Sonar Code Quality Testing Essentials

Sonar Code Quality Testing Essentials
eBook: $29.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $79.98    Print cover: $49.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Take full advantage of the Sonar platform and its visual components to track code quality and defects
  • Create step by step software quality profiles that match your needs
  • Real world examples that use Sonar efficiently to assess quality and improve Java code

Book Details

Language : English
Paperback : 318 pages [ 235mm x 191mm ]
Release Date : August 2012
ISBN : 184951786X
ISBN 13 : 9781849517867
Author(s) : Charalampos S. Arapidis
Topics and Technologies : All Books, App Testing, Application Development, Java, Open Source

Table of Contents

Chapter 1: An Overview of Sonar
Chapter 2: Installing Sonar
Chapter 3: Analyzing your First Project
Chapter 4: Following Coding Standards
Chapter 5: Managing Measures and Getting Feedback
Chapter 6: Hunting Potential Bugs
Chapter 7: Refining Your Documentation
Chapter 8: Working with Duplicated Code
Chapter 9: Analyzing Complexity and Design
Chapter 10: Code Coverage and Testing
Chapter 11: Integrating Sonar
Appendix: Sonar Metrics Index
  • Chapter 1: An Overview of Sonar
    • What is Sonar
      • How it works
      • What makes Sonar different
      • Sonar in the lifecycle
    • Features of Sonar
      • Overview of all projects
      • Coding rules
      • Standard software metrics
      • Unit tests
      • Drill down to source code
      • Time Machine
      • Maven ready
      • User friendly
      • Unified components
      • Security measures
      • Extensible plugin system
    • Covering software quality on Seven Axes
      • How Sonar manages quality
    • Architecture of Sonar
    • Source code analyzers
      • Squid
      • Checkstyle
      • PMD
      • FindBugs
      • Cobertura and Clover
    • The Sonar community and ecosystem
      • The SonarSource company
      • Awards and conferences
      • Sonar license
    • Summary
    • Chapter 2: Installing Sonar
      • Prerequisites for Sonar
        • Checking your Java installation
        • Installing Maven on Linux
        • Installing Maven on Windows
        • Installing MySQL on Linux
        • Installing MySQL on Windows
      • Downloading Sonar
      • Installing the Sonar web server
        • Sonar server basic configuration
      • Configuring MySQL
        • Creating the database
        • Setting up Sonar with MySQL
      • Starting Sonar as a service
        • Run as a service on Linux
        • Run as a service on Windows
      • Logging in to Sonar for the first time
      • Securing your Sonar instance
        • Sonar authentication and sources visibility
      • Creating users and groups
        • Managing project roles
      • Backing up your data
        • Sonar instance configuration backup
        • Filesystem backup
        • Backing up the MySQL sonar database
      • Extending Sonar with plugins
        • Installing the Useless Code Tracker plugin
      • Upgrading Sonar from the Update Center section
        • Checking compatibility of plugins
        • Upgrading to latest Sonar version
      • Summary
      • Chapter 3: Analyzing your First Project
        • Using a Java runner
          • Configuring the runner
          • Setting up a Sonar server for remote connections
          • Configuring the project
        • Analysis with the Sonar Maven plugin
          • Installing Maven
          • Configuring the Sonar Maven plugin
          • Performing the analysis
        • Analysis with Ant
          • Installing Ant
          • Configuring and running Sonar analysis task
        • Browsing the Sonar web interface
          • The treemap gadget
          • Filtering your projects
          • The "What Coverage?" filter
        • Sonar components— an overview
          • Dashboard
          • Components
          • Violations drilldown
          • Time Machine
          • Clouds
          • Design
          • Hotspots
          • Libraries
        • Anatomy of the dashboard
          • Layout and widget arrangement
        • Eliminating your first violations
          • Unused modifier violation
            • Modified Order violation
            • Correctness - Repeated conditional tests
          • Creating your first analysis event
          • Getting visual feedback
        • Summary
        • Chapter 4: Following Coding Standards
          • A brief overview of coding standards and conventions
            • Java standards
          • Sonar profiles, rules, and violations
            • The Rules Compliance Index
          • Managing quality profiles
            • Creating a profile
            • Associating projects to profiles
          • Managing rules
            • Adding a rule
            • Configuring a rule
              • Regular expressions
              • Boolean expressions
              • Token and value-based rules
            • Backing up and restoring profiles
          • Creating a coding standards profile
            • Selecting the rules
            • Naming conventions and declarations rules
