DotNetCurry Logo

Managing Code Quality using SonarQube with Visual Studio 2015 and TFS 2015 Build

Posted by: Gouri Sohoni , on 9/14/2016, in Category Visual Studio, VSTS & TFS
Views: 13707
Abstract: SonarLint is a tool for managing code quality. We will integrate SonarLint with Visual Studio 2015 and with TFS build by creating a build definition

This article will demonstrate how to integrate SonarLint with Visual Studio 2015. SonarLint is a tool for managing code quality. We will also see how to integrate SonarQube with TFS build by creating a build definition.

It is essential to maintain quality while writing code. Visual Studio provides a lot of tools to help maintain the quality of the code. Some of these tools are Static Code Analysis (to define rule sets for code), Code Metrics (to find maintainability of code), IntelliTrace (to make debugging easy), Unit testing, IntelliTest, Web Performance Test, and Load Testing. All these tools help make the life of developers easy. The better the quality of code, the less number of bugs which in turn boosts up the overall productivity.

 

In this article we will be talking about one of the Open Source tool named Sonar.

Also read: Code Optimization Tools in Visual Studio 2013

Overview of SonarQube

SonarQube is an open source platform developed to manage quality of code. It covers various parameters of code quality like duplication in code, lines of code, unit testing, coding rules, complexity and bugs. It supports 20 different programming languages like Java, C#, COBOL, ABAP, PL/SQL etc. with the help of plugins. There is a plugin named SonarLint available for Visual Studio. You can download it from Visual Studio Gallery. SonarLint provides on the fly bugs reporting, and quality issues for C# and VB.NET code.

SonarQube can be downloaded from this link. You need to have Java Environment installed on the machine. Once downloaded, unzip the files and run the batch file named “StartSonar.bat” (from folder \sonarqube-5.6.1\bin\windows-x86-64) to start the server. The default port number is 9000. Once the server is started, you will see the following screen in the browser.

sonar-qube-server

Figure1: SonarQube Dashboard

You can establish a connection to the SonarQube server and bind the Visual Studio solution to the SonarQube project. We will also discuss how to add build tasks to use code analysis for TFS build using Visual Studio Team Services (VSTS).

Adding SonarLint to Visual Studio 2015

I am going to discuss how to add SonarLint in Visual Studio 2015 and use it while creating a desktop build (analyze the Code along with Build). Later I will add the solution in the source control and use the tasks for SonarQube which will provide us with reports for managing quality along with TFS build.

Open an existing solution which has some code to perform code analysis. Add SonarLint to Visual Studio using Tools – Extensions and Updates

sonarlint

Figure 2: Download and Install SonarLint for Visual Studio

Like Static Code Analysis, the new ruleset is added in Code Analysis tab. Go to Properties for Project and select the tab for Static Analysis to find out different rules for SonarLint.

sonar-lint-rules

Figure 3: Rule set for Sonar

3. I have changed some of the rules to error and have tried to apply to the solution. Right click on the solution > select Analyze and select “Run Code Analysis on Solution”

4. As the rules have been modified, I get an error instead of a warning

code error

image

Figure 4 & 5: Rules not followed via code

5. We can bind the project to SonarQube and an existing project there.

sonar-qube-connection

Figure 6: Connect to SonarQube Server

6. While connecting, you need to specify the url for SonarQube server. In my case I am using my machine as a server, so I am using localhost

sonar-qube-url

7. After you connect to the server, you can bind the project and view it in SonarQube.

8. The following report shows the Code details about my project

report

and the Dashboard looks as follows

sonar-dashboard

Figure 7 & 8: Reports published on sonarQube

Until now we saw how to manage code quality with Visual Studio. Now let us create a server side build and find out how the build tasks can be used in it.

Using SonarQube with TFS Build

Let us now create a build definition using Visual Studio Tem Services (VSTS) and use SonarQube with TFS build. The aim of this article is not to go into details about how to analyze the report generated by SonarQube, but how to generate it using VSTS and Visual Studio. Once you integrate and know how to obtain the report, you can always go into the details of the parameters provided.

SonarQube can be installed on any machine in the network. It should be accessible from the machine on which the build agent is running.

