For those that are not familiar with, ( I hope this post will make you at least try it or see it in action at ) you can take a look at an I’ve written some time ago. In one sentence Sonar is an open source platform that allows you to track and improve the quality of your source code. One of the key aspects when talking about software quality is the which is how much of your source code is tested by Unit tests. Sonar integrates with the most popular open source code coverage tools (,, ) and the well-known commercial by Attlassian.

A GPL streaming media server project that currently streams in MP3 format, with plans to add support for video and Vorbis formats. Has ports for pretty much every. A list of tools to assess and manage technical debt in Agile Scrum software. CAST Software Web site: SonarQube. SonarQube, or “the software.

By default it uses the JaCoCo (Java Code Coverage) engine and you’ll shortly find out why Before we move on, I’d like to give many kudos to. This article is inspired by one of his s and its intention is to present a more updated comparison of the supported code coverage tools by Sonar and point out some differences regarding their results and the way they work. Recently Sonar changed its default code coverage tool to JaCoCo and this post tries to explain the reasons behind that decision. Some of the information is borrowed by Evgeny’s post and the image is also taken from. So thanks a lot Evgeny! Now let’s go to the meat.

For the comparison you’ll see, I’ve used the latest available Sonar version 3.3, Maven 2.2.1, Java 1.6 and all analysis launched in a Windows 7 machine (Intel Core i3-2120 CPU @ 3.30GHz) with 8GB RAM. The projects were carefully selected ( a small, medium-sized and a large one – not that large as Java code base but large enough to extract some results ). I ran five analysis for each open source code coverage tool ( I excluded the commercial Clover from my comparison version ) and another five by disabling the code coverage mechanism.

So that’s a total of 60 analysis ). In the following tables you can find some information about the code coverage tools and some basic metrics about the selected projects. Pay attention to the date of the latest stable release. Emma hasn’t been updated since dinosaurs era and cobertura is almost three years inactive. One might think that this isn’t an issue if they are stable and don’t need any new release. Well, the truth is that both of them have bugs that frustrate end-users and there’s no one to fix them.

On the other hand JaCoCo is continuously evolving and improving The results of the analysis are displayed next. Some important notices. Emma doesn’t support Branch coverage that’s why you’re not seeing any metrics. Furthermore there are differences in the results of Line and Branch coverage, which are more concrete for larger projects. For instance in Sonar Jira plugin all three tools produce the same results whereas in Sonar analysis and Commons Lang projects you can see that the numbers are not the same. Now take a look at a graph that illustrates in a more readable way which tool is the fastest.

It seems that Emma and JaCoCo need the same amount of time to compute their metrics but as we already mentioned there’s a huge difference. There’s no branch coverage in Emma reports. Cobertura is always slower than JaCoCo so again the winner is JaCoCo.

Of course you can get even faster results by running a Sonar analysis without computing code coverage metrics One last thing: JaCoCo, as the following figure shows is the only tool that analyses bytecode on-the-fly which is more. Cobertura and Emma run an offline analysis and use a class loader whereas JaCoCo has its own java agent for analysis code. This configuration allows JaCoCo to be very flexible, possible integrated with many other tools and frameworks and can be used with any language in a JVM environment. So, to sum up, if you’re using Sonar ( if you don’t, you SHOULD ), then it strongly advisable to keep the default code coverage engine ( JaCoCo), unless you have really important reasons for that. Finally don’t forge to check and the about Sonar by Manning Publications. The release date is in about 3-4 months but you can get an early access version. As always, feel free to comment or suggest improvements about the article and its content.

September 28, 2015 [Previous posts]:, This post provides a quick-start guide to using SonarQube to analyze.NET managed code. It covers installing SonarQube locally, running your first analysis using MSBuild, and using some popular third-party analyzers. It also describes how to use the new Visual Studio Online (VSO) and Team Foundation Server (TFS) Build tasks to perform analysis as part of a VSO or TFS build. Introduction is an open source product, produced by, which consists in a set of static analyzers (for many languages), a data mart, and a portal that enables you to manage your technical debt.

SonarSource and the community provide additional analyzers (free or commercial) that can be added to a SonarQube installation as plug-ins. SonarSource and Microsoft have been working to integrate SonarQube with MSBuild and TFS for some time and, since August 2015, there is a wide range of possibilities for analyzing the technical debt in your.NET projects. This post aims to help you discover the possibilities for analyzing your technical debt using the, which is at the core of the integration of SonarQube with MSBuild. In this post, I’ll show you how you can:. It’s quite easy to set up SonarQube on a Windows computer for trial or demo purposes, though I’ll also provide pointers to setting up a production environment.. In this section, I’ll show how you use the SonarQube.MSBuild.Runner in your builds.

For example, you can get extra coverage for technical debt by using analyzers such as StyleCop and ReSharper.. In a previous post, I showed how you can analyze your.NET projects with the SonarQube Build vNext analysis tasks in VSO or TFS. Here, I’ll show you how you can, in addition, run third-party analyzers with Build vNext.

