In this article, I am going to explain how to use SonarQube source code analysis tool with JaCoCo code coverage library for a Spring Boot application.


Introduction


For those who started with TDD (Test Driven Development), code coverage is an important tool to measure and know how much percentage of their source code is covered and tested with test cases developed including both unit and integration tests.


Why it is important?


Higher code coverage will increase the maintainability of the code. Also, with sonarqube we can write quality code as it warns about potential bugs, hot-spots, vulnerabilities, code smells and duplication in the code.


Installation and Running


We are going to install sonarqube with docker and run it as a docker image.

To download the sonarqube image, type below command in your command line.


docker pull sonarqube

Once downloaded, enter the below command in the command line to verify it is downloaded.

docker images


We will start the container based on the downloaded image and give it the name sonarqube with the following command.



docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube

Here, -d option is for detached mode (background) and we expose 9000 and 9092 ports to the host using same port numbers.


Now, we can see the sonarqube dashboard by navigating to http://localhost:9000.


By default, the username and password is admin. After you login for the first time, it will prompt you to change the password.


Default username : admin

Default password : admin


JaCoCo Maven configuration


JaCoCo is a one of the famous code coverage library available for java based applications. In order to add JaCoCo for the project, you have to add the following maven plugin to the pom.xml file of the project.



Please find my pom.xml file if you still can’t find the plugins section.



Test coverage Analysis


First we need to run test cases before sending the report to sonarqube server. We can run the tests with the following command.


mvn test


Once it executes successfully, we will send the report to sonar server which will let us analyze which parts of the code to be covered with many other detailed reports and stats.


To send the report to sonar server, run the following command



mvn sonar:sonar -Dsonar.login=admin -Dsonar.password=<PASSWORD> 

If you have changed the password, replace <PASSWORD> placeholder with your password.

Once this command executes successfully, you should be able to see the URL for the analysis report. You can click the link to see the report.


Or you can also navigate to http://localhost:9000 to view the report.


After navigation, you should be able to see the sonarqube dashboard like below with your project with different reports.


Excluding classes from code coverage


In the code coverage analysis we focus only about the classes that should be covered with unit and integration tests. We need to exclude the non required classes like configs from coverage analysis.


This can be done by adding the classes needed to be excluded in the properties section.



  <properties>
    <sonar.exclusions>
    **/BackendApplicationTests.java,
    **/config/*.java
    </sonar.exclusions>
 </properties>
 

The above mentioned classes are excluded from code coverage.


Official website for sonarqube - SonarQube



Keep Experimenting 🔎 

Keep Learning 🚀


Post a Comment

Previous Post Next Post