Something I don't think we've discussed yet. Analyzers. What kind of analyzers are built into SonarQube. I can't find a description on the SonarQube site, and while Appendix B is titled "Project Analysis" I didn't see anything describing the analyzers SonaQube uses. I remember seeing output from CheckStyle, PMD, and FindBugs (I think). Since you can run SonarQube against multiple languages, I assume there's a place to configure the analyzers used, and a list of available analyzers too.
Is that the case, or is it all dependent on the plugins you use?
SCJP, SCJD, SCEA 5 "Any sufficiently analyzed magic is indistinguishable from science!" Agatha Heterodyne (Girl Genius)
Jeanne Boyarsky wrote:Where did you see the word Analyzer used that way? The only way I'm seeing it is the way to kick off Sonar. (Ant, Maven, etc)
When you 'kick off Sonar', what's actually happening is you're asking it to analyze your code and test results. That's why I started wondering, and asked at the end or my post, if it's based on the plugins you use.
For example, if you go to the Plugin Library page, and look at the entry for the Java plugin, it says:
included plugins are Checkstyle, FindBugs, JaCoCo, PMD
optional plugins are Clirr, Clover, Cobertura, Emma, fb-contrib, Sonargraph
CheckStyle, FindBugs, and PMD are all static code analyzers, while Clover and Cobetura are code coverage tools. So, if you've got the Java plugin enabled then when you exec the Sonar runner, it runs those analyzers and you get their view on your code quality. Or, at least, that's the way it used to work.
I'm remembering more of how I configured things on previous projects, and so I think I've answered my own question. Look to see what plugins are available - the list of analyzers is a subset of those plugins.
You're right and you're wrong. To some degree, it does depend on what plugins you've set up, as with test coverage. Beyond that though, the rest of the 7 Axes of Quality are built in to the language plugin and SonarQube itself. Yes, Findbugs, PMD, and Checkstyle for Java; FxCop, Gallio, Gendarme, and StyleCop for C# are separate plugins. They come with the ecosystems (sets of plugins) but you could choose to remove them. But it's increasingly true that SonarQube's language plugins natively contain the rules for that language. They also contain the ability to calculate LOC, complexity and other language-specific metrics. Things like duplications detection come from SonarQube itself.
Like Jeanne, I was also thrown by your use of "analyzers" but it does make sense after the mental context switch. Personally, I just think of them as parts, or phases, of the analysis.