Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Read the rest of this page »

The Sonar team is proud to announce the release of Sonar 3.0.

The team has been working for the last 2 years on Sonar 2.x versions, adding support for Continuous Inspection to manage Technical Debt. With Sonar 2.14, we felt that we had reach functional maturity for this support and that adding stability would make it a great candidate for a major release: Sonar 3.0.

Along with the new version, SonarSource is also launching a new commercial plugin, the Developer Cockpit, which enables each developer to see his own contribution, and a new web site.

But let’s come back to the specifics of Sonar 3.0: this new version includes 40+ improvements and fixes 40 bugs, that are described below in screenshots:

Read the rest of this page »

Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Read the rest of this page »

I wrote a few weeks ago a post on what was accomplished on the platform last year. Today, even if the year is already well started, I am taking some time to discuss the plans for this year !

In 2011, a lot of efforts were invested for supporting Continuous Inspection. This year, we will continue to increase the value of the platform by bringing new and unique functionality, enforcing integration to development environment, consolidating support of existing languages and adding new ones.

Complete support of Continuous Inspection

The plan for this year is to complete what was started on Continuous Inspection last year and add the ability to:

• customize the workflow for reviews
• create a review at any place in the code
• change severity of a violation
• group reviews into an action plan
• track project activity through widgets
• get notified in case of new violations on a project
• improve accuracy for new violation detection mechanism

Most of this was completed already as it was part of Sonar 2.13 and 2.14

Developer Cockpit

Since developers have now the ability to understand and follow continuously the quality of their application, this is now time to provide them with a service that shows their own contribution to projects: the developer cockpit. The idea is that the developer will have access to a dashboard similar to the current one that will show only his data.

Global / Governance dashboards

The platform already allows to customize project dashboards but there is currently no way to create global dashboards to get for example in the same page :

• the list of projects with a technical debt that increased during the past 30 days
• my most valuable measures on my favorite projects
• the reviews that were created last across all projects
• the open reviews assigned to me
• the last quality default I introduced
• …

Code analysis technology

SonarSource is going to open source its source code analysis technology “SSLR” to make it available for all Sonar plugins. The objective is to make all languages plugins, whether open source or close source, better. SSLR will provide all standard and complex stacks to analyse code : lexer, preprocessor, parser, AST generation, symbols table, XPath requests on AST, control flow… The first language we are looking at improving then is going to be Javascript.

Code Churn metrics

When doing refactoring and fixing quality defects, it can be very valuable to know what has been the activity during the past months on the source files we’re working on. Indeed the ROI of the same kind of refactoring can be far more important on files which are often updated than on files that haven’t changed during the past two years. That’s another input to determine the priority of remediation activities.

Language coverage

On the language side, this year was prolific already with the contribution from the community of a python and a delphi plugin. But this is not it ! Two c++ plugins are under construction, one from the community and one from SonarSource. This is all good news for the ecosystem.

Additional effort is going to be made on the improvement of existing languages:

• Release of a version 1.0 of Flex plugin where any remaining dependency on Maven will be removed
• Ability to not use anymore Toad with the PL/SQL plugin (2 releases of te plugin already this year)
• increase drastically the number of rules in C (+ 30 already)
• release of a version 2.0 of the SAP ABAP plugin

Various

Here is a list of various improvements and functionality that will enhance the platform:

• Detection of cross-project duplications for all languages
• Support for authorization in the LDAP plugin
• Differential analysis in Eclipse
• Encryption in analysers of DB credentials
• This might be the year for Idea plugin

That is it, we are now waiting for you on the user mailing list to discuss all this and define the exact use cases that should be covered!

The Sonar team is proud to announce the release of Sonar 2.14. This new version includes 100+ improvements, bug-fixes and also new features that we believe are worth stopping your daily work for a couple of minutes to check out : extension of cross projects duplications for all languages, dashboard for reviews, notes on rules, new violations widget, enhanced file header, new treemaps and enhanced login. It is also to be noted that Sonar 2.14 enables LDAP 1.1 which provides support for external authorization.

Here are screenshots of what has changed in the user interface:

Read the rest of this page »

Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Read the rest of this page »

If you use Sonar already, I am sure that you know already the worse of all 7 developer’s deadly sins:

And if you don’t, I would assume you know about duplicated / cloned / similar code when you talk about quality of code and that you have heard of tools such PMD CPD or Simian.

