Friday, November 1, 2019

Sonar Integration with Maven

In my previous blog, we have already seen how to setup SonarQube server on Windows 10. We have also seen that how can we generate sonar report using sonar-scanner. In this blog, I’ll show you how to generate sonar report by configuring sonar dependency to maven project. 

Steps to setup sonar in Maven

  • We have to configure pluginManagement and Profile for Sonar in pom.xml file
  • Add below pluginManagement dependency to your pom.xml 
<pluginManagement>

<plugins>

<plugin>

<groupId>org.apache.maven.plugins</groupId>

<artifactId>maven-compiler-plugin</artifactId>

<version>3.8.1</version>

</plugin>

<plugin>

<groupId>org.sonarsource.scanner.maven</groupId>

<artifactId>sonar-maven-plugin</artifactId>

<version>3.6.0.1398</version>

</plugin>

<plugin>

<groupId>org.jacoco</groupId>

<artifactId>jacoco-maven-plugin</artifactId>

<version>0.8.4</version>

</plugin>

</plugins>

</pluginManagement>


  • Add Profile to pom.xml file

<profiles>

<profile>

<id>coverage</id>

<activation>

<activeByDefault>true</activeByDefault>

</activation>

<build>

<plugins>

<plugin>

<groupId>org.jacoco</groupId>

<artifactId>jacoco-maven-plugin</artifactId>

<executions>

<execution>

<id>prepare-agent</id>

<goals>

<goal>prepare-agent</goal>

</goals>

</execution>

<execution>

<id>report</id>

<goals>

<goal>report</goal>

</goals>

</execution>

</executions>

</plugin>

</plugins>

</build>

</profile>

</profiles>


  • Build the project, execute all the tests and analyze the project with SonarQube Scanner for Maven:
                 mvn clean verify sonar:sonar

  • Once done, Check your SonarQube which will generate the code analysis report for your current project. My project name was api-gateway so it generated with the name api-gateway.


Code Analysis using SonarScanner on Windows 10

In my previous blog, we have already seen how to setup SonarQube server on Windows 10. In this blog, I’ll show you how to generate sonar report using SonarScanner. 

Step to setup SonarQube


  • Unzip it and open sonar-scanner.properties which are under conf directory.
  • Edit the below lines

  • Now, go to your project folder directory, open command prompt and run sonar-scanner.bat.

  • It will do the analysis and then post the result to the SonarQube server http://locathost:9000/ having the project name as sonar key that we have configured in sonar-scanner.properties file.


  • You can check the JUnit test code coverage as well by clicking on Coverage.

Happy Coding..!!!

SonarQube setup on windows 10

Overview

SonarQube is an automatic code review tool to detect bugs, vulnerabilities and code smell in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests. 

Prerequisite

Make sure you have JAVA 11 or higher version installed on your window machine.


Step to setup SonarQube

  • Download Community edition from https://www.sonarqube.org/downloads/
  • Extract it and go to the bin folder.
  • Choose windows-x86–32 or windows-x86–64 based on your machine configuration.
  • Run StartSonar.bat which will start the SonarQube server. 
  • Open browser and hit http://localhost:9000

  • If you want, you can start the sonarQube server to a different port by just updating the port number (sonar.web.port=9070) to sonar.properties which is present under conf directory.
  • You can login to the portal using default credential (admin:admin).

Congratulation! SonarQube server is up and running on localhost:9000.

How TOPT Works: Generating OTPs Without Internet Connection

Introduction Have you ever wondered how authentication apps like RSA Authenticator generate One-Time Passwords (OTPs) without requiring an i...