              • Declaration order
              • Abstract class name
              • Variable, parameter, and method names
              • Multiple variable declarations
              • Local home naming
              • Variable lengths
              • Naming - Avoid field name matching method name
              • Naming - Suspicious equals method name
            • Standards rules
              • Unused imports
              • Unnecessary final modifier
              • Unused modifier
              • Magic number
              • Final class
              • Missing constructor
              • Abstract class without any methods
            • Code layout and indentation
              • Avoid inline conditionals
              • Left Curly
              • Paren Pad
              • Trailing comment
              • Multiple String literals
              • The for loops must use braces
          • Inspecting violations with the Radiator component
            • Installing the Radiator plugin
          • Watch the quality improving
            • Configuring the Timeline widget
          • Summary
          • Chapter 5: Managing Measures and Getting Feedback
            • Reviewing code
            • Sonar manual reviews
              • Assigning reviews
              • Browsing reviews
            • Configuring notifications
            • Defining metric thresholds and alerts
              • The Build Breaker
            • Sonar manual measures
              • Creating the Story Points measure
              • Managing manual measures
            • Quality reporting on your project
              • Installing the PDF report plugin
              • Getting the project report
              • Customizing the report
            • Getting visual feedback
              • Timeline plugin
              • Motion Chart plugin
                • Bubble chart
                • Bar chart
            • Summary
            • Chapter 6: Hunting Potential Bugs
              • Potential bugs violations
                • Dodgy code rules
                  • Use notifyAll instead of notify
                  • StringBuffer instantiation with char
                  • Use StringBuffer for String appends
                  • Constructor calls overridable method
                  • Close Resource
                  • Ambiguous invocation of either an inherited or outer method
                  • Consider returning a zero length array rather than null
                  • Method ignores return value
                  • Method does not release lock on all paths
                  • Null pointer dereference
                  • Suspicious reference comparison
                  • Misplaced null check
                  • Impossible cast
                • Program flow rules
                  • Do not throw exception in finally
                  • Finalize does not call Super Finalize
                  • Avoid calling finalize
                  • Avoid catching NPE
                  • Method ignores exceptional return value
                  • Switch statement found where default case is missing
                  • Missing break in switch
                  • Avoid catching Throwable
                • Security rules
                  • Class exposes synchronization and semaphores in its public interface
                  • Method returns internal array
                  • Hardcoded constant database password
              • Installing the Violation Density plugin
              • Integrating Sonar to Eclipse
                • Installing the Sonar Eclipse plugin
                • Linking an Eclipse project to Sonar server
                • Using the Sonar perspective
              • Summary
              • Chapter 7: Refining Your Documentation
                • Writing effective documentation
                  • Comments structure
                    • Javadoc block comment
                    • Javadoc line comment
                  • Javadoc common tags
                • Documentation metrics definitions
                  • Comment lines
                  • Commented-out Lines of Code
                  • Density of Comment Lines
                  • Density of Public Documented API
                    • Monitoring documentation levels
                  • Statements
                • Overview of Sonar documentation violations
                  • Javadoc rules
                    • Undocumented API
                    • Javadoc Method
                    • Javadoc Package
                    • Javadoc Style
                    • Javadoc Type
                    • Javadoc Variable
                    • Uncommented Empty Constructor
                    • Uncommented Empty Method
                    • Uncommented Main
                • Locating undocumented code
                  • Creating the documentation filter
                • Generating documentation automatically
                  • Installing Graphviz
                  • Installing Doxygen
                  • Using the Sonar Documentation plugin
                • Summary
                • Chapter 8: Working with Duplicated Code
                  • Code duplication
                    • Don't Repeat Yourself (DRY)
