Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 44 Next »

Live example


If you want to see a live example of the capabilities of the Web plugin, you can have a look at the analysis of the Shopizer project on Nemo.

Description / Features

The plugin provides static code analysis of web files within Sonar. Currently JSP and JSF are supported. Some initial support is provided for Ruby templating (erb files). 

The following metrics are supported:

  • sizing (files, lines of code)
  • rules compliancy
  • complexity
  • duplication
  • comments

The plugin scans the following files by default: .xhtml, .jspf, .jsp. The file extensions are configurable. 

The plugin imports the source code in Sonar, calculates measurements and scans the code for violations, duplications and complexity. The checks are configurable in the Sonar rules repository. 


  1. Install the Web plugin through the Update Center or download it into the SONAR_HOME/extensions/plugins directory
  2. Restart the Sonar server


You can analyze your project with the different analyzers

Sonar Runner

A list of sample projects is available on github that can be browsed or downloaded:

  1. Web project analyzed with the Sonar Runner: /projects/languages/web/web-sonar-runner.


Create a maven pom for your project. Set the following properties:

  • sonar.language: web
  • sonar.web.sourceDirectory: [folder of the web files]
  • sonar.dynamicAnalysis: false

Sample pom file:

Quick analysis
For an existing maven project, you might start an analysis by the following command:

You may set the property sonar.branch to make sure the web analysis will be reported in sonar under another project name, e.g. -Dsonar.branch=Web.


Create a build.xml for your project. In the sample below has two tasks for jsp(key:gNumber-JSP) and java(Key:Gnumber-Java) .

Sample build.xml (complete file)

Quick analysis
Run the following commands in the same folder from buld.xml:


The following properties of the plugin are configurable:


default value







Rules & Metrics


There are about 20 checks in the library. Please read the documentation of the checks on the page Web Rules Library.

The ruleset is inspired on the following standards and guidelines:

A complete explanation of the available checks is given here .

Complexity of the web page is measured by counting the decision tags (such as if and forEach) and boolean operators in expressions ("&&" and "||"), plus one for the body of the document. It is a measure of the minimum number possible paths to render the page.

The decision tags and the operators are configurable. For details see rules library

Duplication is counted by comparing tokens. Duplication is reported if more than a minimum amount of tokens are replicated (in the same file or another file). The default minimum tokens is set to 70.

Comments are counted by adding the lines for server side and client side comments.

Plugin Architecture

The plugin uses a simple tokenizer to parse the web pages. The tokenizer is based on the sonar-channel library. The output of the tokenizer is analyzed by a set of analyzers and checks. Expressions written in the Unified Expression Language (EL) are validated with JBoss EL.

No further external tools or maven plugins are being used for analyzing the code.

Change Log


Release 1.2 (13 issues)



Release 1.1 (6 issues)



Release 1.0.2 (1 issues)

T Key Summary P Status Resolution
Bug SONARPLUGINS-857 XMLProfileParser shouldn't be instantiated by plugin Major Closed Fixed



Release 1.0.1 (1 issues)



Release 1.0 (21 issues)

Showing 20 out of 21 issues Refresh



Release 0.1 (5 issues)

Roadmap Ideas

  • Run analysis directly from maven (without sonar)
  • More support for WCAG, webrichtlijnen
  • Enhanced validation of unified expressions (using JSFUnit?)
  • Dependency analysis
  • No labels