Sonar Quality Dashboard 3.0: New Commercial Editions And The Developer's Cockpit
- Unit test success and code coverage
- Source code violations (similar to FindBugs)
- Source code metrics such as CC, RFC and LCOM4
- Package cycles (similar to JDepend)
- Duplicate code lines
- Numerical counts for code lines, packages, classes, methods etc.
- Historical charts and graphs showing quality trends over time
The core application supports the Java language by default. Extra plugins (some commercial) enable metrics for C, C#, Flex, Natural, PHP, PL/SQL, Cobol and Visual Basic 6. Analysis is usually performed during the build phase of a project. Sonar is easily integrated with a build server (e.g. Jenkins/Hudson) so that metrics are updated frequently. According to SonarSource (the company behind Sonar) this practice is essentially a form of Continuous Inspection since development teams can monitor the quality state of their application as time progresses.
The recent release of Sonar 3.0 now offers commercial support in addition to the community support already present in the existing open source version. An interesting new feature comes in the form of Developer's Cockpit, a commercial plugin that allows developers to follow and manage their own contribution to the quality of the application. Normally Sonar presents aggregated results for source code regardless of authorship. The plugin integrates with the user accounts on the code repository of the project SCM and personalizes all existing Sonar information. This has the result that individual developers can see how they affect code quality by their commit actions.
InfoQ contacted Olivier Gaudin (CEO/Co-Founder at SonarSource) discussing the past and future of Sonar:
Of course there will always be an open source version of Sonar available for free. This is part of the DNA of SonarSource, the company behind Sonar. Our primary objective at SonarSource is to enable every development team to use tools for code quality management. We truly believe that managing internal quality is going to be part of the development process for most teams in a couple of years. Therefore we know that the market for internal quality management tools is big but also this is a market where people have a strong culture of using the open source product.
Having said the above, most of our customers are very large enterprises that implement our solutions to large development teams. They expect to get support from the vendor and not only from the community. Some of them also want that we support them on site during implementation. This is why we came with Professional and Enterprise Editions, which both build on top of Sonar, our open source platform.
InfoQ: One of the strengths of Sonar is the availability of several external plugins that complement its core functionality. However, the plugin API seemed to change a lot in previous versions leaving some plugins behind; the Isotrol plugin comes to mind. Are there any efforts to stabilize the plugin API and achieve better backwards (or even forward) compatibility?
In my opinion, saying that the Sonar API changes a lot is not very fair. We launched the first enterprise version of Sonar more than 3 years ago (Sonar 1.5) and it came with a large API. When designing this API, we made a couple of mistakes that later on appeared to make future evolutions of the API difficult. For that reason, we decided to rewrite part of this API around 2 years ago and not keep backwards compatibility. We took the hit on the forge of plugins by migrating all plugins to the new API. The Isotrol plugin was not part of the forge, and furthermore Isotrol informed us that their Sonar plugin was not a priority for them anymore. This made it too difficult to make the conversion. As far as I know, this is the only plugin that was retired due to an API issue and we have done a good job to insure backward compatibility ever since. By the way, a new similar plugin has been created by the community, called Total Quality.
InfoQ: Sonar in its early days used existing Java tools (e.g. PMD, JavaNCSS, Checkstyle) for the code analysis. Lately however it has its own analysis code (i.e. Squid) which has replaced some of this functionality. Are there are any plans to export these capabilities in stand alone analysis tools for people who have a custom workflow and do not want to use Sonar?
Yes, we felt that integrating existing tools would not be sufficient to reach our objectives. We therefore started to develop our own parsing technology called Squid. Squid was designed as a library and can be used independently from Sonar. We designed it that way, because we thought that there would be demand for a good analyzer outside Sonar.
InfoQ: The Google testability explorer has some great ideas, but its development seems to be stalled. Any plans on integrating some of its functionality in Sonar?
Actually, there is already a Sonar plugin to integrate the testability explorer but it is also stalled. For us, this is a similar subject to crap4j, the studies from Keith Braithwaite on the link between complexity distribution and TDD , the Demeter law or the O.O. Design Quality Metrics of Uncle Bob (PDF link). We have always taken the approach not to implement experimental tools / concepts / metrics (except maybe for LCOM4) but more to have a solid platform that provides very actionnable information. We will integrate those tools / concepts / metrics once we are sure that information provided will be actionnable.
InfoQ: At least for Java, Sonar is heavily integrated with Maven. Is support for other build systems (e.g Ant, Gradle) at the same level of support as Maven?
I am happy that I am able today to challenge this statement! It is true that Sonar was initially highly coupled with Maven, but we removed the coupling more than one year ago and Maven is now "only" a bootstrapper in Sonar as are Ant, Gradle and the Sonar runner (Java batch) and you get the same functionality with all of them. This was also a requirement for further developing the Sonar-Eclipse plugin, enabling greater adoption of the platform.
For more information on Sonar see the reference documentation, the collection of extra plugins and most importantly the live demo analyzing popular open source projects. The product comparison page contains all the pricing details including commercial support options.
Delivering Performance Under Schedule and Resource Pressure: Lessons Learned at Google and Microsoft
Ivan Filho Mar 06, 2014