As a developer, I think static code analysis is very important. Our code is getting bigger day by day with the wishes of our customers. We have super time constraints and we must finish our development before strict deadlines. Because of these situations, we can skip some best practices or miss some important points like using ‘==’ instead of ‘equals()’ to compare two objects in Java.
Sonar is a free static code analyzer with different specifications. My post basicly cover working with Sonar Runner, but you can find more version in this site.
First of all you must download sonar server from here. After you download this, unzip it and locate wherever you want. You must first start sonar server when you want use sonar-runner. Under sonar-3.2.x/bin folder you can find binaries and run appropriate program for starting server.
Then you must download sonar-runner from this address. Sonar-runner requires JDK 1.5 or later version to run. After you unzip the download, locate sonar-runner folder to appropriate location(I directly put the folder under C:\ for example). Then you must define some environment variables. Right click to Computer and then Properties->Advanced System Settings->Advanced->Environment Variables is our path. Click new for System Variables and then supply necessary informations like below. You must change value accordingly your sonar-runner folder location and name.
Then find the ‘Path’ system variable and click edit. Copy and Paste same value with adding \bin at the end of the line like this.
Now we must set some properties about project that we want to analyze. Go to project root directory and create a property file called ‘sonar-project.properties’ like this.
Then open the file and insert necessary properties. My property file is like(‘#’ is comment):
# required metadata sonar.projectKey=test:prj sonar.projectName=Sonar Test Project sonar.projectVersion=1.0 # path to source directories (required) sonar.sources=src # path to test source directories (optional) # tests=testDir1,testDir2 # path to project binaries (optional), for example directory of Java bytecode # when you build the project, where the .class files are gone binaries=bin/myproject # optional comma-separated list of paths to libraries. # Only path to JAR file and path to directory of classes are supported. # libraries=path/to/library.jar,path/to/classes/dir # Uncomment this line to analyse a project which is not a java project. # The value of the property must be the key of the language. # sonar.language=cobol # Additional parameters # my.property=value
Now we are ready to analyze the project. Firstly we must open sonar server from sonar-3.2.x/bin. My computer is Windows 64 bit, so I go under that folder and run the StartSonar.bat. Here is the result:
You can check the server with connecting to http://localhost:9000/. When you type this address to your browser you will see this screen:
Log in with usr/pswd:admin/admin and click configuration link. Make default the Sonar way with Findbugs for more detailed anaylsis.
Finally we get to the analysis part. It is actually easiest part of everything. Just go to the root directory that you’ve located ‘sonar-project.properties’ with command shell. Then run the ‘sonar-runner’ command. That’s all. Note: Your project must be builded for FindBug option.
When you look at the http://localhost:9000/ it will be like this and you can dig into analysis with clicking the project name.