sonarqube札记之-代码注释行的量度
&来源：读书人网&【读书人网()：综合教育门户网站】
sonarqube笔记之--代码注释行的量度在sonarqube中，关于文档方面的度量有以下方面：1 sonarqube中的代码注释
sonarqube笔记之--代码注释行的量度
& 在sonarqube中，关于文档方面的度量有以下方面：1 sonarqube中的代码注释行的概念（comment lines):Absolute number of comment lines. This metric is calculated differently foreach programming language.For instance, in Java, all Javadocs (class, method, property) plus all singleor multicomment lines and all commented-out code are counted as commentlines. Other comments, such as empty comment lines and headercomments, aren’t counted. 也就是说，comment lines包括所有的类，方法，属性上的注释，包括单行或者多行的，以及注释调的代码行，而空的注释行和头文件注释，是不算的2 & 注释的密度（Density ofComment Lines)）&& Comment Lines / ( Lines of Code + Comment Lines ) * 100 也就是注释的代码行/注释的代码行和总的代码行3 Public API： 不同语言不同计算方法，其中java中&& Public Classes + Public Methods + Public Properties，就是上面三者上的注释数量，但不包括final static的 4 Public Undocumented API，就是应该在public api上写注释，但没写的数量了；5 文档API注释密度：(public api-public undocument api)/public api*100& 下面看一个例子：& public class InternationalOrder {private InternationalC/** Add C remove order line code omitted */public List&OrderLine& orderlines = new ArrayList&OrderLine&();/*** Calculates total amount of an order.* @return total amount as a BigDecimal number*/public BigDecimal getTotal() {BigDecimal total = BigDecimal.valueOf(0);for (OrderLine orderLine : orderlines) {total = total.add(orderLine.getOrderLineTotal());}BigDecimal discount = total.multiply(getDiscount());total = total.subtract(discount);// Multiply with tax numberBigDecimal tax = total.multiply(getVat());total = total.add(tax); // total = total.add(tax); }private BigDecimal getTax() {return (BigDecimal.valueOf(customer.getCountry().getVat()));}private BigDecimal getDiscount() {return BigDecimal.valueOf(0.10);}}&&
在上面的代码中，代码的注释行为5个； 而public api为2个，因为只有类方法和属性有注解，但类上面没注解，所以 doucment的密度api为=2/3=66.3%SonarQube代码质量管理平台搭建
作者：卢超
引言：Sonar是一个用于代码质量管理的开源平台，用于管理源代码的质量，可以从七个维度检测代码质量，通过插件形式，可以支持包括java、C#、C/C++、PL/SQL、Cobol、JavaScrip、Groovy等等二十几种编程语言的代码质量管理与检测。我们以Linux和MySQL环境为例，演示如何使用Sonar对一个Java项目进行代码质量分析。
CentOS release 5.6
JDK1.6.0_25
sonar-3.7.2
sonar-runner-2.3
apache-ant-1.8.4
一、搭建Sonar环境
1.创建数据库和增加用户及权限
#mysql -u root -p
mysql> CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_
mysql> CREATE USER 'sonar' IDENTIFIED BY 'sonar';
mysql> GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar';
mysql> GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar';
mysql> FLUSH PRIVILEGES;
2.下载安装sonar与sonar-runner
下载地址：http://www.sonarqube.org/downloads/。
将下载下来的sonar-3.7.2.zip和sonar-runner-dist-2.3.zip上传到/usr/local/tool目录并解压。
3.设置环境变量#vi /etc/profile
4.编辑sonar配置文件#vi /usr/local/tool/sonar-3.7.2/conf/sonar.properties
sonar.jdbc.username:
sonar.jdbc.password:
sonar.jdbc.url:
jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true
sonar.jdbc.driverClassName:
com.mysql.jdbc.Driver
5.启动sonar，根据不同操作系统，进入相应的目录执行可执行文件
#cd /usr/local/tool/sonar-3.7.2/bin/linux-x86-32
