21

How we can integrate sonarqube in android studio? I have come across static code analysis using sonarqube. Explain how we can achieve that. There are many link available to integrate sonar-runner and sonarqube but either outdated or not sufficient to get the job done.

Marcin Orlowski
  • 72,056
  • 11
  • 123
  • 141
Gurvinder Singh
  • 2,157
  • 3
  • 15
  • 21

5 Answers5

43

Sonarqube is static code analyzer tool on server side. It is very useful to write clean and quality code. You should have sonarqube running on localhost or server. There create a new project giving name and unique id, this name and unique we will use to identify us to the server along with our username and password. Few things need to be set up on server side like-

  1. Create a user.
  2. Create new project with unique id.

Now in Android studio we are going use gradle sonarqube command to analyze our project with sonarqube.

There are following steps need to be covered before running gradle sonarqube command-

  1. First we need to have gradle installed on our machine.
  2. (Optional) To install sonarqube plugin in android studio. Go to-

File -> Settings -> Plugins -> then type sonarqube and click on Browse repositories at the bottom.

  1. Open build.gradle file, add plugin sonarqube.org and add following properties- 

    apply plugin: "org.sonarqube"

sonarqube {
    properties {
        property "sonar.projectName", "MyProject"
        property "sonar.projectKey", "com.example.myproject"
        property "sonar.host.url", "http://192.114.1.1:9000"
        property "sonar.language", "java"
        property "sonar.sources", "src/main/"
        property "sonar.login", "username"
        property "sonar.password", "password"
    }
}

  2. Open project gradle file and in dependencies add-

    dependencies {
    classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6.1"
}

  3. And in repository add-

    allprojects {
    repositories {
        maven {
            url "https://plugins.gradle.org/m2/"
        }
    }
}

Now on Android studio side your setup is done, run the command- gradle sonarqube to run the analysis.

If working in team and want to create different branches for all developers, run command- gradle sonarqube -Dsonar.branch={YouName}

Gurvinder Singh
  • 2,157
  • 3
  • 15
  • 21
9

If you are using gradle 3.X follow this steps:

1.- Download and run on localhost Sonarqube from this: https://www.sonarqube.org/downloads/

2.- At the gradle.properties:

systemProp.sonar.host.url=http://localhost:9000
systemProp.sonar.login=XXXXXXXXXXXXXXXX (put your token)

3.- At the build.gradle(Module:app) inside repositories:

maven {
            url "https://plugins.gradle.org/m2/"
        }

And inside dependencies:

classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7"

And finally outside buildscript:

apply plugin: "org.sonarqube"

4.- Run the command: gradle sonarqube

5.- wait 5 minutes after build successfull to see the result report

vicente esparza
  • 171
  • 2
  • 2
4

Integrating Sonarqube can be a bit hard, I wrote a Gradle plugin for Android to make it easier.

Here is an article about it: https://proandroiddev.com/android-analyzer-df0e4d80dc74

Here is the plugin: https://github.com/pinchbv/android-analyzer

Robert K.
  • 1,043
  • 1
  • 8
  • 20
0

If anyone is getting scm provider autodetection failed they can disable scm by writing:

            property "sonar.scm.disabled", "True"

in there properties section in build.gradle file

NIKHIL GUPTA
  • 1
0

FOR KMM USE setProperty(key, value)

sonarqube {
    properties {
        setProperty("sonar.projectName", "MyProject")
    }
}
user3509903
  • 55
  • 3