Installing a SonarQube server on a local Windows computer In the following sections of this post, I’ll be using SonarQube server installed on my local computer. To do this I installed Java, downloaded SonarQube from the, and unzipped it. I’m using the default embedded database (H2), which is not designed to be used for production, and I’m running SonarQube as a Windows service. To set it up, I followed. Why would you want to use the default, non-production installation? This might be because, as a consultant, you are working with your customer’s code on your own computer, or on one of their computers, but you don’t want to set up an integrated build.

Alternatively, it might be that you want to start playing with SonarQube analysis for.NET and learn about it, before using it in production If you want to do something more serious, such as for production use, you can install another database such as SQL Server. The Visual Studio ALM Rangers provide. This guidance was converted to a GitHub repository (), and is also available as a. Next, I signed in as an administrator to the SonarQube server (the default username and password is admin / admin), went to the Update Center ( Settings System Update Center), and installed the SonarQube C# Plug-in.

This plug-in tells SonarQube how to analyze C# code. The SonarQube Update Center downloads the plug-in from the Internet and installs it in my SonarQube server. SonarQube must be restarted after installing or updating a plugin. As I’m running SonarQube as a Windows service, I did this by selecting Restart in the Local Services console. Installing the MSBuild.SonarQube.Runner scanner I downloaded the scanner, which I unzipped on my computer into the folder C: Sq MSBuild.SonarQube.Runner-1.0.1. Remember, my configuration here is a single computer that hosts Visual Studio, the SonarQube Server, and the MSBuild.SonarQube.Runner 1.0.1. Analyzing a project locally with the MSBuild.SonarQube.Runner The first experiment I’m going to carry out is to run the MSBuild.SonarQube.Runner locally.

Visual Studio 2015 Community is installed on my computer. What I need to do is: 1. Open a Developer Command Prompt for VS2015 from the Start menu. Navigate to the folder containing the project I want to analyze. Run the following commands: path=%path%;C: Sq MSBuild.SonarQube.Runner-1.0.1 MSBuild.SonarQube.Runner begin /n:Backlogmaps /v:1.0 /k:blm Msbuild MSBuild.SonarQube.Runner end The first of the commands in step 3 just sets the path to include the folder where I unzipped the MSBuild.SonarQube.Runner (and only for the duration of the command window).

Note that, here, I’ve chosen to set the path in the command prompt. I could have changed the environment variables permanently in the Advanced tab of the System Properties dialog ( Control Panel System Advanced system settings). The second command downloads the quality profile to be used for my project, as well as some binaries related to the.NET analysis, from the SonarQube server installed locally on my computer (I have not changed any configuration settings).

The third command simply runs MSBuild on my folder (I have only one solution). The fourth command completes the SonarQube analysis, and sends the results to the SonarQube server.

Here are the last few lines of the console output: Now I open the URL (as indicated in the analysis results shown above) in my browser, and I get a first view of my project. Passing additional settings; for example, to change the analysis verbosity The output produced by version 1.0 of the MSBuild.SonarQube.Runner was very verbose, so in version 1.0.1 we reduced the level of detail produced in normal operation. If you want to enable verbose log files, you can do it by settings the sonar.verbose property to true. Here is how you do it compared to the commands you saw earlier: path=%path%;C: Sq MSBuild.SonarQube.Runner-1.0.1 MSBuild.SonarQube.Runner begin /d:sonar.verbose=true /v:1.0 /k:blm /n:Backlogmaps Msbuild MSBuild.SonarQube.Runner end As a result, the analysis displays a lot more information – you can see the INFO and DEBUG lines in this screenshot. Note that the /d: option is used to set any variable that SonarQube or its plug-ins understands. I’ll be using it later in this post when performing analysis using third-party plug-ins.

Executing third-party analyzers locally Since we released the MSBuild.SonarQube.Runner, we received several questions related to running third-party analyzers such as StyleCop, ReSharper, or NDepend. The NDepend plug-in is not officially available yet, but I’ll explain in this section how you can run StyleCop and ReSharper analysis and send the results to SonarQube. StyleCop If you want to add StyleCop to your analysis, you’ll need to: Installing StyleCop It’s really easy to install StyleCop: 1. Download the StyleCop MSI from. Run the MSI to install StyleCop on your build computer. Currently SonarQube supports StyleCop 4.7.

StyleCop installed as a NuGet package is not yet supported, though we have raised a SonarQube for this. Installing the SonarQube StyleCop plug-in To install the SonarQube StyleCop plug-in, I chose the Login link at the top right of the SonarQube server web page, and signed in as the SonarQube server administrator ( admin / admin by default). Then I navigated to Settings System Update Center, and opened the Available Plug-ins tab. In the External Analyzers section, I located “Style Cop” and installed it. The link automatically downloads the plug-in from the Internet and installs it in my SonarQube server. Restarting the SonarQube server Next, I restarted the SonarQube server from the Local Services window, as shown earlier. Adding the StyleCop rules to the quality profile SonarQube has the notion of Quality Profiles.