#./sonar.sh start
#./sonar.sh stop
#./sonar.sh restart 重启服务
6.访问http://localhost:9000/，出现sonar界面表示安装成功。
7.安装中文插件，可以在更新中心安装或下载插件http://repository.codehaus.org/org/codehaus/sonar-plugins/l10n/sonar-l10n-zh-plugin/1.6/sonar-l10n-zh-plugin-1.6.jar 放到/usr/local/tool/sonar-3.7.2/extensions/plugins目录中，重启服务即可。
8.编辑sonar-runner配置文件
#vi /usr/local/tool/sonar-runner-2.3/conf/sonar-runner.properties
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8
二、使用SonarQube Runner代码质量分析
1.在项目源码的根目录中，创建sonar-project.properties配置文件。
# required metadata
sonar.pany:example
sonar.projectName=example
sonar.projectVersion=1.0
sonar.sources=src
sonar.language=java
sonar.binaries=classes
sonar.sourceEncoding=UTF-8
2.进入项目源码的根目录，执行sonar-runner。
完成后，访问http://localhost:9000/即可看到分析结果。
三、集成测试代码测试覆盖率及单元测试
1.下载sonar-ant-task-2.1.jar和jacocoant.jar包到$ANT_HOME/lib目录中。
下载地址：http://repository.codehaus.org/org/codehaus/sonar-plugins/
2.编辑源码根目录中的build.xml文件。
&?xml version="1.0" encoding="UTF-8"?&
&project name="UT coverage with Ant and JaCoCo running tests" default="all" basedir="." xmlns:sonar="antlib:org.sonar.ant"&
&!-- ========= Define the main properties of this project ========= --&
&property name="src.dir" value="src" /&
&property name="test.dir" value="test" /&
&property name="lib.junit.dir" value="lib" /&
&property name="build.dir" value="target" /&
&property name="classes.dir" value="${build.dir}/classes" /&
&property name="reports.dir" value="${build.dir}/reports" /&
&property name="reports.junit.xml.dir" value="${reports.dir}/junit" /&
&!-- Define the SonarQube properties --&
&property name="sonar.projectKey" value="org.codehaus.sonar:example-ut-ant-jacoco-runTests" /&
&property name="sonar.projectName" value="UT coverage with Ant and JaCoCo running tests" /&
&property name="sonar.projectVersion" value="1.0" /&
&property name="sonar.language" value="java" /&
&property name="sonar.sources" value="${src.dir}" /&
&property name="sonar.tests" value="${test.dir}" /&
&property name="sonar.binaries" value="${classes.dir}" /&
&property name="sonar.sourceEncoding" value="UTF-8" /&
&property name="sonar.surefire.reportsPath" value="${reports.junit.xml.dir}" /&
&!-- The following properties are required to use JaCoCo: --&
&property name="sonar.dynamicAnalysis" value="reuseReports" /&
&property name="sonar.java.coveragePlugin" value="jacoco" /&
&property name="sonar.jacoco.reportPath" value="target/jacoco.exec" /&
&!-- Add your basic SonarQube configuration below: sonar.jdbc.url, sonar.jdbc.username, etc. properties --&
&property name="sonar.jdbc.url" value="jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true" /&
&property name="sonar.jdbc.username" value="sonar" /&
&property name="sonar.jdbc.password" value="sonar" /&
&!-- ========= Define "regular" targets: clean, compile, test, ... ========= --&
&target name="clean"&
&delete dir=".sonar" /&
&delete dir="${build.dir}" /&
