Manage plugins
The plugin mechanism
Sonar has been designed to be extensible. Since we believe in the "eat your own food' philosophy, Sonar is a suite of plugins that uses the extension mechanism.
In order to configure those plugins, sign in, go to configuration at the top right of the page and go to the setting menu.
The plugin listed above come with Sonar. Each tab in this page (Checkstyle, Clover...) corresponds to the configuration of a plugin.
If you are interested to build a Sonar plugin, you will find more information in the Coding a plugin section.
Core plugin
The core plugin is used to run the other plugins and to handle some general properties.
It is possible to configure some parameters in the core plugin
Code coverage plugin
This parameter allows to choose the Code coverage plugins to be used.
Import sources
This will determine whether the sources can be browsed within Sonar or not.
Rules Weight
This is the weight that is given to each priority in order to calculate the RCI.
Tendency depth
Tendency depth is the number of days on which to retrieve measures to calculate Tendencies. Default value is 30 days.
Security parameters
The last three parameters are used to configure security in the Sonar instance.
Squid plugin
Squid is a plugin that gathers all standard metrics number of classes, number of comments, cyclomatic complexity...). Originally, Sonar was using JavaNCSS, but they were too many limitations.
Squid keeps by default methods and accessors (beans getters and setters) separated. This behavior is configurable.
Surefire plugin
The sonar-plugin-surefire handles the maven-surefire-plugin.
 | In case the maven-surefire-plugin is defined in the pom.xml of your project, Sonar will use the version defined in the pom and can potentially not function properly |
There is no possible configuration of this plugin.
Coding rules plugins
Sonar embeds 3 java coding rules engines by default.
Checkstyle
There is no possible configuration of this plugin.
PMD
There is no possible configuration of this plugin.
Findbugs
It is possible to configure the effort of the bug finders along with a timeout when running Findbugs.
Warning : Findbugs analyzes compiled code and not java sources. See Sonar light mode description to know how to use Findbugs with this Sonar light mode.
CPD
By default the java code coverage engine is Cobertura but out-of-the-box the Jacoco engine can also be used.
Cobertura
The Sonar Cobertura plugin is based on the cobertura-maven-plugin and so can only be used to compute code coverage information on Maven projects.
This plugin has only one parameter to define the maximum amount of memory used by the java process in charge to extract all code coverage information from the Cobertura report : 
| In case the cobertura-maven-plugin is defined in the pom.xml of your project, Sonar will use the version defined in the pom and can potentially not function properly |
Jacoco
JaCoCo is an Open Source and robust java code coverage tool, developed by the authors of EclEmma. To use by default this code coverage engine, the property "sonar.core.codeCoveragePlugin" must have the value "jacoco".
| The Sonar Jacoco plugin is part of the Sonar distribution only since Sonar 2.12. Prior to version 2.12, it was mandatory to explicitly install this plugin. |
Use Jacoco with Ant projects
Some additional configuration is required with Ant projects.
The Ant build.xml file must contain a dedicated target to launch either junit or testng unit tests. Let's take the following example with the target "test":
| The nested task always has to declare fork="true", otherwise JaCoCo agent can't be attached. In addition task should declare forkmode="once" to avoid starting a new JVM for every single test case and decreasing execution performance dramatically (unless this is required by the nature of the test cases). |
Then, in this example, the value of the parameter "sonar.jacoco.antTargets" must be set to "test". During Sonar analysis, the Sonar Jacoco plugin will take care to attach the Jacoco agent to the JVM and to launch the unit tests.
| Only specified targets would be executed. So for instance, if "test" target depends on a "compile" target, Jacoco plugin will only execute "test" target without executing first the "compile" target. In such case, a solution can be to update the "sonar" target in order declare a dependency on the "compile" target. |
Code coverage by Integration tests
The Sonar jacoco engine allows to feed Sonar with code coverage by integration tests.
To do this :
- Integration testing should be done with JaCoCo agent before execution of Sonar
- The "sonar.jacoco.itReportPath" property must be used when launching the Sonar analysis to define the path to the jacoco report generating by step 1
Additional links
- Comparison of Emma, Clover, Cobertura and JaCoCo
- Measure Code Coverage by Integration Tests with Sonar and JaCoCo
Known limitations
- Some libraries complain on classes, which were instrumented by JaCoCo, so exclusions must be set :
- Javassist (e.g. when Hibernate used) - "javassist"
- Drools - "org.drools.*"
- Exact number of line hits not available, because JaCoCo reports only status of line (no code, not covered, partly covered, fully covered) - see JaCoCo Coverage Counters.
Google analytics plugin
Since Sonar 1.5, it is possible to activate a Google Analytics plugin in Sonar in order to monitor what people are exploring in Sonar.
To activate the plugin, enter your account key.
|
Since 2.12, this functionality has been removed from Sonar and now requires to download a plugin |
Install a new plugin
A plugin is packaged as a JAR. Just copy the file to the directory /extensions/plugins/ and restart the server. Note that Sonar does not manage plugin versionning. Only one version of a plugin can be registered at runtime.
| When Sonar is deployed on an application server, the WAR file must be built each time new plugins are installed. |
External tools
Sonar relies on the following tools. Version in italic can be overridden in pom.xml. Version in braces is for the underlying library, for example the PMD Maven Plugin 2.4 depends upon PMD 4.2.2.
Sonar | 2.13 | 2.12 | 2.8, 2.9, 2.10, 2.11 | 2.5, 2.6, 2.7 | 2.4 | 2.2, 2.3 | 2.0, 2.1 | 1.10, 1.11, 1.12 |
|---|---|---|---|---|---|---|---|---|
Maven | 2.0, 2.1, 2.2 and 3.0 | 2.0, 2.1, 2.2 and 3.0 | 2.0, 2.1, 2.2 and 3.0 | 2.0, 2.1, 2.2 and 3.0 | 2.0, 2.1, 2.2 and 3.0 | 2.0, 2.1 and 2.2 | 2.0, 2.1 and 2.2 | 2.0, 2.1 and 2.2 |
PMD | 4.3 | 4.2.5.2 | 4.2.5 | 4.2.5 | 4.2.5 | 4.2.5 | 4.2.2 (maven plugin 2.4) | 4.2.2 (maven plugin 2.4) |
Checkstyle | 5.5 | 5.1.2 | 5.1 | 5.1 | 5.1 | 5.1 | 5.0 (maven plugin 2.4) | 4.4 (maven plugin 2.2) |
Findbugs | 1.3.9 | 1.3.9 | 1.3.9 | 1.3.9 | 1.3.9 | 1.3.9 (maven plugin 2.3.1) | 1.3.9 (maven plugin 2.3.1) | 1.3.8 (maven plugin 2.0.1) |
Cobertura | 1.9.4.1 (maven plugin 2.5.1) | 1.9.4.1 (maven plugin 2.5.1) | 1.9.4.1 (maven plugin 2.5) | 1.9.4.1 (maven plugin 2.4) | 1.9.4.1 (maven plugin 2.4) | 1.9.4.1 (maven plugin 2.4) | 1.9.2 (maven plugin 2.3) | 1.9.2 (maven plugin 2.3) |
Clover 1.x |
|  |
|
|
|
| 1.3.13 (maven plugin 2.4) | 1.3.13 (maven plugin 2.4) |
Clover 2.x |
| |
|
| 2.6.3 | 2.6.3 | 2.5.1 | 2.5.1 |
Clover 3.x |
| |
|
| 3.x | 3.x |
|
|
