is an open source platform, used to manage quality of java source code.
The release 1.6 of Sonar has just come out. This release represents a major evolution of the platform : from a quality metric reporting tool, Sonar becomes now a code quality management platform.
Here are the major functionality that were already available in Sonar 1.5 :
- Static and dynamic analysis on java projects
- Centralized configuration of quality rules to be used (Checkstyle, PMD and Findbugs)
- Ability to see evolution throughout time
- Management of event during project lifetime
- Consolidation of the project portfolio
- Drill down from project to class level
With version 1.6 Sonar we have added the management touch in 2 steps:
1 - Sonar is now able to manage multiple quality profiles which means that it is possible to handle in a different way libraries, technical project, legacy projects, new projects...
2 - It is possible to configure thresholds as part of a quality profile on any metric to be able to alert on issue. The alerts appear in the project consolidated view and the impacted metrics gets highlighted.
The Sonar web site : http://sonar.codehaus.org
The public instance of Sonar : http://nemo.sonar.codehaus.org
Sonar 1.6 in screenshots
I have recently tried FindBugs and loved it (experience report coming soon at http://www.basilv.com/psd/
). My quick look at Sonar didn't leave me with a good feel for what Sonar targets. Does it simply aggregate quality metrics across multiple projects, or does it do more at an individual project level? One of the sample individual project dashboards does look quite cool (see http://nemo.sonar.codehaus.org/project/index/org.apache.jackrabbit:jackrabbit
It looks like it requires a database, which suggests more work to setup and configure.
I used Checkstyle, PMD and Findbugs. I've read about Hammurapi. I recently used Sonar on a friend's suggestion. It took 20 minutes to set up. Sonar is a complete dashboard, things you don't have when using the previous products.
Using a DB enables Sonar to implement a missing feature for all of these prodcucts, the trend: you know about the number of errors and you know about the number of code lines but how did both fluctuated through time?
BTW, Sonar uses JavaDB by default so you have don't have to configurate if you wish so.
Not sure to perfectly understand what you mean by "does it do more at an individual project level?" but at project level, here are several good reasons to use Sonar instead of directly piloting checkstyle, pmd or findbugs :
- you don't have to configure those tools, Sonar does it for you
- you can browse source code and all violations are highlighted
- As Nicolas said, you can see how metrics evolve over time
- Violations of the three tools are merged to get a consolidated view
- You can easily drill down from project, to module, to package and finally to class
Sonar is great, I've been using it for years. It has nothing to do with Java though:
Sounds nice but apparently doesn't work within a virtual host.
E.g. I adapted conf/sonar.properties (_only_ disabled derby & enabled mysql - everything else is the default).
Added "" to my tomcats server.xml
Moved the generated sonar.war to /srv/tomcat/sonar/ROOT.war
Upon trying to access Sonar I get
SEVERE: Error: unable to initialize application
org.jruby.rack.RackInitializationException: No such file to load -- /sonar.localhost/WEB-INF/config/environment.rb
from file:/srv/tomcat/apache-tomcat-6.0.16/work/Catalina/sonar.localhost/_/WEB-INF/lib/jruby-rack-0.9.3.jar!/jruby/rack/rails.rb:29:in `load_environment'
from file:/srv/tomcat/apache-tomcat-6.0.16/work/Catalina/sonar.localhost/_/WEB-INF/lib/jruby-rack-0.9.3.jar!/jruby/rack/rails.rb:152:in `new'
from file:/srv/tomcat/apache-tomcat-6.0.16/work/Catalina/sonar.localhost/_/WEB-INF/lib/jruby-rack-0.9.3.jar!/rack/builder.rb:22:in `instance_eval'
from file:/srv/tomcat/apache-tomcat-6.0.16/work/Catalina/sonar.localhost/_/WEB-INF/lib/jruby-rack-0.9.3.jar!/rack/builder.rb:22:in `initialize'
Caused by: org.jruby.exceptions.RaiseException: No such file to load -- /sonar.localhost/WEB-INF/config/environment.rb
As you can see it is searching for the file bellow a non existing root context: /sonar.localhost/WEB-INF/config/environment.rb
The correct path would be: /WEB-INF/config/environment.rb
Other applications (e.g. Hudson) work perfectly with this setup, so I blame Sonar ;D
Any ideas how that could be fixed?
I looked through the posted website and it looks like a great product. The bullet points sound promising and the site is well polished.
Presently, my team uses maven with 8 open source plugins to check quality, such as jdepend, cobertura, pmd, javancss, etc (the standard plugins listed in the Better Builds with Maven book). We also have features, like JXR to view our code and the standard maven plugins like surefire. Most of the sonar features seemed to match those, but nothing caught my eye as new.
Like many other developers in this economic climate, I don't have as much time for research as I used to, so I apologize that I have to ask these questions without trying out the application first.
Does sonar provide additional features we should know about? What are some of the most compelling improvements over the plugins mentioned in Better Builds with Maven?
Hi Steven, if you only need to manage/follow quality on very few projects you can keep on using your current system with Maven Dashboard plugin or Hudson reporting system and hope to have a better economic climate one day to have fun with Sonar ;-). Indeed Sonar uses the same tools you've mentioned.
So what makes Sonar different ?
- No need to configure each tools
- All metrics are aggregated on one dashboard (http://nemo.sonar.codehaus.org/project/index/org.apache.jackrabbit:jackrabbit
- If you have 10, 50 or more than 100 projects to monitor, you can a quick insight of your project portfolio. Take a look to Nemo homepage : http://nemo.sonar.codehaus.org
- Get trend and history on each metric
- Define alert thresholds
There's a release of Sonar each Month, so that's just a beginning.
It is hands down one of the best out of the box experiences. Keep it up guys! I think you are still under the radar, but mindshare is accelerating. I don't know of anything open source that comes close to this (so please please please don't encumber it ;-). This is a great example of quality projects accessible to the community.
This where our deliverable sucks, this is wonderful news for developers
maybe we can add the code that runs the server side onto sonar ;-)
I installed Sonar in one minute, configured my Maven project to upload the data in 5. another 5 to change the project and run Sonar in the "site" phase rather in the "test" (in the test it does not seem to work, I will check if there is an issue already opened).
What can I say? More than half of the issues were correct and the UI looks nice and very easy to use.
Definitely a tool that enters in my toolbox.