&delete dir="${reports.dir}" /&
&target name="init"&
&mkdir dir="${build.dir}" /&
&mkdir dir="${classes.dir}" /&
&mkdir dir="${reports.dir}" /&
&mkdir dir="${reports.junit.xml.dir}" /&
&target name="compile" depends="init"&
&javac srcdir="${src.dir}" destdir="${classes.dir}" classpathref="classpath" fork="true" debug="true" includeAntRuntime="false" /&
&javac srcdir="${test.dir}" destdir="${classes.dir}" classpathref="classpath" fork="true" debug="true" includeAntRuntime="false" /&
&path id="classpath"&
&fileset dir="${lib.junit.dir}" includes="*.jar"/&
&target name="test" depends="compile"&
&taskdef name="junit" classname="org.apache.tools.ant.taskdefs.optional.junit.JUnitTask"&
&classpath&
&path refid="classpath"/&
&/classpath&
&/taskdef&
&!-- Import the JaCoCo Ant Task --&
&taskdef uri="antlib:org.jacoco.ant" resource="org/jacoco/ant/antlib.xml"&
&!-- Update the following line, or put the "jacocoant.jar" file in your "$HOME/.ant/lib" folder --&
&classpath path="path/to/jacoco/ant/task/lib/jacocoant.jar" /&
&/taskdef&
&!-- Run your unit tests, adding the JaCoCo agent --&
&jacoco:coverage destfile="target/jacoco.exec" xmlns:jacoco="antlib:org.jacoco.ant"&
&junit fork="yes" dir="${basedir}" failureProperty="test.failed"&
&classpath location="${classes.dir}" /&
&classpath refid="classpath" /&
&formatter type="xml" /&
&batchtest todir="${reports.junit.xml.dir}"&
&fileset dir="${test.dir}"&
&include name="**/*Test.java" /&
&/fileset&
&/batchtest&
&/jacoco:coverage&
&!-- ========= Define SonarQube target ========= --&
&target name="sonar" depends="compile"&
&taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml"&
&!-- Update the following line, or put the "sonar-ant-task-*.jar" file in your "$HOME/.ant/lib" folder --&
&classpath path="path/to/sonar/ant/task/lib/sonar-ant-task-*.jar" /&
&/taskdef&
&!-- Execute SonarQube --&
&sonar:sonar /&
&!-- ========= The main target "all" ========= --&
&target name="all" depends="clean,compile,test,sonar" /&
&/project&
3.进入源码的根目录执行命令#ant，完成后访问http://localhost:9000/即可看到单元测试的统计数据。
四、查看代码分析结果
至此，部署Sonar服务和项目代码质量分析工作已经完成，下面是Sonar管理平台的界面，其中包含了项目的代码行数、注释数、API文档数、代码问题、单元测试覆盖率等多种分析信息。
Sonar将代码中的问题的优先级分成阻断、严重、主要、次要、提示五个等级，问题明细中可以看到各种问题的代码数量，问题所在的包名类名等。
展开问题信息，可以看到产生问题的代码，并且会给出一些修改建议。Sonar默认采用PMD和FindBug的代码检查规则，也可以根据需要加入其他的代码检查规则。程序员可以根据这些规则优化自己的代码，避免开发中由于代码不规范而造成一些缺陷的隐患。
请致电800-830-9336或发送与我们联系。SonarQube 6.0 – Aug 4, 2016
Tracking of file move/renaming, better management of quality profiles and new rules, improvement of permission pages, “Project Creator” feature to enable automatic onboarding for new projects, CSRF fix for Java WS-based pages, Elasticsearch upgrade to 2.x
() –
SonarQube 5.6.2 (LTS *) – Sep. 19, 2016
Long Term Supported version, requires Java 8 to run, wraps together all the new features of the 5.x series: Leak concept, SonarQube Quality Model, increased Scalability and Security, and always more Developer-Oriented Features.
