Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Read the rest of this page »

By default, Sonar embarks two tools to calculate code coverage by unit tests on java projects : Cobertura and Clover. But last week, we also released plugins for two other coverage tools : Emma and JaCoCo. Both plugins are available in the Sonar Plugin Library. So I thought it would be a good time to compare all of them and share the results with the community.

Read the rest of this page »

Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Read the rest of this page »

The Sonar team is proud to announce the release of Sonar 2.2. As usual, this new release includes numerous improvements, bug-fixes and also brand new features that we believe are worth stopping your daily work for a few minutes to review. Those features can be divided into three categories :

• Favourites resources
• Filters homepage
• Plugin classloaders

Read the rest of this page »

Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Read the rest of this page »

It has now been more than ten years since Kent Beck and Martin Fowler started to talk about Continuous Integration. At that time, it was hard to believe this practice would have such an impact on our daily work and would be so much adopted in the world of software development. Today, we at SonarSource but also in many places, can simply not imagine to go back and work without Continuous Integration.

Here is what can be read about Continuous Integration on Wikipedia :
Continuous integration aims to improve the quality of software, and to reduce the time taken to deliver it, by replacing the traditional practice of applying quality control after completing all development.

The ultimate goal of Continuous is to be able to fire any type of release at any time with minimal risk whether it is a Milestone, Release Candidate or GA : quality requirements become a must-have and no more a nice-to-have. Let’s review which requirements are correctly covered by continuous integration environments today :

• Anybody must be able to build the project from any place and at anytime.
• Every Unit Tests must be executed during the Continuous Integration build.
• Every Unit Tests must pass during the Continuous Integration build.
• The output of the Continuous Integration build is a package ready to ship.
• When one of the above requirement is violated nothing is more important for the team than fixing it.

This is a really a good starting point but does not sound sufficient to talk about total quality . What’s about those other source code quality requirements ?

• Any new code should come with corresponding unit tests (regardless of previous state in code coverage).
• New methods must not have a complexity higher than a defined threshold.
• No cycle between packages must be added.
• No duplication blocks must be added.
• No violation to coding standard must be added.
• No call to deprecated methods should be added.
• …

More generally, those requirements are about keeping overall technical debt under control and only let it increase consciously (see the Technical Debt Quadrant) : this is the concept of Continuous Inspection. This concept seems to have appeared around five years ago (see this IBM Article) and has been recently described and defined (see DZone Refcards 87 about Continuous Integration and Continuous Inspection, see book “Continuous Integration : Improving Software Quality and Reducing Risk” ) but is still an emerging concept as was Continuous Integration ten years ago.

Continuous Inspection requires a tool to automate data collection, to report on measures and to highlight hot spots and defects. Sonar is currently the leading “all-in-one” Continuous Inspection engine. A Continuous Inspection engine can be seen as an Information Radiator dedicated to make the source code quality information available at anytime to every stakeholder. Transparency is certainly one of the main reason why Open Source Software is most of the time of better quality than Close Source Software. A developer writing a new piece of code should always think about the next person/team who will maintain it : Continuous Inspection helps to never forget this golden rule.

But of course, Continuous Inspection only comes after Continuous Integration is solidly implemented : this is the next maturity level and this maturity level can be implemented with Sonar.

The Sonar Team is very proud to announce the availability of the first version of the Sonar Eclipse plugin. This plugin is part of the Sonar IDE Project. This first version comes just few a weeks after the release of the Sonar IntelliJ IDEA plugin. The project has 2 active contributors : Jérémie and myself.

The work has been greatly facilitated by the good feedback we received from the Sonar community on the release candidate version. It is going to be followed by new ones in the upcoming weeks/months (see My proposal for GSoC (Google Summer of Code) 2010).

This version 0.1 only displays violations. Duplicated blocks, code coverage and commented out lines of code will be added later. As for the Sonar IntelliJ IDEA plugin, source code is decorated on the fly with information provided by the Sonar web server.

As usual for releases, let’s go through screenshots to discover this new functionality and how it can be used in your daily work to track violations. Enjoy !

Read the rest of this page »

Welcome to the roundup of blog posts and pages that mentioned Sonar last month…

Read the rest of this page »

Up to version 2.1, Sonar was relying only on external coding rules engines such as Checkstyle, PMD and Findbugs to report violations on Java applications. But since version 2.1, Sonar also provides its own rules engine to work on Java dependencies. This rules engine is based on Squid and three rules are currently available :

Read the rest of this page »

As usual this new release includes numerous improvements, bug-fixes and also brand new features that we believe are worth stopping your daily work for a few minutes to review. Those features can be divided into two categories :

• Libraries cartography : what project is using which library and how ?
• Powerful Squid rules to detect dead methods and calls to deprecated methods

Read the rest of this page »