The hunting toolbox in Sonar

Did we ever mention why, two years ago, we chose Sonar as a name for the open source platform to manage quality we wanted to build ? It was obviously to make an analogy with a sonar that is an acronym for SOund Navigation And Ranging ! Sonar sounds the sea of your projects to identify flaws and evaluate part of your technical debt. To do so it offers 3 main functionality :

  • Quality profiles Manager
  • Project and portfolio dashboards
  • TimeMachine

The first one sets the base to tune your Sonar, the next two are being used to quickly see where projects stand and how they evolve in time according to the following axes :

Read the rest of this page »

Using quality profiles in Sonar

Last month, Sonar 1.6 was released. The main feature of the new version is the ability to manage quality profiles. The purpose of this post is to explain what gap the functionality fills, to define what is a quality profile and to explain how to use it.
Prior to Sonar 1.6, it was only possible to run analysis with one set of defined coding rules per instance of Sonar. It means that within an instance of Sonar, it was not possible to process differently various types of projects (legacy application, technical libraries, new projects, …). They were all analyzed with the same set of rules. Therefore there was sometimes unnecessary noise around the quality data that made it difficult to see quickly what real action was required. Sonar 1.6 turns off this noise by allowing to define and simultaneously use several quality profiles.

Read the rest of this page »

Maven Site, Sonar or both of them ?

As we get more and more questions about possible overlaps between Sonar and Maven Site, I think it is time to explain the clear vision we have on this important subject. Let me start by answering three questions :

  • What is the Maven Site made for ?
    Provide a static portal to publish documentation on projects. By the way, this portal is used by many Open Source projects as their main web site (for instance Commons Collections or Cargo).

  • What is Sonar made for ?
    Provide an enterprise OSS capable of handling, managing and reporting all data related to source code quality

  • What are the possible overlaps?

    All the quality reports available in the Maven Site under “Project Documentation -> Project Reports”, such as CPD Report, PMD Report, Cobertura Tests Coverage, …

Read the rest of this page »

Balsamiq Mockups to design the future of Sonar

I have spent roughly 10 years in software development, continuously aiming to improve team collaboration. Two months ago, I was convinced that we had a complete set of very good tools for Sonar development, and that even if they were not the bests, switching would not make a big enough difference to be worth it. In other words, I could not possibly imagine that we might adopt instantaneously a $75 product, wondering two days later how it was possible to not have it before.

The miracle product is called Balsamiq Mockups. That’s a pretty simple Flash application, with a minimalist user interface, allowing to draw almost any kind of graphical interfaces in minutes just like if you have a pencil in hand. I know what you think : PowerPoint or OpenOffice Presentation are good enough to design mockups. I thought so too… Give a try to Balsamiq and I bet you’ll fell in love in less than 5 minutes.

Read the rest of this page »

Managing cyclomatic complexity to increase maintainability

In a previous post on Cyclomatic Complexity (CC), I discussed two ideas:

  • Total CC only means lots of logic has been implemented, it is not a qualitative measure
  • On the contrary, average CC per method and per class are example of qualitative measures that can be derived from CC metric. For instance, high average CC by class could mean bad level of cohesion. Lack of cohesion means that a class is performing several unrelated tasks.

and I concluded that in terms of quality, what matters is not the total cyclomatic complexity of a program but a moderated and well distributed level of CC for each components (packages, classes, methods), i.e. breaking the problem down into manageable components. When those components are not small enough, maintainability decreases.

Today, I am going to explain how to use Sonar in order to identify risky programs or components in terms of maintainability before they can be fixed. In other words, how to detect if an application is more of :

  • a monolithic type of animal (and therefore little evolutive and subject to side effects in case of modifications)
  • a pretty modular project, following a good Object Oriented design (at least in term of cohesion)

There are 3 complementary approaches to do so :

Read the rest of this page »

Sonar Time Machine : replaying the past

When talking about source code quality, at first you might think that the only data of interest is the result of the last code analysis. However, you realize quickly that this information is not sufficient on its own and should be compared with similar data in the past.

Let’s pretend for a few moment that you get a new job as team leader of a development team and let’s make a few assumptions for the sake of argument : your main objective is to increase global quality/stability of applications and you are addicted to Sonar (probably not an assumption ;-)).