() –
5.6.2 – Sep. 19, 2016 – Long-Term Support version – Bug and vulnerability fixes –
5.6.1 – Jul. 27, 2016 – Long-Term Support version – Bug and vulnerability fixes –
5.6 – Jun. 3, 2016
SonarQube 5.5 – May 3, 2016
New SonarQube Quality Model with built-in support of “Bugs” and “Vulnerabilities” issue types, new Measures project page, Compute Engine in a dedicated process, improved Background Tasks page
() –
SonarQube 5.4 – Mar. 9, 2016
New “Code” page, “My Account” space (with token generation), cross-module duplications, new API for Identity providers (OAuth GitHub plugin for instance), restart from the Web console
() –
SonarQube 5.3 – Jan. 11, 2016
New project homepage highlighting Quality Gate and (newly introduced) Leak concepts, cross-project duplication back, access token to run analysis or call WS, WS to implement a build breaker strategy
() –
SonarQube 5.2 – Nov. 2, 2015
Scanners no longer access the database, new features to efficiently manage issues (more precise location, “My New Issues” notification, technical debt displayed in Issues page, new Issue Filter widget, default assignee per project), enhanced monitoring features, new administration web services, rewrite of global administration pages
() –
SonarQube 5.1.2 – Jul. 27, 2015
New overall layout, merge Issues Drilldown with Issues page, tags of issues, auto-assignment of issues, “won’t fix” issues, issues report as a core feature, new Rules page, more efficient Component Viewer, possibility to import all files, timezone issue fixed, SonarQube binaries compatible with Java 1.7+ only
() –
5.1.2 – Jul. 27, 2015 – Bug fixes –
5.1.1 – Jun. 5, 2015 – Bug fixes –
5.1 – Apr. 2, 2015
SonarQube 5.0.1 – Feb. 24, 2015
New Issues page with facets, SCM built-support for Git and SVN, DB cleaning done on server side, end of Maven 2 support, end of “sonar.importSources” support, use of ‘/’ in branch names.
() –
5.0.1 – Feb. 24, 2015 – Bug fixes, SQALE model update –
5.0 – Jan. 14, 2015
SonarQube 4.5.7 – Apr. 8, 2016
(Former LTS version)
SQALE Rating and Technical Debt Ratio, improvement of Coding Rules pages (active severity filter, display of remediation functions, management of manual rules), various other improvements and bug fixes.
() –
4.5.7 – Apr. 8, 2016 – Long-Term Support version – Vulnerability fixes –
4.5.6 – Oct. 16, 2015 – Long-Term Support version – Bug fixes, cleanup of the SQALE model –
4.5.5 – Jul. 30, 2015 – Long-Term Support version – Bug fixes –
4.5.4 – Feb. 26, 2015 – Long-Term Support version – Bug fixes, SQALE model update –
4.5.2 – Jan. 7, 2015 – Long-Term Support version – Bug fixes, SSLv3 disabled –
4.5.1 – Oct. 29, 2014 – Long-Term Support version – Many bug fixes and small improvements –
4.5 – Sept. 29, 2014
SonarQube 4.4.1 – Sept. 26, 2014
New Rules space with management of rule templates and custom rules, new Component Viewer, detailed QG widget, improved multi-language support, built-in Web Service API page. NOTE Oracle users are recommended to use version 4.4.1.
() –
4.4.1 – Sept. 26, 2014 – Fix migration issues –
4.4 – July 31, 2014
SonarQube 4.3.3 – July 31, 2014
Alert concept is replaced by Quality Gate concept. Technical Debt is now displayed everywhere in a user-friendly format which allows to work with durations in hours/minutes and not only in days. Clouds page has been replaced by a more configurable Cloud widget. When upgrading a language plugin, the relating SQALE analysis model is also updated (except for the users of the SQALE plugin and when the default SQALE model has been overridden).