A quality profile is essentially a mechanism for grouping a set of rules. Every SonarQube project has an associated quality profile per analyzed language that determines the rules that are run against that project for this language. After installing the StyleCop plug-in and restarting the server, SonarQube will be aware of StyleCop rules.

However, these won’t yet be activated in the quality profile associated with your project – you must activate them yourself. I’m going to create my own quality profile named My Way by cloning the default Sonar Way profile, and add rules for the StyleCop plug-ins I’ve installed. Sign into the SonarQube server as an administrator (you must be an administrator to update the quality profile). Choose Quality Profiles and select the default Sonar Way profile. Choose Copy, and create a new quality profile named My Way. Choose Set as Default in the “My Way” entry to set it as the default for C# projects (I could have associated it with only my project instead).

Choose Rules in the top navigation toolbar and then set the Repository textbox in the left-hand column 6. Select StyleCop in the Repository list to see the list of rules. Select all the StyleCop rules (when using a mouse you can click on the first rule, scroll to the end, and Shift-click the last one). Choose Bulk Change and then choose Activate In. From the drop-down list, choose the My Way profile. After a few seconds, SonarQube tells you that rules were added to the My Way quality profile. Re-running the analysis Just as before, I run the commands: path=%path%;C: Sq MSBuild.SonarQube.Runner-1.0.1 MSBuild.SonarQube.Runner begin /n:Backlogmaps /v:1.0 /k:blm Msbuild MSBuild.SonarQube.Runner end The result, however, is very different.

Now I get 4,420 additional issues (I was a little ruthless in activating all the StyleCop rules J). StyleCop: conclusion Adding StyleCop to your analysis is quite easy. You just install StyleCop on your build/analysis computer, install the StyleCop plug-in, activate the StyleCop rules in the quality profile for your project, and re-run your analysis. Note that the fact that you need to install StyleCop on the build computer means that you won’t be able to run it with a Hosted build agent in Visual Studio Online. You will need to set up a private build agent. We’ll do that in the last section of this post. Ansys Software Student Edition on this page.

But, before then, let’s see how to perform an analysis with the ReSharper command line tool. ReSharper To perform an analysis with ReSharper, you carry out a very similar set of steps as you did for StyleCop. The main difference is that, in this case, you must add parameters for the analysis. The basic steps are: Installing ReSharper Download the and install it on your local computer. This is a zip file, which I unzipped into the folder: C: Program Files (x86) JetBrains.ReSharper.CommandLineTools.9.1.20156 Installing the SonarQube ReSharper plug-in Using the Update Center on my SonarQube server ( Settings System Update Center) as an administrator, I added the ReSharper plug-in from the Available Plug-ins tab. This automatically downloads the plug-in from the Internet and installs it in my SonarQube server.

Restarting the SonarQube server Next, I restarted the SonarQube server from the Local Services window, as shown earlier. Adding the ReSharper rules to the quality profile After signing in to the SonarQube server as an administrator, I go to the Rules tab, select the ReSharper rules repository, select all the rules I want to include, and “bulk add” these rules to the quality profile.

See the earlier for more details. Re-running the analysis For the analysis itself, things are different. @Jean-Marc We are developing games with the Unity3d game engine.

I'd like to use the best quality and static analysis tools available. Our games are developed in C# (mono), with a VERY thin layer of some native code (java for Android and Objective-C for iOS).

I'd like to analyze that code, but we are all running on OSX, and although SonarQube runs on OSX, there are not too many analyzers (last time i checked) that will run on OSX (FxCop, ReSharper stuff, the.NET official analyzer, StyleCop, etc). I was wondering whether this scenario is going to be supported (and when, if currently not supported), or whether we should get a Windows box or a VM that will be used for this purpose. We are using SonarQube 5.2 and latest MSBuild Sonar Runner C# plugin 4.2 but we are getting the error below whenever we are running the Sonar Runner. Please let me know if there is any specific configuration required. It says 'Repository must be set'. I have setup the usual Rules (SonarQube C#). Please share your thoughts and suggest.

Hi, good tutorial. I have a small problem when I try to add resharper analyzer step on VSO.

I added $(ReSharper)InspectCode to “Tool” textbox in Command Line step. In my agent I added USER CAPABILITIES named ReSharper with value – path to resharper: C:Resharper.

During build I have this massage in this step: $(ReSharper)InspectCode “c:agent_work1sSonarQubeTestSonarQubeTest.sln” /o=C:tempReSharperResult.xml Error message highlight pattern: Warning message highlight pattern: ‘$’ is not recognized as an internal or external command, operable program or batch file. When I add environment varibale named ReSharper with path to resharper or changed “Tool” textbox value to C:ResharperInspectcode this step run as I expected – correctly. I thought that variable $(ReSharper) is created by USER CAPABILITIES in agent, but it isn’t? Could you explain me that? What I’m doing wrong? User capabilities are only for build Demands?