Sonar is an application for integrating output from several static and test analysis tools into a comprehensive overview of the software's quality.
Unfortunately, most of those analysis tools (PDM, FindBugs, etc.) do not support Groovy and, by extension, Grails.
We've found tools called CodeNarc and GMetrics which perform some of the analysis, but not test coverage, and we're working on a Sonar plugin to import the CodeNarc output. As I said, though, this is incomplete.
Does anyone know of a better set of complexity/rules-based static analysis tools that can handle Groovy, as well as a Grails test coverage metric? Of course, one with a Sonar plugin for reading in the output would be best.
Just use Sonar Groovy Plugin!
It leverages GMetrics, Codenarc and Cobertura in Sonar!
Here are the tools I'm aware of (and just aware):
There is CodeNarc that you mentioned.
There is also GMetrics.
And Grails has a Test Code Coverage Plugin.
But nothing ready to be used with Sonar AFAIK. I'm watching SONARPLUGINS-194 about this but there isn't much activity although some work has been reported very recently, maybe be you :)
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I've been vetting Static Analysis tools and I've recently come across both Atlassian Clover and SonarQube. The two products seem remarkably similar and virtually identical from a server perspective, yet I can't find a good comparison of them online.
I've also been vetting their IntelliJ plugins, and this where I see vast differences between the two. Clover's IDE integration is amazing, pointing out exact lines of code that aren't covered by unit tests. However, the SonarQube server has this functionality, but I'm not sure the $300/person cost of Clover is worth this IDE convenience.
Sonar's plugin simply seems to point out code issues in the IDE, which is good, but IntelliJ has functionality for this already. Also, does Clover lack this in their plugin, or do I simply not see it because I haven't put the Clover plugin in front of a server yet?
Lastly, I've also seen that Sonar can consume reports generated by Clover. Does anyone have any experience with this? Does the SonarQube server sufficiently replace the Clover server by utilizing these reports? If not, what does Sonar lack?
For reference: http://docs.codehaus.org/display/SONAR/Clover+Plugin
Some background: The product being analyzed is a Java web project being build with Maven. Both tools seem to have appropriate Maven integration.
Disclaimer: I'm a Clover developer at Atlassian.
But I'll try to be as objective as possible, of course.
Let me emphasize one difference between Clover and Sonar first:
Clover is mainly a code coverage tool. It tracks both total coverages as well as per-test coverage. It has some code metrics in addition to this, but it's not a typical static code analysis tool like Checkstyle, FindBugs or PMD.
Sonar (from my perspective) is mainly a data aggregation tool, which can collect various kinds of data (like code coverage, static analysis results, code metrics) from various tools and present them in one place.
What is similar in these two tools that both of them can create rich reports.
Having said this, let me answer your questions.
Clover's IDE integration is amazing, pointing out exact lines of code that aren't covered by unit tests [...] but I'm not sure the $300/person cost of Clover is worth this IDE convenience.
You have to answer it yourself :-) Few things worth consideration:
How does your developer run unit tests - do they run them in IDE before commit? Do you have a "green build" policy? If both answers are yes then having Clover in IDEA may be worth it.
How much time takes the execution of unit tests in IDE? How frequently they're launched? If they take a long time and are frequently launched, then using Clover's Test Optimization feature in IDEA could be interesting.
Do you have your tests split into several build plans running on CI server? Running in specific environment configurations? in such case, server reports could be more valuable than in IDE
do your developers prefer to see code coverage directly in their IDEs or rather clicking through the HTML report in a browser?
Do you expect to see any productivity boost of your team thanks to having source code with coverage highlighting in IDE? How much? Is the 'time saved * salary > clover license price'?
Sonar's plugin simply seems to point out code issues in the IDE, which is good, but IntelliJ has functionality for this already. Also, does Clover lack this in their plugin [...]?
Clover does not perform static analysis, and thus it does not show code bugs. Neither in its HTML report nor IDE plugins (IDEA/Eclipse).
