|Latest version||12.13 ( 22 December 2012 26 june 2014 )|
|Requires Sonar SonarQube version||34.42 or higher ( check version compatibility )|
|License||GNU LGPL 3|
Analysing a Java project without providing the Java bytecode of the source files and of all the project dependencies (jar files) is possible but will lead to highly decrease the number of issues found by the analyzer (false-negatives). Moreover the detection of cycles between packages and the display of the DSM will be automatically deactivated. As soon as a class required to efficiently do an analysis is missing a warning like the following one is logged :
[WARN] [08:40:21.769] Class 'XXXXXX' is not accessible through the ClassLoader.
Description / Features
The Java Ecosystem is a set of Sonar plugins used to monitor the quality of Java projects within SonarSonarQube.
The Java Ecosystem is a set of plugins:
- Mandatory plugins:
- Java [sonar-java-plugin]: to parse Java code source, compute metrics, etc.
- Squid [sonar-squid-java-plugin]: to compute additional metrics, check code against rules provided by the Sonar engine
- Optional plugins adding features from external tools:
- Checkstyle [sonar-checkstyle-plugin]: to check code against rules provided by Checkstyle
- FindBugs [sonar-findbugs-plugin]: to check code against rules provided by FindBugs
- PMD [sonar-pmd-plugin]: to check code against rules provided by PMD
- Surefire [sonar-surefire-plugin]: to execute unit tests with Surefire
- Cobertura [sonar-cobertura-plugin]: to get code coverage with Cobertura
- JaCoCo [sonar-jacoco-plugin]: to get code coverage with JaCoCo
Note that by On top of the coding rules provided by the SonarQube engine, you can activate rules from Checkstyle, FindBugs, PMD, Clirr, and fb-contrib. However, we highly recommend that you limit your Quality Profiles to from the SonarQube engine because we believe they are faster, more accurate (fewer false positives and false negatives), and more usable (they have better descriptions, etc). Read this blog post for more details.
If your Quality Profile contains rules from the SonarQube engine or FindBugs rules, then byte code will be required by the analysis. This Java Ecosystem is able to analyse any kind of java source files whatever is the version of Java they comply to.
By default the Java Ecosystem is provided with SonarSonarQube.You You can update it from the Update Center (since Sonar 3.5) or or download the latest release from this page header. Don't forget to check the upgrade notes.
To launch a Sonar run an analysis of your Java project, it is recommended to you can use the following analyzers:
- Maven for Maven projects
- Ant for Ant projects
- Sonar Runner otherwiseSonarQube Runner: recommended for all non-Maven projects
- Maven: recommended for all projects built with Maven
- SonarQube Ant Task: to integrate with projects built with Ant
- Gradle: to integrate with projects built with Gradle
Note that you must provide both source code and compiled byte code if the Quality Profile in use contains either SonarQube-native rules, or FindBugs rules.
Tests and Code Coverage
The default code coverage engine for unit tests can be set in Settings > Configuration > General Settings > Java > Code coverage plugin property.
Unit Tests and Code Coverage Reports
To deal with unit tests and code coverage for Java project in Sonar, see Code Coverage by Unit Tests for Java Project tutorial.
To deal with integration tests and code coverage for Java project in Sonar, see Code Coverage by Integration Tests for Java Project tutorial.
Documentation on advanced parameters is available on the Analysis Parameters page.
Advanced parameters specific to Java are:
Deactivate Java bytecode analysis. The Java bytecode is analyzed by Sonar in order to extract dependencies between packages and files. These dependencies are used for instance to display the DSM (Dependency System Matrix). This bytecode analysis can be deactivated.
Java version of the source code. This property is not used by the Sonar core but can be used by Java Sonar plugin like the PMD plugin.
See Java Ecosystem FAQ.
To Go Further
- Java Ecosystem FAQ
- Metric definitions
- Additional plugins are available:
- Extending Coding Rules
New coding rules can be added using XPath. See the related documentation.
- . To navigate the AST, download the SSLR Java Toolkit.
It is no longer possible to let SonarQube drive the execution of the unit tests. You now have to generate the JUnit and code coverage (JaCoCo or Cobertura or Clover) reports prior to the SonarQube analysis and then feed SonarQube with those reports.
All the valuable rules from PMD and Checkstyle were rewritten based on our own SSLR technology. These rules are now available in the SonarQube repository. Deprecated rules from PMD and Checkstyle are flagged as so and their replacement is stated in the rule description:
sonar.surefire.reportsPathhas been removed and replaced by