sonar.projectName=Sonar Test Project


  4. Sudhir says:

    Thank you for the post.

  5. Ankit Verma says:

    Hey Abdul,

    (1) Firstly, you have to set path sonar-runner in environment variable.
    (2) Seconly, You have to run sonar-runner from root folder of your project directory, where your are kept.
    eg: d:\workspace\helloworld>sonar-runner on command prompt.

    Thanks. 🙂

  6. deepa says:

    Thanks for your wonderful post.I was struggling to configure my project in sonar and I did it with your post.I downloaded sonarlint plugin for eclipse and I can analyze the project in eclipse.Could you please tell me the difference between analyzing the project in eclipse with sonarlint(Sonarqube) & sonar-runner(Sonarqube).

    • Aykut Akin says:


      I have never used Sonarlint, however I just dig into it and found that Sonarlint (pom.xml) depends on Sonar-Runner. So, I think that the only difference is how you triggered the code analysis. I am more of a console guy and I use Sonar-Runner but be free to use Sonarlint. As it seems on the website, Sonarlint provides on the fly code analysis and small nice popups on Eclipse IDE while you are developing (link). With that way you can catch more quickly the best practices.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s