Adding Sonarqube configuration in gradle
1. Add sonarqube plugin to for project level Gradle file (i.e. build.gradle of root folder) of your project.
dependencies {
classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6.2"
}
2. Add sonarqube plugin to for app module Gradle file of your project.
apply plugin: 'org.sonarqube'
apply from: '../sonarqube.gradle'
3. By adding sonar configuration to separate Gradle file ‘sonarqube.gradle’
// recommend specifying the flavor once and dynamically adapt paths to it
def flavor = "Project flavor"
sonarqube {
properties {
def libraries = project.android.sdkDirectory.getPath() + "/platforms/android-22/android.jar"
property "sonar.host.url", "http://localhost:9000"
property "sonar.projectKey", "package of Android app"
property "sonar.projectName", "Name of project"
property "sonar.projectVersion", “Project version”
property "sonar.sourceEncoding", "UTF-8"
// first defines where the java files are, the second where the xml files are
property "sonar.sources", "src/main/java,src/main/res"
property "sonar.binaries", "build/intermediates/classes/${flavor}/debug"
property "sonar.libraries", libraries
}
}
sonar.projectKey - Contain any unique key name (i.e. Package name of Android App) for your project. It should be different for every project you are analyzing with Sonarqube.
sonar.sources - Contain the path of java files and xml layout files.
sonar.exclusions - Used to exclude directory/files from being analyzed by Sonarqube.
4. After building or syncing project, open Command Prompt and navigate to app module directory of your project where your Gradle file is located. Execute gradle sonarqube and wait until the build is completed.
5. Refresh or open localhost:9000 web page on the browser. You will see your project added.
Understanding Sonarqube analysis
At the top right of the web page, you will see a login option. You can log in as an administrator by using both username and password as admin.
On Home page you will see the count for the number of projects being added to sonarqube and number of bugs, Vulnerabilities and Code Smells.
Bugs
Bugs track code that is demonstrably wrong or highly likely to yield unexpected behavior.
Vulnerabilities
Vulnerabilities are raised on code that is potentially vulnerable to exploitation by hackers.
Code Smells
Code Smells will confuse maintainers or give them pause. They are measured primarily in terms of the time they will take to fix.
When you will navigate to Projects tab you will see projects being rated from A to E on the basis of Reliability, Security and Maintainability where A being best and E being the worst. Also, you will see the percentage of duplications in the code and the size of the code in terms of a number of lines of code.
Quality Gate
Quality Gate is the set of conditions the project must meet before it can be released into production. You can see whether your project is passed or failed in terms of Quality Gate.
Rules
Sonar has a set of rules to validate source code standard of the Android application. When you will navigate to Rules tab, you will see the list of rules on the basis of which inspection is done. In the left panel, you can apply various filters to list rules on the basis of language, type, tags etc.
In the Installed section you will see plugins which are already installed. In Updates Only section you will see updates for various installed plugins.
