Apr 15, 2011

Sonar quality platform - Using profiles

Quoting Sonar's official site:
SONAR is an open source quality management platform, dedicated to continuously analyze and measure source code quality.
In short, it tells you how bad your code is and where to start fixng things cost-wise. The total code quality of the project very much depends on the number of code violations. But when does something promote as a violation? Is parentheses' padding a violation to you? Maybe declaring arguments as final? 

Each Sonar profile defines a collection of rules - checks. The configuration of this profile can dramatically alter  the final metrics so it would be better to stick with a profile for the entire lifecycle of a project in order for the metrics to be always relevant.

In the following screen the zero-drop after enabling the most unforgiving profile is obvious, rendering all previous metrics irrelevant.

rules compliance

At milestone A the build was analyzed with an all-out Sonar profile including all the rules, checks and thresholds.

To create such a profile:

1. Log in to Sonar ,(ver. 2.6+), go to configuration and then Quality profiles on the top-left from the menu bar.

2. Click copy to make an exact copy of the default Sonar way configuration and name it as you wish e.g. Sonar complete.Click on Set as default. Next time sonar analyzes a project will use this new configuration.

3. Before triggering a build let's activate some more rules and checks.Click on the newly createdconfiguration to browse and activate the rules.

Select any on the three lists: Plugins, Severity, Status and click search to browse all the available rules.
To activate them all perform a Bulk change selecting Activate all from the select menu on the right , (highlighted with red on the screenshot).

The profile is now ready and we can either set it as default or associate it with specific projects.


Trying to run the maven sonar goal with the above profile activated i came accross the folowing two exceptions, (sonar and plugins were completely updated after a clean install):

  1. Caused by: java.lang.NullPointerException at org.sonar.java.squid.check.ClassComplexityCheck.visitClass(ClassComplexityCheck.java:48)
  2. Can not execute Sonar: Can not execute Checkstyle: cannot initialize module Header - property 'headerFile' is missing or invalid in module Header.

1.  Edit the profile and deactivate all checks of the squid plugin. This is the one responsible for the exception 
Caused by: java.lang.NullPointerException at org.sonar.java.squid.check.ClassComplexityCheck.visitClass(ClassComplexityCheck.java:48)

2. For the second one disable the following subset of rules:

  • XPath rule template

  • Header
  • Regexp
  • Regexp Header
  • Regexp Multiline
  • Regexp Singleline
  • Regexp Singleline Java


  1. fantastic article man , you have covered the topic really well with graphics and quotes. We are thinking to use Sonar for improving code quality or our project and your article certainly gives me some knowledge about it.

    10 tips on debugging Java Program in eclipse

  2. just +1 it , indeed it deserve :)


Real Time Web Analytics