Assessing Code Quality with Sonar

Posted on May 1, 2012

0


I recently joined a development team where I was asked to help improve the team’s code quality and engineering practices.  Soon after joining the team, I noticed numerous code quality issues that needed to be addressed.  In order to justify the effort to improve code quality to non-technical decision makers, I needed a quantitative method for measuring the quality of the source code and possibly the technical debt.  I had heard a lot about a tool called Sonar, so I decided to give a try.  It proved to be more than up to challenge and helped me quickly demonstrate the risk due to code quality the team had incurred.

What is Sonar?
Sonar is a Java-based open source server product that centrally hosts your organization’s source code quality rules and metrics.  It provides a hub for managing, viewing and comparing code quality throughout an organization.  Code quality metrics are neatly displayed in easy to read dashboards and charts.

Sonar provides a number of features that make managing code quality a snap.

Simple Project Integration
Sonar makes it easy to integrate a new project.  All you have to do is point your build tool (Ant, Maven or Gradle) at the Sonar server and run a build.  And that’s it.  The Sonar build integration will connect to the Sonar server, download any plugins or configurations and run them locally against your project’s source code.  It will then publish the results back to Sonar.  Sonar also provides a stand-alone publisher that you can run against source code if you aren’t using a build tool (although you really should be).

Traditionally, you would have to configure individual static code analysis tools inside your build script.  This build configuration would have to replicated to each project’s build script.  Sonar vastly reduces the need for this type of duplication.

Centralized Rules Management
All static code analysis plugin configuration happens on the Sonar server.  Sonar allows you to define which plugins a project should use, as well as the rules to apply.  As you change the configurations on the server, every project will automatically download and run with these new plugins or configurations.  It is that simple!

Dashboards
One of the best parts of Sonar is its dashboarding capability.  There is a variety of plugins and out of the box visualizations that you can add to a project’s dashboard.  These dashboards can be focused on a particular project, a module of a project or all of the projects within an organization.  Most of the information is presented to help you quickly find problem areas and address it.

Technical Debt Calculator
One of the most compelling features of Sonar the build in Technical Debt Calculator.  For me, this is what single handedly caught the attention of my clients.  Sonar’s Technical Debt Calculator puts a dollar value on how much it will cost to fix the various code quality issues and defects.  Technical debt is calculated based on duplicated code, static code analysis violations, code comments, unit test coverage and cyclomatic complexity.   I recommend reading about how technical debt is calculated on Sonar’s blog.

Code Reviews
I was pleasantly surprised to find that there was a code review tool built into Sonar.  In the past, I have hunted for a simple tool to enable asynchronous code reviews on a development team.  Sonar provides a Github like code commenting feature.  In addition, I can turn these comments into tasks and assign them to a developer to work on.  You can read more about Sonar’s code review features here.

Cross-Language
While Sonar provides first class support for Java, it also supports numerous other programming languages including C#, VB6, Groovy, PL/SQL, Cobol and more.  This makes Sonar an even more compelling code quality platform for an organization that has multiple technology platforms.

In my opinion, Sonar is an amazing compliment to any organization’s existing suite of development support tools.  It is simple, easy to setup and provides value almost immediately.  A great place to start is Sonar’s documentation, which can be found here.