Code Analysis With SonarQube

Introduction

In this article, we are going to explore the pre-requisites needed for the Sonarqube installation and the small demo project along with test cases to configure with Sonarqube.

Overview

It's always a best practice while working on big projects to take code analysis and security into consideration. Sonarqube is one of the open-source platforms which we can use for continuous inspection of the code. 

Below are a few points which sonarqube provide us in the form of analysis reports-

  1. It does static code analysis and gives us reports of bugs
  2. code smells
  3. code duplications
  4. vulnerabilities check

So, let us start with the step by step integration of it with Visual Studio 2019 edition.

Pre-requisites

Below are the tools I have used for this demo.

  1. Visual Studio 2019
  2. JDK 16.0.1
  3. Sonarqube 8.9
  4. Coverlet utility installed in Visual studio
  5. SonarScanner v 5.2.1

Demo steps

Step 1: Installation of Sonarqube

  1.  Visit https://www.sonarqube.org/downloads/ and download the community edition.

2: It will download Zip folder into your downloaded folder. 

Before doing unzip, check the properties of the downloaded folder. It might be blocked for your machine so you need to unblock it and then unzip the folder.

Step 2 - Installation of JDK-

If you want to use open JDK then visit - https://openjdk.java.net/install/ and download it locally.

Step 3 - Visual Studio code

Now open Visual Studio and write down your C# project along with test cases.

Below is the project which I have created for demo configuration.

Step 4

Now, as you have your project ready, you need to install coverlet utility using the below steps-

  •  Go to Visual studio extension- Manage extension then search Coverlet Report and install it.

Step 5 - Installation of SonarScanner

Go to developer command prompt and enter the below command- 

dotnet tool install --global dotnet-sonarscanner

Step 6

Visit the SonaQube unzipped folder and open Wrapper config file and enter the JDK path manually before proceeding further.

Step 7

Now you need to start sonarqube using the below command,

startsonar.bat

Step 8

Now browse your project location and open the developer command prompt and enter the below commands to get your Sonarqube integration done-

dotnet sonarscanner begin /k:"Bank_Scan" /d:sonar.login="admin" /d:sonar.password="admin"

Note- By default login Id and Password for Sonarqube is admin and admin respectively.

Step 9

Now, do dotnet build for your project using the below command.

 dotnet build

Step 10

Now, after successful build, you need to enter the below commands for creating coverage.opencover.xml file .

dotnet test --collect:"XPlat Code Coverage"
dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover

Step 11

Now the last step is to end the Sonarscanner by using the below command.

dotnet sonarscanner end /d:sonar.login="admin" /d:sonar.password="admin"

Here, in this step sonarscanner gather all the things which we have completed in the previous steps and generates the code analysis report for us.

Now visit the URL which you get after the above command execution to see the generated report.

http://localhost:9000/ is the sonarqube URL.

Here, you need to go to Project settings, Languages - (C#) and in Open cover Integration Test reports- mention the coverage.opencover.xml path.

Now after doing this repeat step 11 and browse the overview section. This will give you the Coverage, code smell for your project. 

After clicking on coverage it will show you overall coverage information. You can go through it and check the necessary things and reports as per your need.

In your test project path, you will see the coverage report generated in the JSON format.

Summary

In this article, we explored the pre-requisites needed for the Sonarqube installation and the small demo project along with test cases to configure with Sonarqube. I hope you liked the article. Until Next Time- Happy Learning Cheers