Lastly, I've also seen that Sonar can consume reports generated by Clover. [...] Does the SonarQube server sufficiently replace the Clover server by utilizing these reports? If not, what does Sonar lack?
I'm not 100% sure (please correct me if I'm wrong) but I think the Sonar Clover Plugin parses Clover's XML report file (at least Clover plugins for Jenkins, Hudson and Bamboo work this way) to get some numbers to display. Which means that you won't see Clover's HTML report in Sonar with detailed source line coloring, per-test coverage, tag clouds, etc.
Cheers
Marek
I am using Grails 2.0.3 as platform and Netbeans 7.1 as an IDE. Which of the available plugins for code analysis in groovy works best? Codenarc and GMetrics are on my list.
Anyone who have tried these? Which one is better?
CodeNarc and GMetrics both analyze different things. CodeNarc checks code for style, best practices and other inconsistencies. GMetrics analyzes the complexity of your code and will tell you the cyclomatic complexity and line counts and whatnot.
If I was only going to use one of these plugins, I would use CodeNarc because it helps train you to follow best practices in your code and will improve your code quality. However, there is no reason why you shouldn't or can't use both.
I've been doing some research on the maven source and javadoc plugins, and I wanted to inquire a bit about the usage of each.
I understand conceptually how the plugins work, and what they do.
What I'm confused about, is why you would want to bundle sources or javadoc along with your artifact. Doesn't the javadoc get published when you do site:deploy? If I am creating a JAR library that will be used as a dependency of another project in eclipse, will attaching javadoc or sources enable me to see the javadoc in eclipse when using functions in that library, whereas if I fail to use the javadoc plugin, they won't be available?
What is "forked-path" and "jar-no-fork"? They seem to be relevant to this. Like I said I've done a lot of researching, I just can't tie it all together. Thanks!
Eclipse and other tools know how to download source and javadoc artifacts and use them to show you doc and source of your dependencies.
Forked-path and jar-no-fork are just about not running out of memory.
What tools are out there that can perform code coverage analysis at the machine code level rather than the source code level? I'm looking for a possible solution to perform fuzz testing on software that I do not have source code access.
I think the IBM Rational test coverage tools instrument object code.
Assuming you had such a tool, but no access to the source, what exactly
would code coverage mean, other than 100%?
If you didn't have 100% coverage, you'd know you hadn't exercised something.
But you would have no way of knowing what.
For compiled code (not Java), try Valgrind.
Old post... but my two cents.
If you have a bunch of jars and if you know what classes/methods you are using, you can instrument the jars with Emma and run your sample application against those jars.
In my case, I have jars which are actually proprietary components (to generate html code) which our company uses to build it's web-pages. We have a sample application that utilizes these components and a bunch of tests that are run against the sample app. I wrote an ant task to copy the maven dependencies to a directory, instrument them and run the tests against these instrumented jars. This task is invoked from the maven POM and is hence part of the build process.
Also, as part of the build process, we process the emma coverage data to produce a report. This report shows the classes and methods in the jar for which we do not have the source code! Hope this helps.
If you have the number of entry points (public methods), you can test the coverage for that. I don't know any tool for that though.
Otherwise you would have to test the assembly code coverage, and I don't know if it is possible.
I'm wondering are there more current and active alternative tools to the Apache Forrest product for project documentation that developers are using?. It seems to be stuck in v0.8 release since 2007.
I'm thinking about using the maven site via Ant to generate a HTML report with the various javadoc, pmd and findbug reports for my project. Just wondering what other developers are using out there.
maven can grenerate copious amounts of project documentation.
I'd point you to the maven documentation for this, but the maven documentation is, ironically, rubbish.
We generate most of our documentation from source using a new open source build system for Java called EBuild (features) that is a great alternative to Maven. You may have to adopt EBuild-specific conventions to make the most of that though.
There's some detailed articles on the deficiencies of Ant and also Maven on the site.