Menu
I have developed one Android app using eclipse IDE and now code count grows very hugh, so I want to do the code review using some static code analysis tool which can help me to find out all silly mistakes in the code, duplicate code , exception handling errors etc. and it should be pluggable with eclipse IDE.
Can anybody suggest me the tool which i can use it in my project to resolve all coding issues.
600
Static analysis (or static code analysis) is an analysis run on the source code, against some set rules, even before the program runs (usually even before the unit tests). This is a kind of debugging that is done without even running the program and this is usually the first step taken towards code-analysis.
Veracode Static Analysis supports all widely used languages for desktop, web and mobile applications. This makes Veracode a great choice of static analysis tool for C/C++, Java, C#, . NET, and many other languages.
Klocwork. Klocwork can perform static code analysis on projects of almost any size. The primary benefit of using Klocwork is that it is easily integrable with Visual Studio Code IDE, Eclipse, IntelliJ, and a few others. This makes use of Klocwork easier for developers.
I don't know about "best"; I only know about "useful". I would start by simply opening the Lint Warnings view (Window -> Show View -> Other -> Android -> Lint Warnings). Then you might consider using FindBugs, an excellent tool.
It's not a static code analysis tool, but during development you should enable StrictMode. It helps find a lot of coding problems specific to Android. (Turn it off for deployment!)
For other tools, take a look at this thread.
116
Sonarqube step by step implementation
Step 1: First download the sonarqube LTS(Stable version) from this link
Don't download latest version. It produce java version issue. I tried 7.3 version working fine for me.
https://www.sonarqube.org/downloads/
Step 2: goto conf -> wrapper.conf -> set your java path
wrapper.java.command=C:\Program Files\Java\jdk1.8.0_60\bin\java
Next goto bin -> select your OS -> Click StartSonar
Step 3: http://localhost:9000/
Default Login credentials
Username - admin
Password - admin
Step 4: Project Build gradle File
repositories {
jcenter()
maven { url "https://plugins.gradle.org/m2/" }//add
}
dependencies {
classpath 'com.android.tools.build:gradle:2.3.0'
classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6.1" //add
// NOTE: Do not place your application dependencies here; they belong
// in the individual module build.gradle files
}
}
allprojects {
repositories {
jcenter()
}
}
task clean(type: Delete) {
delete rootProject.buildDir
}
Step 5: (Just copy & paste at bottom of build.gradle)
App Module Build gradle File
apply plugin: 'org.sonarqube'
sonarqube
{
properties
{
property "sonar.projectName", "RealmSample"
property "sonar.projectKey", "org.sonarqube:android-simple-sq-scanner-gradle"
property "sonar.language", "java"
property "sonar.sources", "src"
property "sonar.binaries", "build"
property "sonar.sourceEncoding", "UTF-8"
property "sonar.login", "admin"
property "sonar.password", "admin"
}
}
Step 6: Gradle.Properties File
systemProp.sonar.host.url=http://localhost:9000
systemProp.sonar.login=admin
systemProp.sonar.password=admin
Step 7:
Open android studio terminal tab(Android studio bottom) & open your current project path ex: cd:\ d:yourProjectPath
And apply this command
Windows OS
.\gradlew sonarqube
MAC OS
bash ./gradlew sonarqube
Step 8:
Check now http://localhost:9000 (if not refreshed click refresh button)..
Now you can analyze your code.
Note: If anybody using mac try this
Step 1:(Install homebrew command) ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Step 2: Install open JDK (Java)
brew cask install adoptopenjdk
Step 3: Install Sonar
brew install sonar
Step 4: Start sonarqube
brew services start sonarqube
For kotlin support. (don't go latest version it will produce java version issue)
Use 7.3 version
download link - version https://www.sonarqube.org/sonarqube-7-3/
follow all above steps with 7.3 version and change language in build.gradle
property "sonar.language", "kotlin"
Sonarqube is a platform to analyze code quality,security and reliability.It is a continuous inspection engine and offers reports on duplicated code,exception handling, coding standards, unit tests, code coverage, code complexity, potential bugs, comments , design and architecture etc.
I have used it and it helps me to detect bugs and keep my code clean and of good quality.
UPDATE
Below is the link of post on my blog which gives complete detailed explanation of integrating sonarqube with sonarqube scanner.
Integrating and Understanding SonarQube in Android
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