() –
4.3.3 – Jul. 31, 2014 – Fix migration issues –
4.3.2 – Jun. 24, 2014 – Fix migration issues –
4.3.1 – Jun. 4, 2014 – Fix migration issues –
4.3 – May 2, 2014
SonarQube 4.2 – March 26, 2014
Multi-language support, tags of rules, new visual measure filter representations, improved Issues page
() –
SonarQube 4.1.2 – Feb. 20, 2014
Tracking of added technical debt, Elasticsearch integration, Bubble Chart, new search forms for issues and measures, new “Administer Issue” permission, key pattern on Permission Templates
() –
4.1.2 – Feb. 20, 2014 – Fix issue on creation of index on groups_users table –
4.1.1 – Jan. 28, 2014 – Fix bug on rule parameter descriptions –
4.1 – Jan. 13, 2014
SonarQube 4.0 – Nov. 7, 2013
Computation of the technical debt based on the SQALE model, issue exclusion/inclusion, code coverage exclusion, project provisioning, incremental analysis, end of support of WAR mode
() –
SonarQube 3.7.4 – Dec 20, 2013
Bulk change operation on issues, ability to save/edit/delete/list issues filters, new permissions to run analyses, bulk update of project permissions, support of Maven 3.1
() –
3.7.4 – Dec 20, 2013 – Fix regressions on project permission management and bulk deletion page –
3.7.3 – Oct 21, 2013 – Fix issues migration from version older than 3.6. More stable notification service –
3.7.2 – Oct 2, 2013 – Speed up migration of violations to issues –
3.7.1 – Sep 23, 2013 – Enhance performances (dry-run mode, notifications delivery, server startup), fix vulnerabilities and 80+ other improvements –
3.7 – Aug. 14, 2013
SonarQube 3.6.3 – Aug. 14, 2013
Violations become issues and come with new features: search engine, change log, etc., tracking of new coding rules, quality profile administrator, highlighting of usage and declaration of variables/functions in source code viewer
() –
3.6.3 – Aug. 14, 2013 – Fix migration issue related to dates –
3.6.2 – Jul. 18, 2013 – Fix issue on Oracle DB migration –
3.6.1 – Jul. 12, 2013 – Faster database migration, security fix and other bug fixes –
3.6 – Jun. 26, 2013
SonarQube 3.5.1 – Apr. 13, 2013
Tracking of unit tests, new rules on unit tests, new exclusion settings, enhanced update center, enhanced email notifications
() –
3.5.1 – Apr. 3, 2013 – Fix two regressions when using SonarQube Runner to perform analyses in specific cases –
3.5 – Mar. 13, 2013
SonarQube 3.4.1 – Jan. 8, 2013
New service to query measures, ability to compare projects, list of recent projects, alerts on measure variations
() –
3.4.1 – Jan. 8, 2013 – Fix a critical security bug on project permissions –
3.4 – Dec. 22, 2012
SonarQube 3.3.2 – Nov. 21, 2012
Support of modules with different languages, overall coverage by unit and integration tests, enhanced file exclusions, new Java rules
() –
3.3.2 – Nov. 21, 2012 – Fix compatibility with Postgres 8 –
3.3.1 – Nov. 07, 2012 – Bug fixes –
3.3 – Oct. 24, 2012
SonarQube 3.2.1 – Oct. 3, 2012
New rules to define thresholds on coverage, comments, etc., Selection of quality profile by project administrators, Bulk deletion of projects, Ability to change project key, New period ‘Since Previous Version’ for differential views
() –
3.2.1 – Oct. 3, 2012 – Bug fix –
3.2 – Aug. 6, 2012
SonarQube 3.1.1 – Jun. 25, 2012
Global dashboards, Findbugs 2.0, rules for unit tests
() –
3.1.1 – Jun. 25, 2012 – Bug fix –
3.1 – Jun. 13, 2012
SonarQube 3.0.1 – May 14, 2012
Encryption of database password, TimeMachine available as widgets, New algorithm for tracking violations, 40 bugs and 40 improvements
() –
3.0.1 – May 14, 2012 – Bug fix –
3.0 – Apr. 17, 2012
SonarQube 2.14 – March 19, 2012
Detection of cross-project duplications for all languages, add notes to rules, retrieve user information from third-party systems, email notification on new violations, enhanced treemaps
() –
SonarQube 2.13.1 – Jan. 31, 2012
