Maintaining high Code Quality with SonarQube

It is well known that quality of code is in inversely proportional with Software bugs, as code quality goes down, the number of bugs increases. Thus, clean software is more likely to have less bugs than code of lower quality. It is also more understandable for other developers and they can be more productive.
Bugs and issues that occur in later phases of the Software Cycle can cause higher costs for a project, because it gets tangled in with other bugs (or other fixes). The following graph shows this. Naturally, it is important to continuously maintain code quality in order to prevent the high costs associated with fixing bugs in production.

Fix Costs

How do we measure Code Quality?

Code quality can be measured by performing a manual code review. For this, developers have to invest time in order to understand the functional and business logic of the code. However, this kind of review can be subjective and might be of patchy quality depending on the experience and technical background of the developer who performs the review. Additionally, to maintain code quality these reviews have to be regularly performed.

WTFs per minute

Measuring Code Quality in the Software Zoo

A solution to continuously measure software quality is to use tools for code analysis like Findbugs, and CheckStyle. Further, tools like CloverEclEmmaand Cobertura can analyse test code coverage. Unfortunately, the combination of those tools and their visualisation of code metrics can differ between teams. Also the results of their analysis can be distributed over different dashboards and might not be visible to all developers. This makes it hard to compare code quality across teams in the same organisation. Thus, it is recommended to use one tool which analyses the code in a standardised way and aggregates all metrics into a central dashboard. SonarQube is a tool that can analyse several projects and visualises all their metrics on one dashboard. It prevents developer teams from creating a Software Zoo of different technologies.

An overview of SonarQube

SonarQube performs static analysis on code and generates metrics. It contains a central web dashboard which shows the results of its analyses. It can be a replacement for multiple code analysis tools. Also SonarQube supports more than 20 languages like Java, C#, and JavaScript. It provides over 60 plugins including Jenkins, Gradle, and code coverage tools. In addition, it can store its results in an external database. MariaDB 5.5 is a recommended database because it outperforms MySQL. The generated metrics of SonarQube are divided in the seven axes of code quality as displayed in the graphic below. It can show if the architecture and design is free of cycles if the code contains duplications and the amount of cyclomatic complexity of methods and classes. Moreover, it displays the amount of comments in classes and methods. Results of Unit tests and code coverage can be imported into SonarQube in order to display them. The most important feature is it shows developers if code sticks to coding conventions and contains potential bugs. These breaches of coding rules are called violations.

Sven Axes of Code Quality

Eclipse Plugin for SonarQube

The Eclipse Plugin for SonarQube reads violation metrics of a Eclipse project from a SonarQube server. It shows the violations in a separated area in Eclipse and allows the developer to jump directly to the line of code that caused the violation. Additionally, it shows only violations of the selected package in Eclipse.

The architecture of SonarQube

The architecture of SonarQube 4.4 shows that source code can be analysed with Eclipse and the SonarQube Plugin, or the SonarQube Analyser. Second is a Bat file, however, it is also possible to use MavenGradle, or Ant as alternative. The results of the analysis are stored into a database, which should be MariaDB in order to achieve a high performance. The SonarQube server displays the stored metrics on its dashboard.


SonarQube Dashboard

The dashboard of SonarQube 5.1.2 displays various types of metrics. For example, it shows size metrics of a project like the lines of code, the amount of files, and the amount of functions. Further, it can display the percentage of duplications and documentation. On the central left of the graphic, the dashboard displays different issues. These are separated in marginal categories like Info, and Minor to more significant violations like MajorCritical, and Blocker. The top right of the image shows analysed projects in squares. It is also possible to customise widgets such as the tree-map on the right side. The colour of a square shows the SQALE Rating and the size the lines of code. This means that that components with a big size and a deep green colour are mostly free from violations. On the top left, the picture shows the Technical Debt. These metrics are calculated by SonarQube and show an estimated period of fixing technical debts like MaintainabilityChangeability, and Reliability.

The Issues section shows the violations of all categories. It can be navigated to the source of the violation and a explanation shows why this violation should be fixed. Moreover, SonarQube displays the amount of time that is needed to fix the violations of a class.


In summary, SonarQube aggregates multiple code analysis tools into one, supports various programming languages, and offers several plugins to integrate it with other Software. It centralises code metrics into a single dashboard. Thus, it can provide a useful overview of the health of a project to developers as also managers.

The creators of SonarQube provide a live system example which can be viewed here: SonarQube Nemo Server