Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
{iframe:src=http://update.sonarsource.org/plugins/java-confluence.html|width=700|height=550|frameborder=0}
Your browser does not support iframes.
{iframe}

 

 

Warning
titleUpgrade to 2.4

You CANNOT upgrade automatically to 2.4

Version 2.4 moves Java from being an "ecosystem" of multiple plugins to a single, stand-alone plugin that encompasses most of the functionality formerly contained in the ecosystem. Specifically, 

  • Squid, Surefire and Jacoco have been rolled into the Java plugin.
  • FindBugs has been split off into an independent, optional plugin. To continue using it, upgrade it to version 2.4.

Unfortunately, SonarQube's update center cannot handle the switch gracefully. You may use the update center to download the new version of the plugin. However, you must manually remove the Surefire, JaCoCo, and Squid for Java plugins from$SONARQUBE_HOME/extensions/plugins.

 

 

Tip
titleLive example

If you want to see a live example of the capabilities of the Java Ecosystem, you can have a look at SonarQube on SonarQube.

Description / Features

The Java Ecosystem plugin is a set of plugins used to monitor the quality of Java projects within SonarQube.

It is compatible with the SonarQube Eclipse plugin to track issues while coding. It is also compatible with the Issues Report plugin to run pre-commit local analysis.

Installation

The Java Ecosystem is a set of plugins:

  • Java [sonar-java-plugin]: to parse Java code source, compute metrics, etc.
  • Squid [sonar-squid-java-plugin]: to compute additional metrics, check code against rules provided by the SonarQube engine
  • Checkstyle [sonar-checkstyle-plugin]: to check code against rules provided by Checkstyle
  • FindBugs [sonar-findbugs-plugin]: to check code against rules provided by FindBugs
  • PMD [sonar-pmd-plugin]: to check code against rules provided by PMD
  • Surefire [sonar-surefire-plugin]: to execute unit tests with Surefire
  • Cobertura [sonar-cobertura-plugin]: to get code coverage with Cobertura
  • JaCoCo [sonar-jacoco-plugin]: to get code coverage with JaCoCo

Note that by default the Java Ecosystem is provided with SonarQube. You With additional plugins, you can activate rules from CheckstyleFindBugsPMDClirr, and fb-contrib. However, we highly recommend that you limit your Quality Profiles to from the SonarQube engine because we believe they are faster, more accurate (fewer false positives and false negatives), and more usable (they have better descriptions, etc). Read this blog post for more details.

If your Quality Profile contains rules from the SonarQube engine or FindBugs rules, then byte code will be required by the analysis. This Java Ecosystem is able to analyse any kind of java source files whatever is the version of Java they comply to.

Installation

By default the Java plugin is provided with SonarQube. You can update it from the Update Center (since SonarQube 3.5) or  or download the latest release from this page header.

Once the Java Ecosystem is installed, other plugins are available for download: Emma, Clover, etc.

Usage

Don't forget to check the upgrade notes.

Usage

Warning
titleJava bytecode is required

Analysing a Java project without providing the Java bytecode of the source files and of all the project dependencies (jar files) is possible but will lead to highly decrease the number of issues found by the analyzer (false-negatives). Moreover the detection of cycles between packages and the display of the DSM will be automatically deactivated. As soon as a class required to efficiently do an analysis is missing a warning like the following one is logged :

[WARN] [08:40:21.769] Class 'XXXXXX' is not accessible through the ClassLoader.

Run a SonarQube Analysis

To run an analysis of your Java project, you can use the following analyzers:

Note that you must provide both source code and compiled byte code if the Quality Profile in use contains either SonarQube-native rules, or FindBugs rules.

Sample projects for each analyzer are available on GitHub that can be browsed or downloaded: /projects/languages/java

Notes:

Note
titleFor versions prior to 2.1
  • The source directory must be set to the directory containing the top parent package.

...

  •  For example, if your directory structure

...

  • is src/main/java/com/mycompany/...

...

  • , the source directory must be set

...

  • to src/main/java

...

  • .
  • The source directory tree

...

  • must match the package declaration.

...

  •  For example, the following class:

    Code Block
    titleMyClass.java
    linenumberstrue
    languagejava
    package com.mycompany.mypackage;
    ...

    must be located in the following directory: [mySourceDirectory]/com/mycompany/mypackage/MyClass.java.

...

  •  Otherwise you would get

...

  • an error like below while running your analysis

...

  • Code Block
    titleLog
    languagenone
    Exception in thread "main" org.sonar.batch.bootstrapper.BootstrapException: org.sonar.squid.api.AnalysisException: Got an exception - org.sonar.squid.api.AnalysisException: The source directory does not correspond to the package declaration com.mycompany.mypackage, file : ..\src\MyClass.java
    ...

Unit Tests and Code Coverage

...

The default code coverage engine for unit tests can be set in Settings > General Settings > Java > Code coverage plugin property.

By default the code coverage engine is JaCoCo but CoberturaEmma or Clover can also be used.

Reports

To deal with unit tests and code coverage, see Code Coverage by Unit Tests for Java Project tutorial.

To deal with integration tests and code coverage, see Code Coverage by Integration Tests for Java Project tutorial.

To Go Further

Change Log

JIRA Issues
anonymoustrue
titleVersion 1.3
renderModestatic
width900
columnstype;key;summary;priority
urlhttp://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor=19056&pid=12830&sorter/field=priority&sorter/order=DESC&tempMax=1000

 

JIRA Issues
anonymoustrue
titleVersion 1.2
renderModestatic
width900
columnstype;key;summary;priority
urlhttp://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor=18956&pid=12830&sorter/field=priority&sorter/order=DESC&tempMax=1000

 

...

Upgrade Notes

Version 2.4

  • Version 2.4 moves Java from being an "ecosystem" of multiple plugins to a single, stand-along plugin that encompasses most of the functionality formerly contained in the ecosystem. Unfortunately, SonarQube's update center cannot handle the switch gracefully. You may use the update center to download the new version of the plugin. However, you must manually remove the Surefire, JaCoCo, and Squid for Java plugins from $SONARQUBE_HOME/extensions/plugins.
  • FindBugs has been split off into an independent, optional plugin. To continue using it, upgrade to version 2.4.

Version 2.2

It is no longer possible to let SonarQube drive the execution of the unit tests. You now have to generate the JUnit and code coverage (JaCoCo or Cobertura or Clover) reports prior to the SonarQube analysis and then feed SonarQube with those reports.

Version 2.0

This version no longer includes the Checkstyle and PMD plugins. Therefore, you should install those two plugins if you're still using some of their rules.

All the valuable rules from PMD and Checkstyle were rewritten based on our own SSLR technology. These rules are now available in the SonarQube repository. Deprecated rules from PMD and Checkstyle are flagged as so and their replacement is stated in the rule description:

Image Added

See http://www.sonarqube.org/already-158-checkstyle-and-pmd-rules-deprecated-by-sonarqube-java-rules/ for more details.

Version 1.5

  • Property sonar.surefire.reportsPath has been removed and replaced by sonar.junit.reportsPath.