New search engine, review any piece of code, ability to change severity of violations, group reviews by action plans, new widgets to track project activity
() –
2.13.1 – Jan. 31, 2012 – Fix bug during migration
2.13 – Jan. 17, 2012
SonarQube 2.12 – Nov. 30, 2011
Support Java7 projects, new hotspot widgets, improve detection of duplications, better handling of project events, improve LCOM4
() –
SonarQube 2.11 – Oct. 3, 2011
SonarQube CPD to check cross project duplications, TimeMachine 2.0, suppress analysis snapshots, SonarQube Server ID
() –
SonarQube 2.10 – Aug. 18, 2011
Internationalization, email notifications for review changes, improvement of manual measures
() –
SonarQube 2.9 – Jul. 18, 2011
Improve manual code reviews, track Quality Profile changes
() –
SonarQube 2.8 – May 19, 2011
Manual code review, analysis of Ant multi-modules projects, new tool to compare Quality profiles
() –
SonarQube 2.7 – Apr. 1, 2011
Coverage of recently changed code, better integration of SCM Activity plugin
() –
SonarQube 2.6 – Feb. 18, 2011
Ant task and Java standalone task to analyze projects
() –
SonarQube 2.5 – Jan. 14, 2011
Differential views, tracking of violations through time, new coding rules for Java projects
() –
SonarQube 2.4.1 – Nov. 18, 2010
Customizable dashboards, update center, architecture rules for Java projects
() –
2.4.1 – Nov. 16, 2010 – Fix Oracle bug
2.4 – Nov. 16, 2010
SonarQube 2.3.1 – Oct. 22, 2010
Export/import Quality profiles, allow multiple configuration of the same coding rule
() –
2.3.1 – Oct. 22, 2010 – Fix bug during upgrade
2.3 – Oct. 13, 2010
SonarQube 2.2 – Jul. 15, 2010
User favourites, user filters to define its own queries
() –
SonarQube 2.1.2 – May 20, 2010
Search for project usage/dependencies, new rules to detect unused Java private/protected methods and calls to deprecated methods
() –
2.1.2 – May 20, 2010 – Bug fixes
2.1.1 – May 10, 2010 – Bug fixes
2.1 – May 5, 2010
SonarQube 2.0.1 – Mar. 10, 2010
Chidamber and Kemerer Metrics, Dependency Structure Matrix
() –
SonarQube 1.x
1.12 – Dec. 7, 2009 –
1.11.1 – Oct. 20, 2009 –
1.11 – Oct. 5, 2009 –
1.10.1 – Aug. 19, 2009 –
1.10 – Aug. 14, 2009 –
1.9.2 – Jun. 8, 2009 –
1.9 – May 25, 2009 –
1.8 – Apr. 17, 2009 –
1.7 – Mar. 18, 2009 –
1.6 – Feb. 9, 2009 –
1.5.1 – Jan. 8, 2009 –
1.5 – Dec. 16, 2008 –
1.4.3 – Oct. 16, 2008 –
1.4.2 – Sep. 25, 2008 –
1.4.1 – Aug. 23, 2008 –
1.4 – Aug. 7, 2008 –
1.3 – Jun. 16, 2008 –
1.2.1 – Apr. 30, 2008 –
1.2 – Mar. 26, 2008 –
1.1 – Feb. 25, 2008 –
1.0.2 – Dec. 14, 2007 –
* LTS stands for Long Term Support. Blocker and Critical issues will be fixed or back-ported on it. There is always 2 versions supported: LTS and LATEST. See this
to decide between LTS and the LATEST version.
Related Tools
SonarQube Scanners
Choose from a wide array of tools available to scan source code.
SonarQube Plugins
to extend SonarQube features.
Immediate code scanning for three popular IDE’s and Command Line.
SonarQube is distributed under the , Version 3, under Swiss law. You may not use this application except in compliance with the License. You may obtain a copy of the License at . The original GNU license from which this lesser license is derived can be found here. By downloading SonarQube software, you agree to the terms of this Lesser GPL v.3 license and that you are entering into a license agreement with a company located in Switzerland. Unless required by Swiss law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Stay Connected
Need help?
, provided by SonarSource
Productivity Winner of the
2009 and 2010 and finalist in 2012
"World’s most promising start-up focused on Open Source" -
& , SonarSource S.A, Switzerland. All content is copyright protected. SONARQUBE, SONARLINT and SONARSOURCE are trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.&