Commerce

SAP Commerce integration with SonarQube

SonarQube is an opensource tool for static code analysis and provides a central location to analyze code quality across multiple projects within an organization. SAP Commerce ships with a custom quality profile which is the same profile used by SAP Commerce product development team. SAP commerce also provides an out-of-box Apache Ant target that generates the information to be passed to SonarQube.

This article assumes that you have setup SAP Commerce and SonarQube locally. If you don’t have SonarQube setup already, follow this 2 minute guide to setup SonarQube locally.

Setup Quality Profile

Follow these steps to setup a custom quality profile in SonarQube

  • Go to http://localhost:9000 and login. If you have installed it locally, default credentials are admin/admin
  • Use the Create button to upload the custom quality profile. The custom profile that ships with SAP Commerce is located at {SAP_COMMERCE_ROOT}/build-tools/sonarqube/java-hybris-profile.xml

  • Set the imported profile as default

Configure SAP Commerce

Configure the following sonar configuration properties in local.properties file

sonar.projectName=<insert project name here>
sonar.projectKey=<insert project name here>
sonar.projectVersion=1.0
sonar.extensions=<insert comma separated list of extensions here>
sonar.host.url=http://localhost:9000
sonar.login=<insert sonar login token here>
sonar.login=java

Run Sonar Analysis

  • SAP Commerce ships with SonarQube Scanner for Ant and Apache Ant target “sonarcheck” to perform static code analysis.
  • Execute ant sonarcheck command from within hybris/bin/platform directory.
  • Once ant sonarcheck command executes successfully, the project dashboard in SonarQube will now display a consolidated view of the state of the code base.

SonarLint

While SonarQube does a good job of static code analysis, it is often time consuming to run the Apache Ant target and then fix issues based on the outcome. SonarLint is a free tool that integrates very easily with Eclipse (and most other IDEs) and provides on the fly reports as well. It is recommended that developers use SonarLint with their IDE to ensure that the state of the code base aligns with the quality profile during active development.

Conclusion

SonarQube, combined with SonarLint, is a powerful tool to ensure that development teams follow best practices for coding during active development and thereby greatly increasing the reliability, security and maintainability of the code base.

About The Author