                  • Sonar code duplication metrics
                    • Creating Duplicated Code Alert
                  • Locating duplicated code with Sonar
                    • Cross-project duplication detection
                    • Using the Radiator component to detect duplication
                  • The Useless Code Tracker plugin
                    • Tracking duplicated lines
                    • Tracking dead code
                    • Installing the Useless Code plugin
                  • Using extraction and inheritance to attack duplication
                    • The Extract Method refactoring pattern
                    • Refactoring with inheritance
                  • Summary
                  • Chapter 9: Analyzing Complexity and Design
                    • Measuring software complexity
                      • The Cyclomatic Complexity metric
                    • Cohesion and coupling
                      • Afferent coupling
                      • Efferent coupling
                    • Sonar Code Complexity metrics
                      • Boolean Expression Complexity
                      • Class Data Abstraction Coupling
                      • Class Fan Out Complexity
                      • Cyclomatic Complexity
                      • JavaNCSS
                      • Nested For Depth
                      • Simplify Boolean Return
                      • Too many methods
                      • Too many fields
                      • Avoid too complex class
                      • Avoid too deep inheritance tree
                    • The Response for Class metric
                    • Lack of Cohesion in Methods and the LCOM4 metric
                      • Exceptions to the LCOM4 metric
                    • Locating and eliminating dependencies
                      • Using the Sonar design matrix
                    • Summary
                    • Chapter 10: Code Coverage and Testing
                      • Measuring code coverage
                      • Code coverage tools
                        • Selecting a code coverage tool for Sonar
                        • Cobertura
                        • JaCoCo
                        • Clover Sonar plugin
                        • Emma Sonar plugin
                      • Code coverage analysis
                        • Statement coverage
                        • Branch/decision coverage
                        • Condition coverage
                        • Path coverage
                      • Assessing the impact of your tests
                        • Uncovered lines
                        • Uncovered branches
                      • Using the coverage tag cloud component
                        • Quick wins mode
                        • Top risk mode
                        • Where to start testing
                          • The Top risk approach
                      • jUnit Quickstart
                        • Writing a simple unit test
                      • Reviewing test results in Sonar
                      • Summary
                      • Chapter 11: Integrating Sonar
                        • The Continuous Inspection paradigm
                          • Continuous integration servers
                        • Installing Subversion
                          • Ubuntu/Debian Subversion installation
                          • Red Hat Subversion installation
                          • Installing Subversion on other Linux distributions
                          • Windows Subversion installation
                        • Setting up a Subversion server
                          • Creating a Subversion repository
                          • Subversion security and authorization
                          • Importing a project into Subversion
                        • Installing the Jenkins CI server
                          • Ubuntu/Debian Jenkins installation
                          • Redhat/Fedora/CentOS Jenkins installation
                          • Windows Jenkins installation
                        • Configuring Jenkins
                          • JDK configuration
                          • Maven configuration
                          • Repository configuration
                          • E-mail server configuration
                          • Securing Jenkins
                        • Creating a build job
                          • Cron expression and scheduling
                        • Installing the Sonar plugin
                          • Building and monitoring your project
                        • Summary
                        • Appendix: Sonar Metrics Index
                          • Sonar metrics
                            • Complexity metrics
                            • Design metrics
                            • Documentation metrics
                            • Duplication metrics
                            • General metrics
                            • Code Coverage and Unit Test metrics
                            • Rules Compliance metrics
                            • Size metrics
                            • Management metrics

