What is coming up for Sonar in 2011 ?

by freddy mallet|

    After an initial attempt that ended up posting on what was accomplished last year, time has now come to discuss the plans for Sonar in 2011 and the associated roadmap !

    In 2010, Sonar has progressively become a "must have in software factories" as are already Jenkins, Jira, Nexus or Subversion for instance. With Sonar, a quality platform can now be considered as a commodity which can be installed and used by everybody with only little investment whether it is time or money. We will still focus our effort in 2011 to increase the value of the platform and make teams capable of continuously assessing and reimbursing their technical debt even easily than today.

    Track Changes

    One of the main objective for the team this year is that Sonar provides full support for Continuous Inspection practice. Sonar can already measure the overall quality of a software but it is not so simple to make sure that changes made during a period comply to requirements. Two features have been added already in Sonar 2.5 for this :

    • Ability to view the changes that occurred on measures over a period of time in the dashboard and in the filters
    • Ability to report on violations that were added during a period of time

    The next step is to provide the ability to report on code coverage of new source code. This is to insure that whatever legacy code is there, teams have the ability to monitor the coverage by unit tests on added code only if they wish.

    After this is completed, we will have reached sufficient maturity to work on the famous Developer activity plugin

    Code review

    This is really the next strategic move for the Sonar platform : add a manual dimension to the automated one to provide a complete code review tool. The first step could be to be able to comment on violations in the form of discussion threads. Then, we could provide capability to switch off a violation from the UI instead of using the intrusive //NOSONAR. Finally, it would be great to be able to log a new violation from the UI to keep track of issues that are not and can't be automatically detected.

    Language consolidation

    We have pushed really hard last year to cover many languages and we now want to increase their functional surface. Here are the major improvements that are in the pipe :

    • Provide a Squid-like engine to the C# plugin to make it more robust. The current implementation only aggregates external tools and it is sometimes tricky to consolidate their results.
    • Add execution path engine and dependency tree to the Cobol plugin to then build advanced rules like dataflow engine and dead code detector.
    • Improve the C parser to gain robustness, support non ANSI-85 extensions and increase significantly the number of rules available.
    • Improve the PL/SQL plugin to provide currently missing metrics.

    On top of this consolidation, we wish to give a go at C++ support.

    Sonar in Eclipse

    Now that we have a stable version 1.0 of the plugin, we can start building on it. The objective for this year is to provide capability for running local analysis inside Eclipse.

    Then we could look at synchronizing the Eclipse configuration based on the Sonar Quality Profile to reinforce the agreed standards.

    Support New Bootstrappers

    We have started last year some background work to decouple Sonar from Maven. This work will enable us to support 2 new mechanisms for bootstrapping analysis in Sonar 2.6 : an ANT task and a Java runner. Next step is to also provide Gradle bootstrapper.

    JaCoCo Integration

    We intend to make 2 major integrations of JaCoCo into Sonar this year. The first one is to integrate it into Sonar core and make it the default coverage in place of Cobertura. The second one is to provide ANT integration of JaCoCo and therefore provide a simple way of gathering code coverage when you execute unit tests from ANT.

    That is it ! We are now waiting for you on the user mailing list to discuss all this and define the exact use cases that should be covered.