Introduction
The code quality is very important for any project and it’s a developer's responsibility to make sure the code which is written is clean by reviewing it. There are lots of tools available in the market to analyze the code. In this article we are going to learn about SonarQube tool, it is a free and open source tool in the community version. It performs code analysis, de-bugging, code smells, duplicate blocks, code coverage and vulnerabilities.
Configuring the SonarQube
Before installing and configuring the SonarQube, we need to install Java -JDK, because the SonarQube scanner requires version 8 or 11 of the JDK.
Use the below link to download Java:
https://www.java.com/en/download/
Once Java installation is completed, go to Advanced System Settings in control panel -> System and Security-> System-> Advanced system setting
Under “System variables”, select “Path” and click “Edit”
Click “New” and add the path for “jdk-11.0.4\bin\”.
Click “OK” .
Download SonarQube Community edition using the below link:
https://www.sonarqube.org/downloads/
Once the download is completed, unzip the file.
Go to sonarqube\bin\windows-x86-64 - >and run StartSonar
Once the SonarQube is up and running, you can open the dashboard in the browser using http://localhost:9000/, and login as admin
By default, the username: admin password: admin
I created an ASP.NET Core application using Visual Studio, now we are going to analyze the code using SonarQube.
Click on New Project in SonarQube running in browser.
Open Visual Studio command prompt, switch to project path and provide the below command:
SonarScanner.MSBuild.exe begin /k:"[Proejct Name]" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="[Give your project token ]"
Next, we want to rebuild the project using the below command.
MsBuild.exe [Project Solution file Name]/t:Rebuild /p:Configuration=Release /p:Platform="Any CPU" /p:TargetProfile=Local
The final step, end SonarScanner using the below command:
SonarScanner.MSBuild.exe end /d:sonar.login="Give your project token"
Now go to SonarQube dashboard in browser and switch to your project, you can see the code analysis report as shown below.
Let’s add some new code to the project to compare the report with the latest code update.
Run the below command to do further analyses to compare the new report with the old one, we need to provide the version number as given in the below command
SonarScanner.MSBuild.exe begin /k:"[Project Name]" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="[Give Project Token]" /v:"[provide the version number] "
MsBuild.exe [Project Solution file Name]/t:Rebuild /p:Configuration=Release /p:Platform="Any CPU" /p:TargetProfile=Local
SonarScanner.MSBuild.exe end /d:sonar.login="Give your project token"
From the above figure the highlighted part is the report based on the new code which we added recently.
Summary
We have seen how to install and configure the SonarQube in Windows to analyze the code quality of ASP.NET Core applications and how to take the comparison report based on versioning the report. Will see more about the code coverage analysis using SonarQube in my next article.