Choose Legacy Windows for smaller footprint. Once downloaded, unzip it in the specified folder. I have used c:\Agent folder for unzipping.

agent-unzipped

Figure 9: Agent folder

Run the command file ConfigureAgent.cmd and follow the steps. You need to provide the name of the agent, Team Foundation Server url, whether to configure the agent against the Default Pool or not, the working folder for the agent and finally if the agent is to be installed as a Windows Service or not. Ensure that you are running the command with administrative privileges.

Once the agent is configured we can view it from Control Panel – VSTS name - Project Name – Agent queues tab.

Creating Build Definition

We need to create a build definition with the 2 Build Tasks provided for SonarQube integration. Before creating a build definition, download and configure the Build Agent. I am going to use the Default Build Agent as my SonarQube is running on the local machine. You can download the agent by selecting Download Agent link from Agent queues (by selecting control panel for VSTS)

1. Create a new Team Project or use existing one and add code to it.

2. Create a default build definition for Visual Studio template.

3. Add 2 tasks for SonarQube to it

sonar-build-tasks

Figure 10: Build Tasks for SonarQube

4. Configure the task for Begin analysis. We have to point it to our SonarQube server. Select Manage for SonarQube Endpoint and we will be re-directed to creation of new Service end point.

5. Select a new Generic Connection and provide details for Server. Enter the name for the endpoint and the connection URL.

6. The configured task looks as follows

task-configuration

Figure 11: Configure Build analysis task


Project Key is with respect to the project you are performing analysis on.

Project Name is the project being analysed. Project Version by default takes 1.0. You can change it if required. You can even use it as the BuildNumber.

7. Once the Build Definition is ready, ensure that it is using Default Agent and not the Hosted (default for VSTS) as our SonarQube server is on local machine.

8. Once the build is successful, we will get all the warnings for the SonarQube ruleset.

buid-warnings

Figure 12: Build Summary with Warnings

9. The detailed report can be seen by clicking on the link. You can see that the Quality Gate Passed is shown in the report.

The quality gate can be changed by using the Advanced tab from the build task for analysis

fail-quality-gate

Figure 13: Change Quality Gate Setting

10. If there are test assemblies and you have also enabled Code Coverage, the build will also show Test Results along with Code Coverage as follows

test-code-coverate-with-build

Figure 14: Build Summary with Test Results and Code Coverage

Create Quality Gate for SonarQube

Finally I will create a new Quality Gate for SonarQube and apply it to the project. The default quality Gate can be found at Quality Gate tab from SonarQube

default-quality-gate

Figure 15: Default Quality Gate

We need to login with administrative privileges in order to create a Quality Gate. The default credentials are User name as admin and password as admin. Once you have successfully logged, you can create a new Quality Gate, provide the name for it and add various conditions to it. The conditions can be for Complexity, Code Coverage, Unit Testing, Documentation, Duplication, Size etc. After creating a new Quality Gate I set it as default and again Queue the Build. My Quality Gate failed because of the conditions I have set. You can also see that the build has partially succeeded.

quality-gate-failed

Figure 16: Quality Gate Failed

Click on Detailed Report and further it shows that the Code Coverage is 33.3 % because of which the Quality Gate failed.

Conclusion

In this article we discussed how SonarQube can be used in Visual Studio 2015 to manage quality of code written. It is an Open Source tool which can be integrated with Visual Studio. We also discussed how the build tasks can be added to TFS build and integrated. We also discussed how to create a new Quality Gate and make use of it with the build task.

Was this article worth reading? Share it with fellow developers too. Thanks!
Share on LinkedIn
Share on Google+
Further Reading - Articles You May Like!
Author
Gouri Sohoni is a Trainer and Consultant for over two decades. She specializes in Visual Studio - Application Lifecycle Management (ALM) and Team Foundation Server (TFS). She is a Microsoft MVP in VS ALM, MCSD (VS ALM) and has conducted several corporate trainings and consulting assignments. She has also created various products that extend the capability of Team Foundation Server.


Page copy protected against web site content infringement 	by Copyscape




Feedback - Leave us some adulation, criticism and everything in between!