• Maven is free and extensible and it’s distributed as a small core
module. All features are implemented as plug-ins and are loaded on
demand. These plug-ins are also stored in repositories. You (or other
developers) can easily write plug-ins in Java or other scripting
languages. Maven scripts can run Ant scripts and vice versa.
Maven provides a simple way to set up projects that follow common
best practices, including a default directory structure that makes it
easier to understand how a project is structured. A consistent and
unified directory structure simplifies software development and
provides a standard based on industry best practices. This focus on
convention over configuration increases cross-project knowledge and
makes it easier to get up to speed on another team’s project. Many
Maven features, configurations, and settings are provided implicitly.
You can change Maven’s default behavior at many points and can
configure almost everything, but generally it’s better to stay with the
commonly accepted conventions.
Lifecycles, phases, and goals
• Maven requires that you describe what your project is doing. To this end,
Maven offers lifecycles and individual phases that you can configure to tell
Maven what to do in these phases.
Maven and testing
• Maven is ideally suited for running all your tests as part of your
normal build setup. You don’t need a customized environment for
different types of tests. Unit tests run by default, and integration tests
are specified as a phase in the Maven build (between the packaging
and the install phases). In this way, you can rely upon the previously
built package, which can output a WAR file. To run your integration
tests, you need to add and configure the dedicated plug-ins.
Maven component repositories
• Maven repositories are essential for organizing build artifacts of
varying types and their dependencies on each other. Two types of
repositories are remote and local.
• SonarQube, developed by SonarSource, is an open-source tool for
automated code review and analysis. Consistent code quality is
something every manager or technical director aims to maintain, and
although new tools pop up frequently, each promising more features
than the last, very few code quality and security tools come close to
competing with SonarQube. Supporting static code analysis for 20+
languages, this Sonar code quality tool is trusted and used by many
professional teams worldwide.
• We will be looking over how to start using the SonarQube tool for
code quality in your own projects to generate detailed reports on
bugs, security vulnerabilities, duplicate code, code smells, and much
more. Let’s get started.
•Can perform automatic reviews with static code analysis for many
problems that affect code quality.
•Helps maintain quality and reliability of code projects over its life-span
using advanced quality test metrics and graphs.
•Integrates seamlessly with other tools like Jenkins, Atlassian, MSBuild,
etc, which helps productive workflow.
•Supports most popular programming languages like Java, Python,
How SonarQube helps to assess the quality of the code
SQALE approach is used in the SonarQube top-notch design, with specific
changes. The SQALE technique, widely recognized, concentrates primarily on
programming difficulty, maintenance and will not consider the program's
In essence, if a significant safety issue is found in a program, one needs to solve
every stability, modifications, usability, and running strictly according to the
SQALE approach and after turn again in the latest severe problem. In reality, if
possible flaws in the program for such a lengthy period and gets zero consumer
error complaints, it is far more critical to concentrate on remediating the latest
How to Use SonarQube Tool For Code Quality
• Step 1: Download and Unzip SonarQube
• Prerequisites: Java (Oracle JRE11 or OpenJDK 11 minimum)
• SonarQube comes in four different editions, including paid ones,
however, for the purpose of this article, we will be using their free
open-source community edition.
Step 2: Run the SonarQube local server
At this point, you should be greeted with a little `.bat` file (if you are
on windows) or a `.sh` file (if you are on Linux or Mac). The next
step will be to execute this file to proceed into the console.
On Windows, navigate into the parent directory containing the
`StartSonar.bat` file. This can be done by navigating to the unzipped
folder ('sonarqube') and into the bin and windows-x86-xx folder
Step 3: Start a new SonarQube project
Now that you have successfully run your SonarQube server, you can proceed
to start your first code project. Click on the ‘+’ icon on the top right of the
navigation bar and select ‘Create New Project.’
In the next page, enter a unique project key and a short and suitable display
Name and click on Set Up.
Step 4: Setup Project properties and SonarScanner
This step should be pretty straightforward if you have spent any time
working on code projects.
directory in your environment variable list.
This can be done by adding an entry in the `Add Environment Variables`
window for Windows.
Step 5: View your analysis report on Sonar Dashboard
After the scan has completed through your code-base, go back to your SonarQube
dashboard on http://localhost:9000 and log in using your credentials. Select your
created project and you will find a code analysis report waiting for you.
The free Community Edition should include Reliability (measured in # of bugs),
Security (in terms of vulnerabilities), Maintainability (depending on your code debt
and smells), Coverage, and Duplications. Depending on the number and intensity of
each check, the Quality Gate will either 'Pass' or 'Fail' the project. A green color
grade will show areas where your code performed well while yellow and red color
grades will highlight problem areas.