                          Charalampos S. Arapidis

                          Charalampos Arapidis is a Senior Software Engineer located in Athens, Greece specializing in J2EE application design and implementation. His other notable interests include data-mining/visualization techniques and tuning continuous integrated environments. From a very early age, Charalampos showed particular interest in advanced Mathematics and software development and has been honored twice at the Panhellenic Mathematical Contest for providing prototype and innovative solutions. He graduated in Computer and Software Engineering from the Polytechnic school of the Aristotle University. After graduation he dynamically entered the enterprise field where he helped his organization make the transition from legacy client server ERP and CRM applications to full stack J2EE with JSF implementations all in a streamlined and integrated development environment. The development of the Proteus Web Document Management System for the Greek Public Sector and his solutions to Kallikratis - the largest data integration project ever conceived in the later years of Greece's public sector – are two of his most recognizable achievements nationwide. Charalampos currently works at Siemens Enterprise Communications as a Senior Software Applications Engineer, designing and implementing Unified Communications software at multinational level. When not working, he enjoys blogging, playing the classical guitar, and composing music, exploring new ways to translate polynomial equations to sound.
                          Sorry, we don't have any reviews for this title yet.

                          Code Downloads

                          Download the code and support files for this book.

                          Submit Errata

                          Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


                          - 4 submitted: last submission 16 Jan 2014

                          The last line on page 261, under the heading Cron expression and scheduling is as follows:

                          30 18 * * ? (every day at 06:00 PM)

                          This line should be:

                          30 18 * * ? (every day at 06:30 PM)

                          Errata type: Typo | Page number: 219 | Errata date: 17 Oct 12

                          The first sentence in the first paragraph under the screenshot on page number 219 is as follows:
                          As you can see, CharSequenceTranslator has an illegal dependency on AggregateTrnalstor.
                          It should be as follows:
                          As you can see, CharSequenceTranslator has an illegal dependency on AggregateTranslator.

                          On page number 97, the second line in the code snippet is as follows:

                          public class DeclarationOrder {

                          This line should be as follows:

                          public class Foo {

                          Errata type: Typo | Page number: 55

                          Under the "# Section 1: required metadata"  line:

                          sonar.projectKey=commons lang

                          should be:


                          Sample chapters

                          You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                          Frequently bought together

                          Sonar Code Quality Testing Essentials +    IBM Lotus Domino: Classic Web Application Development Techniques =
                          50% Off
                          the second eBook
                          Price for both: $45.60

                          Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                          What you will learn from this book

                          • Understand the different perspectives of quality in software projects
                          • Manage code quality and get historical visual feedback directly from your browser with Sonar
                          • Drill down your code and easily hunt for potential bugs and defects using Sonar components
                          • Take full advantage of custom quality profiles to refine your documentation and apply coding standards
                          • Locate duplicate and useless code and assess testing coverage across your projects
                          • Analyze design and understand code complexity using Sonar and advanced metrics
                          • Learn to configure dashboards and maintain the Sonar platform to match different needs
                          • Integrate Sonar with a build server according to the continuous inspection paradigm

                          In Detail

                          Sonar is an open source platform used by development teams to manage source code quality. Sonar has been developed with this main objective in mind: make code quality management accessible to everyone with minimal effort. As such, Sonar provides code analyzers, reporting tools, manual reviews, defect-hunting modules, and TimeMachine as core functionalities. It also comes with a plugin mechanism enabling the community to extend the functionality, making Sonar the one-stop-shop for source code quality by addressing not only the developer’s requirements, but also the manager’s needs.

                          The "Sonar Code Quality Testing Essentials" book will help you understand the different factors that define code quality and how to improve your own or your team's code using Sonar.

                          You will learn to use Sonar effectively and explore the quality of your source code in the following axes:

                          • Coding Standards
                          • Documentation and Comments
                          • Potential Bugs and Defects
                          • Unit Testing Coverage
                          • Design and Complexity

                          Through practical examples, you will customize Sonar components and widgets to identify areas where your source code is lacking. The book goes down to proposing good practices and common solutions that you can put to use to improve such code.

                          You will start with installing and setting up a Sonar server and performing your first project analysis. Then you will go through the process of creating a custom and balanced quality profile exploring all Sonar components through practical examples. After reading the book, you will be able to analyze any project using Sonar and know how to read and evaluate quality metrics.

                          Hunting potential bugs and eliminating complexity are the hottest topics regarding code quality. The book will guide you through the process of finding such problematic areas, leveraging and customizing the most appropriate components. Knowing the best tool for each task is essential.
                          While you improve code and design through the book, you will notice that metrics go high and alerts turn green. You will use the Time Machine and the Timeline to examine how your changes affected the quality.

                          "Sonar Code Quality Testing Essentials" will enable you to perform custom quality analysis on any Java project and quickly gain insight on even large code bases, as well as provide possible solutions to code defects and complexity matters.


                          This is a step-by-step tutorial enriched with practical examples and the necessary screenshots for easy and quick learning.

                          Who this book is for

                          This book is for you if you are a Java developer or a Team Manager familiar with Java and want to ensure the quality of your code using Sonar.

                          You should have a background with Java and unit testing in general.

                          Code Download and Errata
                          Packt Anytime, Anywhere
                          Register Books
                          Print Upgrades
                          eBook Downloads
                          Video Support
                          Contact Us
                          Awards Voting Nominations Previous Winners
                          Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                          Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software