Open Source Quality Management Platform: Sonar Review

By Shaon, Gaea News Network
Friday, December 17, 2010


Sonar has been a very popular quality management platform for quite some time now. The platform is billed as to continuously analyze and measure the code quality. If anyone is serious about maintaining code quality namely coding standards, best practices, complexity, and also monitor associated statistics such as the number of unit tests run and the level of code coverage should be knowing about Sonar. Popularly known in the industry as a “one stop shop for quality metrics this tool has support for open source plugins to enhance its functionality. We will try to guide you through the initial setup phase and the nitty grities needed to analyze the project.

Sonar System Requirements

The fact everyone should know is that Sonar is a web application and requires a maven plugin that uses both a database. In other words The Users have to interact with Sonar through the web browsers of any computer making it compatible on many OS platforms. More over this software runs on any operating system that supports the following software

Java Development Kit v1.5 or later
Maven 2.0.9+, 2.1.+, 2.2.+ or 3.+ (Since Sonar 2.4)

The application also needs relational database for storing the resultant measured data. The database supported are

MySQL 5.x+
Oracle 10g+
PostgreSQL 8.3+ (8.2 since Sonar 1.12)
MS SQLServer 2005 since Sonar 2.0

A little known thing about the Sonar application is that it ships with a embedded database called Derby for evaluating the results. The database is comprehensive enough to be billed as a full version but the fact remains that before deploying the application on a fully functional production environment it is essential to connect to a enterprise database. The fact behind this is that version migration on the Derby is not tested during the phase when the updates to the Sonar platform are released. It is to be noted that the Sonar Web Server needs a healthy 500Mb of RAM to work and function to optimal levels. the Browser that is running the Sonar should have an option to turn on Javascript so as to get the full experience. The browsers supported currently are as follows

Firefox 2.x and 3.x
Internet Explorer 6.x, 7.x and 8.x
Safari (latest version)
Opera (latest version)
Chrome (latest version)


The installation is quite simple and should take 1-2 minutes of the users time According to the procedure is

Download and unzip the distribution

Do not install the application in a directory starting with a digit.

Execute on Windows :


or on other platforms :

bin/[OS]/ console
Execute the following command on your maven2 projects.
mvn clean install sonar:sonar
Browse to https://localhost:9000
For administration features, default login/password admin/admin

The process to install it on Gentoo Linux platform

Configure “Godin’s Gentoo Repository” as described on this page :

If you use paludis:

paludis -i dev-util/sonar-bin

Or using emerge:

emerge -av dev-util/sonar-bin
The only thing left to do is to start Sonar:
/etc/init.d/sonar start
And, optionally, add it to start at boot:
rc-update add sonar default
Browse to https://localhost:9000 For administration features, default login/password is admin/admin

You should configure the database before deploying it as I mentioned before.

The MySQL server may be setup by using the following commands

mysql> CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
mysql> grant all privileges on sonar.\* to ’sonar’@'localhost’ identified by ‘t0ps3cr3t’;
mysql> flush privileges;

Following this process the con/ has to be modified in order to deploy the application without hitches.

# MySql
# uncomment the 3 following lines to use MySQL
sonar.jdbc.url: jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8
sonar.jdbc.driverClassName: com.mysql.jdbc.Driver
sonar.jdbc.validationQuery: select 1
sonar.jdbc.user sonar
sonar.jdbc.password t0ps3cr3t

via here

How to analyze Java Projects

The analysis of Maven project may be done by running a maven goal in the dictionary of the pom.xls. This procedure will require a running of a install goal. It is to be noted that the version matches the installed server. For example 1.4 Sonar maven plugin does not comply with 1.5 Sonar web server. A major change since the Sonar 1.5 version was that the default installation of the goal was scrapped.

The most recommended to analyse the project properly will require an installation without even running unit tests.

mvn clean install -Dtest=false -DfailIfNoTests=false

Then the Sonar Goal should be executed

mvn sonar:sonar

If you are using a version that is older than the 1.8 the command line needed is

mvn org.codehaus.sonar:sonar-maven-plugin:VERSION:sonar

You should uncheck the “resolve workspace artifacts” found in the maven project launch window. This is done to make sure that the eclipse maven embedder is not running. We hereby thank Cedric Munger a commenter and user of Sonar for the above tip he specifically states

Works nice on my box, make sure you’re not using the eclipse plugin maven embedder (define a new maven runtime pointing to your local maven install), use the latest maven eclipse plugin and uncheck “resolve workspace artifacts” in the maven project launch window.

In a case when the above procedure is not feasable one should adopt this method to get the desired result.

