What is coming up for Sonar in 2012 ?

by freddy mallet|

    I wrote a few weeks ago a post on what was accomplished on the platform last year. Today, even if the year is already well started, I am taking some time to discuss the plans for this year !

    In 2011, a lot of efforts were invested for supporting Continuous Inspection. This year, we will continue to increase the value of the platform by bringing new and unique functionality, enforcing integration to development environment, consolidating support of existing languages and adding new ones.

    Complete support of Continuous Inspection

    The plan for this year is to complete what was started on Continuous Inspection last year and add the ability to:

    • customize the workflow for reviews
    • create a review at any place in the code
    • change severity of a violation
    • group reviews into an action plan
    • track project activity through widgets
    • get notified in case of new violations on a project
    • improve accuracy for new violation detection mechanism

    Most of this was completed already as it was part of Sonar 2.13 and 2.14

    Developer Cockpit

    Since developers have now the ability to understand and follow continuously the quality of their application, this is now time to provide them with a service that shows their own contribution to projects: the developer cockpit. The idea is that the developer will have access to a dashboard similar to the current one that will show only his data.

    Global / Governance dashboards

    The platform already allows to customize project dashboards but there is currently no way to create global dashboards to get for example in the same page :

    • the list of projects with a technical debt that increased during the past 30 days
    • my most valuable measures on my favorite projects
    • the reviews that were created last across all projects
    • the open reviews assigned to me
    • the last quality default I introduced
    • ...

    Code analysis technology

    SonarSource is going to open source its source code analysis technology "SSLR" to make it available for all Sonar plugins. The objective is to make all languages plugins, whether open source or close source, better. SSLR will provide all standard and complex stacks to analyse code : lexer, preprocessor, parser, AST generation, symbols table, XPath requests on AST, control flow... The first language we are looking at improving then is going to be Javascript.

    Code Churn metrics

    When doing refactoring and fixing quality defects, it can be very valuable to know what has been the activity during the past months on the source files we're working on. Indeed the ROI of the same kind of refactoring can be far more important on files which are often updated than on files that haven't changed during the past two years. That's another input to determine the priority of remediation activities.

    Language coverage

    On the language side, this year was prolific already with the contribution from the community of a python and a delphi plugin. But this is not it ! Two c++ plugins are under construction, one from the community and one from SonarSource. This is all good news for the ecosystem.

    Additional effort is going to be made on the improvement of existing languages:

    • Release of a version 1.0 of Flex plugin where any remaining dependency on Maven will be removed
    • Ability to not use anymore Toad with the PL/SQL plugin (2 releases of te plugin already this year)
    • increase drastically the number of rules in C (+ 30 already)
    • release of a version 2.0 of the SAP ABAP plugin


    Here is a list of various improvements and functionality that will enhance the platform:

    • Detection of cross-project duplications for all languages
    • Support for authorization in the LDAP plugin
    • Differential analysis in Eclipse
    • Encryption in analysers of DB credentials
    • This might be the year for Idea plugin

    That is it, we are now waiting for you on the user mailing list to discuss all this and define the exact use cases that should be covered!