Welcome to SonarQube in Action. This book is aimed at turning all the tedious and sometimes hard-to-understand stuff about source code quality and software metrics into an exciting experience. It aims to become the Holy Bible of software quality: a reference for every development team that wishes to improve their source code. You’ll see that metrics are meaningful and affect several aspects of your software’s health. In this journey, SonarQube will be our pilot. SonarQube is an open source platform for continuously measuring, managing, tracking, and improving source code’s quality.
We begin each chapter of the book by describing a real problem/situation, and then we talk about the features of SonarQube and the relevant metrics that help you address and eventually solve that problem. We elaborate by providing some theoretical background, we discuss best practices (if any), and we end each chapter by talking about relevant—to the chapter’s topic—SonarQube plugins and how you can take advantage of them.
Now it’s time to list in detail the book’s content.
Part 1 gives you an overview of SonarQube, explains the seven axes of quality (like the seven deadly sins of software development), and sets the stage for the following parts. We introduce SonarQube’s key features and benefits and discuss the core metrics that SonarQube calculates.
Part 2 discusses how you can get the best out of SonarQube, where it fits in any development lifecycle, and how to make it part of your everyday work life. It also introduces the concept of Continuous Inspection, which is the ultimate target when talking about software quality.
Part 3 covers several administrative topics and gives you ideas about customizing and tuning SonarQube to make it suitable for any kind of project. In an enterprise environment with a SonarQube installation that hosts several projects, it’s a good idea to adjust many of SonarQube’s predifined settings to fit your needs. This part of the book also teaches you step by step how to extend SonarQube by writing a custom plugin.
The book also has two appendixes that will help you with the basics, especially if you’re a SonarQube newbie:
One last thing—don’t expect to find correct code in this book. Chapter 16 is the only exception to that rule, because it deals with writing plugins. Most of the examples intentionally illustrate bad habits in coding, and their purpose is to point out what you should avoid. Nevertheless, in some cases we’ve included a refactored version to show you that by using SonarQube, you can begin to understand these nasty metrics and dramatically improve the quality of your code.
Each person has their own reading style, and we can’t force you to change it for this book. But we can still give you a couple of ideas on how to get the most out of this book.
Every chapter is organized in such a way that you can read it separately from the rest. We do suggest that you read chapter 1, especially if you’re not an experienced SonarQube user, because it’s an overview of SonarQube and introduces some basic ideas you may need when reading the rest of the book.
If you decide to read the book sequentially, you’ll find that each chapter is connected to the previous one, and the chapters flow smoothly, without gaps. But again, you can skip any chapter and come back later if you want to.
We did our best to ensure that this book will become a reference for you whenever you need to learn or remember anything about SonarQube or its computed metrics.
Believe it or not, source code quality is a topic that targets almost everyone who participates in a software project. Although we provide several code examples, you don’t need to be a code expert to read this book. You also don’t need to be familiar with Java, because the code listings and snippets are so simple that anyone with basic programming skills can understand them. Besides, don’t forget that most of the examples in the book show you poor or bad code, to illustrate techniques and habits you should avoid. We do expect that you have some basic knowledge about software quality metrics.
The book is aimed at the following professionals:
All the source code in the book, whether in code listings or snippets, is in a fixed-width font like this, which sets it off from the surrounding text. In most listings, the code is annotated to point out the key concepts, and numbered bullets are sometimes used in the text to provide additional information about the code. We have tried to format the code so that it fits within the available page space in the book by adding line breaks and using indentation carefully.
Source code for all the examples and the plugin from chapter 16 are available at www.manning.com/SonarQubeinAction. If you want to get the most updated source code for the plugin—remember, it’s a real one, so the latest version is likely to be different from the code shipped with the book—it’s available at the following GitHub link: https://github.com/ppapapetrou76/sonar-redmine-plugin.
This book should not be considered a user or administration guide for SonarQube. If you just want to learn how to use SonarQube, the online documentation at http://docs.codehaus.org/x/EoDEBg should be sufficient.
This book also doesn’t explain the underlying tools with which SonarQube integrates, such as PMD, FindBugs, Checkstyle, and so on. You’re encouraged to visit the corresponding websites to learn more about their purpose.
In some chapters, we include tips and best practices for refactoring as well as some introductory material. But this book doesn’t teach you how to refactor your code.
The purchase of SonarQube in Action includes free access to a private web forum run by Manning Publications, where you can make comments about the book, ask technical questions, and receive help from the authors and from other users. To access the forum and subscribe to it, point your web browser to www.manning.com/SonarQubeinAction. This page provides information on how to get on the forum once you are registered, what kind of help is available, and the rules of conduct on the forum.
Manning’s commitment to our readers is to provide a venue where a meaningful dialogue between individual readers and between readers and the authors can take place. It is not a commitment to any specific amount of participation on the part of the authors whose contribution to the forum remains voluntary (and unpaid). We suggest you try asking the authors some challenging questions lest their interest stray!
The Author Online forum and the archives of previous discussions will be accessible from the publisher’s website as long as the book is in print.
G. ANN CAMPBELL has 15 years of experience in Perl, C, C++, Java, and web technologies on variously sized and organized teams, and she has spent far too much time achieving code quality the hard way without SonarQube.
PATROKLOS P. PAPAPETROU is a Java architect, an experienced software developer, and an Agile team leader. He’s an active SonarQube community member and contributor.