In this process the analysis is done with a single command but the unit tests would run twice. So you will not be using the -Dtest=false parameter, otherwise the Sonar will not be able to run the unit test and as a resultant no result will return. The code you need is

mvn clean install sonar:sonar -Dmaven.test.failure.ignore=true

the -Dmaven.test.failure.ignore=true is added so that in the case if the unit test fails then the analysis will happen.

For Non Maven projects

If the Java project is not run using Maven 2 there is a solution to analyze code as well via Sonar.

The user will be required to

Install Maven2 (just unzip, define the $MAVEN_HOME property and add $MAVEN_HOME/bin to $PATH)
Create a file named ‘pom.xml’ into the root directory of your project :

Within that file this code must be present and the parameters of the following code must be changed to suit the need of the project.

<project xmlns=”″
<name>[YOUR PROJECT NAME]</name>
<version>[YOUR PROJECT VERSION]</version>
<sourceDirectory>[YOUR SOURCE DIRECTORY]</sourceDirectory>
<outputDirectory>[YOUR CLASSES/BIN DIRECTORY</outputDirectory>

The para meters must be replaced using the following guidelines

[YOUR.ORGANIZATION] the id of your organization (no space) com.myorganization
[YOUR.PROJECT] the id of your project (no space) my.project
[YOUR PROJECT NAME] the name displayed into sonar (spaces allowed) My Project
[YOUR PROJECT VERSION] the version. Set 1.0 if no specific version. 1.0
[YOUR SOURCE DIRECTORY] the relative path to the sources directory src/java
[YOUR CLASSES/BIN DIRECTORY] the relative path to the compiled java classes directory bin

after which amven2 plugin must be executed

mvn sonar:sonar

How to monitor performances

Sonar is configured to run on computer that supports a simple Java JRE. The top priority of installing a enterprise Sonar instance is using a Java JDK. The server mode must be activated. the following comment will require to be uncomment this code from the conf/wrapper.conf

The Java JVm may be changed by Sonar by editing conf/wrapper.conf line

All that is left to get started of using the Sonar (considering that your other configurations are correct) is tuning the Database. As we said there are 2 uses that may be used with MySQL : MyISAM and InnoDB. MyISAM is an older platform and is being replaced by InnoDB which is clearly a faster platform for Sonar. Moreover this engine scales better as the number of projects under quality control spiral into a large number. If you have been using Sonar for a long time you hould migrate totaly to InnoDB as soon as possible. Once you do that the first line of action should be to allocate a maximum amount of RAM on MySQL instance with the following parameter


There should be atleast 15 Mo in the ‘query_cache_size’. We will elaborate on the issue further so that you are able to answer the dilemma regarding the settings to be adjusted if a server with say 16GB of RAM is required to be dedicated to a MySQL with a large InnoDB database.

Configuring Database

Make sure that you are running a dual core CPU on the server. Also it is required that a cost efficient Memory value around 16G-32G is present. Configure a RAID 10 array so that the Hard Disk seek times are reduced to a minimum. Avoid using RAID 5 due to random rewrites. For an OS never compromise with a 32 bit OS. You must and I repeat must get a 64 bit OS with preferably a LVM/EXT 3 file system in that order. My preference is the LVM for superior backup. Peter Zaitsev on Planet MySQL explains that a preffered configuration of the Innodb be thus

innodb_buffer_pool_size 70-80% of memory is a safe bet. I set it to 12G on 16GB box.
innodb_log_file_size This depends on your recovery speed needs but 256M seems to be a good balance between reasonable recovery time and good performance
innodb_log_buffer_size=4M 4M is good for most cases unless you’re piping large blobs to Innodb in this case increase it a bit.
innodb_flush_log_at_trx_commit=2 If you’re not concern about ACID and can loose transactions for last second or two in case of full OS crash than set this value. It can dramatic effect especially on a lot of short write transactions.
innodb_thread_concurrency=8 Even with current Innodb Scalability Fixes having limited concurrency helps. The actual number may be higher or lower depending on your application and default which is 8 is decent start
innodb_flush_method=O_DIRECT Avoid double buffering and reduce swap pressure, in most cases this setting improves performance. Though be careful if you do not have battery backed up RAID cache as when write IO may suffer.
innodb_file_per_table If you do not have too many tables use this option, so you will not have uncontrolled innodb main tablespace growth which you can’t reclaim. This option was added in MySQL 4.1 and now stable enough to use.

He also asks us to ensure that the application can run in READ COMITTED isolation mode. Set the value as transaction-isolation=READ-COMMITTED. For more information you may go here we used that as a reference for setting up our Sonar you will find it useful.

December 21, 2010: 12:24 am

Thank you very much for these updates on sonar.

will not be displayed