Expand Authors Top

If you have a few years of experience in the Java ecosystem and you’d like to share that with the community, have a look at our Contribution Guidelines.

November Discount Launch 2022 – Top
We’re finally running a Black Friday launch. All Courses are 30% off until next Friday:

>> GET ACCESS NOW

November Discount Launch 2022 – TEMP TOP (NPI)
We’re finally running a Black Friday launch. All Courses are 30% off until next Friday:

>> GET ACCESS NOW

Expanded Audience – Frontegg – Security (partner)
announcement - icon User management is very complex, when implemented properly. No surprise here.

Not having to roll all of that out manually, but instead integrating a mature, fully-fledged solution - yeah, that makes a lot of sense.
That's basically what Frontegg is - User Management for your application. It's focused on making your app scalable, secure and enjoyable for your users.
From signup to authentication, it supports simple scenarios all the way to complex and custom application logic.

Have a look:

>> Elegant User Management, Tailor-made for B2B SaaS

1. Overview

SonarQube is an open-source and standalone service that gives an overview of the overall health of our source code by measuring code quality and code coverage.

In this tutorial, we'll cover the process of measuring code coverage using SonarQube and JaCoCo.

2. Description

2.1. Code Coverage

Code coverage, also called test coverage, is a measure of how much of the application’s code has been run in testing. Essentially, it's a metric that many teams use to check the quality of their tests because it represents the percentage of the production code that has been tested and run.

This gives development teams reassurance that their programs have been broadly tested for bugs and should be relatively error-free.

2.2. SonarQube and JaCoCo

SonarQube inspects and evaluates everything that affects our codebase, from minor styling details to critical design errors. This enables developers to access and track code analysis data ranging from styling errors, potential bugs and code defects, to design inefficiencies, code duplication, lack of test coverage and excess complexity.

It also defines a quality gate, which is a set of measure-based boolean conditions. Additionally, SonarQube helps us to know whether our code is production-ready or not.

SonarQube is used in integration with JaCoCo, a free code coverage library for Java.

3. Maven Configuration

3.1. Download SonarQube

We can download SonarQube from its official website.

To start SonarQube, run the file named StartSonar.bat for a Windows machine or the file sonar.sh for Linux or macOS. The file is in the bin directory of the extracted download.

3.2. Set Properties for SonarQube and JaCoCo

Let's first add the necessary properties that define the JaCoCo version, plugin name, report path and sonar language:

<properties>
    <!-- JaCoCo Properties -->
    <jacoco.version>0.8.6</jacoco.version>
    <sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
    <sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
    <sonar.jacoco.reportPath>${project.basedir}/../target/jacoco.exec</sonar.jacoco.reportPath>
    <sonar.language>java</sonar.language>
</properties>

The property sonar.jacoco.reportPath specifies the location where the JaCoCo report will be generated.

3.3. Dependencies and Plugins for JaCoCo

The JaCoCo Maven plugin provides access to the JaCoCo runtime agent, which records execution coverage data and creates a code coverage report.

Now let's have a look at the dependency we'll add to our pom.xml file:

<dependency>
    <groupId>org.jacoco</groupId> 
    <artifactId>jacoco-maven-plugin</artifactId>
    <version>0.8.6</version>
</dependency>

Next, let's configure the plugin that integrates our Maven project with JaCoCo:

<plugin>
    <groupId>org.jacoco</groupId>
    <artifactId>jacoco-maven-plugin</artifactId>
    <version>${jacoco.version}</version>
    <executions>
        <execution>
            <id>jacoco-initialize</id>
            <goals>
                <goal>prepare-agent</goal>
            </goals>
        </execution>
        <execution>
            <id>jacoco-site</id>
            <phase>package</phase>
            <goals>
                <goal>report</goal>
            </goals>
        </execution>
    </executions>
</plugin>

4. SonarQube in Action

Now that we've defined the required dependency and plugin in our pom.xml file, we'll run mvn clean install to build our project.

Then we'll start the SonarQube server before running the command mvn sonar:sonar.

Once this command runs successfully, it will give us a link to the dashboard of our project's code coverage report:

sonar

 

Notice that it creates a file named jacoco.exec in the target folder of the project.

This file is the result of the code coverage that will be further used by SonarQube:

Jacoco result

It also creates a dashboard in the SonarQube portal.

This dashboard shows the coverage report with all the issues, security vulnerabilities, maintainability metrics and code duplication blocks found in our code:

sonarqube

5. Conclusion

SonarQube and JaCoCo are two tools that we can use together to make it easy to measure code coverage.

They also provide an overview of the overall health of the source code by finding code duplications, bugs and other issues in the code. This helps us to know whether our code is production-ready or not.

The complete source code for the article is available over on GitHub.

November Discount Launch 2022 – Bottom
We’re finally running a Black Friday launch. All Courses are 30% off until next Friday:

>> GET ACCESS NOW

Junit footer banner
Comments are closed on this article!