The first thing to be done is to analyze source code to quickly get a synthetic insight of the situation and define short term priorities. Therefore you take the following actions :

Read the rest of this page »

Discussing Cyclomatic Complexity

Googling on Cyclomatic Complexity (CC), gives some interesting results… Among those results, you’ll find the two following definitions :

  • A measure of the complexity of a software module, equal to e – n + 2, where e is the number of edges in the control flow graph and n is the number of nodes in this graph (that is, the cyclomatic number of the graph plus one)
  • A measurement of the intricacy of a program module based on the number of repetitive cycles or loops that are made in the program logic. It is used as a general measure of complexity for software quality control as well as to determine the number of testing procedures

Those two definitions, though perfectly true, are one of the reason for Sonar to exist: going away from the fact that code source quality is a notion only accessible to elite. Sonar is about democratization of the source code quality concepts to be understandable and usable by every stakeholder in a development project.

Read the rest of this page »

Tendencies in Sonar

One of the very good feature in Sonar is the tendencies. The tendencies are visible in every screen, from portfolio to class view, and are materialized by little arrows next to each measure. Those arrows show the trend for the measure.


This blog entry intends to explain how to read them, how Sonar makes their calculation and how they can be used.



Sonar uses 5 levels to describe the tendency of a measure. Each level is represented by an arrow :


           Strong increase
           Medium increase
          Neutral
           Medium decrease
           Strong decrease



Sonar uses black() arrows to represent tendencies on the quantitative metrics (the ones that are not reflecting quality of the code, for example number of lines of code).



Sonar uses red() or green() arrows to represent tendencies on the qualitative metrics (the ones that are reflecting quality of the code, for example code coverage). The red is used when the quality decreases, the green when it increases.



Of course, it is to be noted that if the percentage of duplicated lines decreases it will be represented by because it is considered as an improvement.



In order to display the tendencies, we decided that making a simple difference between the last two measures of each metrics was not accurate enough. Therefore we implemented a more advanced algorithm : the least squares method. The least squares is a linear regression analysis that helps removing the noise in order to determine a trend on discrete measures.
In other words, Sonar takes the last X measures, checks that the set of measures make some sens (by testing the correlation rate), determines an estimated slope and displays it using the arrows.



Since Sonar uses the last X snapshots, you would expect this X is configurable: that is the case ! Simply sign in, go to preferences -> measures menu. The number of days there is not really a number of days, but in fact a number of snapshots that are going to be used. You can increase this number as much as you like, as long as you have enough snapshots in you database !



Where do we get from there? If you take measure at a regular frequency, it means that you are able to get weekly, monthly tendencies, … on all your pages within Sonar.

Sonar light: the low-calorie mode for Sonar

When I initially wrote this blog entry, I chose a much more original title : “What is the analogy between a Coke light and Sonar light”. But then I realized that “Coca Light” (the French for Diet Coke) does not translate to “Coke light”… The title was not as attractive anymore : I had to back up ! ;-)

As any good code analysis tool, Sonar performs static as well as dynamic analysis (code coverage by unit tests). The dynamic analysis requires a lot of processing power (calories burning) since the unit components of the program must be compiled before they can be executed. On the contrary, static analysis just needs to analyze source code in order to calculate metrics like cyclomatic complexity or to detect bad coding practices.

Read the rest of this page »

Using the ‘Reviews’ section on the project dashboard

You might have already paid attention to this little and empty section named “Reviews” at the bottom right of any project dashboard, but what is this section about ?

Originally, this functionality was developped for one of our customer : this company has a quality assurance team in charge of regularly interviewing members of development teams on different areas like “Configuration Management”, “Project Planning”, “Technical Design”, etc. They already used Sonar to check and follow code quality on their projects portfolio and wanted to feed Sonar with the results of those reviews.

In Sonar 1.5 we’ve extended this to any kind of metrics which could be fed manually like “Team size”, “Business Value”, … But let’s go back to Sonar 1.4.X and the way this functionality can currently be used.

Read the rest of this page »

Page 3 of 3123

© 2008-2013, SonarSource S.A, Switzerland. All content is copyright protected. SONARQUBE and SONARSOURCE are
trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.