But why does copy paste matters from a code quality point of view? How can you benefit from Sonar to improve this? Let’s try to figure this out.

Read the rest of this page »

The beginning of a new year always provides a good opportunity to look back at what was achieved the previous year and this is what I am going to do today for the Sonar platform.

Let’s start with a short version of this retrospective. Last year was made of:

• 8 releases of Sonar
• 110+ releases in the ecosystem
• 55,000 downloads of Sonar
• 10,000+ messages on mailing lists

So I suppose we can call this a pretty active year for the community. Now, the longer version:

The Plan

One year ago, we had the following ambitions :

Track changes : The next step is to provide the ability to report on code coverage of new source code. This is to ensure that whatever legacy code is there, teams have the ability to monitor the coverage by unit tests on added code if they wish.

Since Sonar 2.7 and with help of the SCM Activity plugin, this magic feature is available.

Code Review : This is really the next strategic move for the Sonar platform : add a manual dimension to the automated one to provide a complete code review tool.

This was a major change to accomodate into the platform and we therefore decided to adopt a baby step approach. The full functionality was delivered over 5 releases, from 2.8 to 2.12. Here is what the platform now covers:

• Review a violation
• Comment, assign, plan a review
• Flag false-positive violations through the UI
• Create manual violations through the UI
• Change the severity of a violation through the UI

Next step will be to provide the ability to customize the review workflow and its related permissions.

Language consolidation : Provide a Squid-like engine to the C# plugin to make it more robust

It took us 6 month with the great help of Alexandre Victoor to rewrite the C# plugin that embeds its own C# parser and natively supports visual studio projects.

Language consolidation : Improve the C parser to gain robustness, support non ANSI-85 extensions and increase significantly the number of rules available

We haven’t worked as much as we wanted on this C plugin and so the number of rules remains limited. That’s why we’ve already started working to implement the MISRA-C standard.

Language consolidation : Improve the PL/SQL plugin to provide currently missing metrics

A PL/SQL parser has been written to provide all those metrics and to start implementing some new rules outside the Toad CodeXpert tool.

Sonar Eclipse : Now that we have a stable version 1.0 of the plugin, we can start building on it. The objective for this year is to provide capability for running local analysis inside Eclipse

This local mode is now available but in fact the greatest new feature of Sonar Eclipse is certainly the integration of Mylyn to manage reviews directly from the IDE.

Support New Bootstrappers : We have started last year some background work to decouple Sonar from Maven. This work will enable us to support 2 new mechanisms for bootstrapping analysis in Sonar 2.6 : an ANT task and a Java runner. Next step is to also provide Gradle bootstrapper.

DONE, DONE, DONE, Sonar is now fully decoupled from Maven but if you want to use the power of Maven along with Sonar, it is of course still possible.

JaCoCo Integration : We intend to make 2 major integrations of JaCoCo into Sonar this year. The first one is to integrate it into Sonar core. The second one is to provide ANT integration of JaCoCo and therefore provide a simple way of gathering code coverage when you execute unit tests from ANT.

DONE & DONE.

Beyond the Plan

Obviously, we did not plan for all upcoming innovations for the year. Here are three major features of Sonar that weren’t planned and that have been implemented:

• Sonar CPD : this new technology introduced in Sonar 2.10 will fully replace PMD CPD in Sonar 2.14 and allows to track cross-projects duplications
• i18n : Since Sonar 2.10 the Sonar UI can be in spanish, french, greek…
• Email notifications : Since Sonar 2.10 a user can subscribe to some events to be notified by email. For instance when a review is assigned to him.

And this is also true in the ecosystem, here are two examples:

• a great effort made on the PHP plugin to resurrect it
• development of an extension for SAP ABAP

So after all this, what could be an exciting challenge for 2012 ? This is going to be the subject of my next post !

Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Read the rest of this page »

The Sonar team is proud to announce the release of Sonar 2.13. This new version includes 60 improvements, bug-fixes and also some new features that we believe are worth stopping your daily work for a couple of minutes to check out : ability to create manual reviews / violations anywhere in the code, ability to create action plans and an extended search engine.

Read the rest of this page »