Eclipse, Checkstyle, Sonar : an emerging source code management solution
Having a tool like Sonar to monitor source code and continuously evaluate risks is a good start. Nevertheless, Sonar should not only be considered as a passive audit tool that can quickly help you scan your projects portfolio.
Sonar is the missing piece of a global source code management solution. We'll progressively communicate on this fully Open Source integrated solution but for today, here are the first three components :
A good source code management solution should not only provide a way of being reactive through a regular reporting but as well to be proactive by enabling the developer to integrate quality in the heart of the development process. In others words, each developer should be able to check the quality of a newly or updated source code before publishing it to a source control system like Subversion or CVS.
Let's take the example of Checkstyle quality rules for today. We'll see later how to generalize this approach to JUnit, Clover, PMD...
Sonar web interface allows you to quickly define and activate a quality rules profile :
Without any more configuration, each time you scan a project with Sonar, this rules profile is automatically applied on source code. On the previous screenshot, you can notice that Sonar provides on each rules profile a permalink (URL) to get the checkstyle configuration file associated with this profile.
As a developer, in order to apply the exact same rules before publishing any new modifications on source code, you simply need to:
- Use the well known eclipse IDE with the eclipse-cs plugin.
- Go to Eclipse -> Preferences -> Checkstyle menu
- Create a new Global Check Configuration, choose the "Remote Configuration" type and copy/paste the permalink provided by Sonar, for example http://nemo.sonar.codehaus.org/rules_configuration/export/java/Sonar%2520way/checkstyle.xml
- Right Click on any eclipse project you want to analyze and select Checkstyle -> Activate Checkstyle
No more to do !
Every time you make some change to your code, the eclipse "Problems" view tells you what are the quality rules violations in your source code. Of course, those problems are exactly the same ones Sonar reports.
That's enough to begin with. If you want to know more about the power of the Eclipse Checkstyle plugin, you can have a look at the eclipse-cs web site.