Static Code Analysis – Jenkins Extensions

Static Code Analysis – Jenkins Extensions

Introduction

Jenkins is an open source continuous integration tool written in Java that provides continuous integration services for software development. This project was forked from Hudson after a dispute with Oracle. This is a server-based system running in a servlet container, like the Apache Tomcat.

Use case

We are using plug-ins and pre-defined functionality for codebase. This blog explains how we use code metrics and how to extend the pre-defined libraries for classes. Jenkins supports extended functionality and we can measure the quality of a design in terms of its extensibility, reusability, and maintainability to manage package dependencies effectively.

Solution

PMD Plug-in with Design Rules

We can extend the PMD plug-in and write our own code for customizations. The Design RuleSet contains a collection of rules that identifies questionable designs and provides suggestions to improve the quality of the code. These Design Rules also enable us to create a new Rule.

How to create our own RuleSet

There are two ways to write rules:

  • Create a rule using Java
  • Write an XPath expression
 Create a rule using Java

The following code is a simple example for making sure that the while loop in Java code uses braces.

  • We need to extend the AbstractJavaRule class.
  • We have to pass two parameters for the visit method – ASTWhileStatement, Object.
  • We have to add the method for displaying the list of warnings generated by the PMD plug-in into addViolation.
  • We need to include PMD jar in classpath for this project.
  • One more thing that we need to do is create an XML file. The below code is the sample for a custom xml file.

  • Name – WhileLoopsMustUseBracesRule.
  • Message – “Use braces for while loops”.
  • Class – Wherever you place the rule. Note that this doesn’t have to be in net.sourceforge.pmd; it can be in com.yourcompany.util.pmd or where ever you want it to be.
  • Description – Use braces for while loops.
  • Example – A little code snippet in CDATA tags that shows a rule violation.
  • Example.jar:
    com.treselle.rule.WhileLoopsMustUseBracesRule
    rulesets/java/mycustomrules

file_structure

  • Make this as a jar like file structure.
  • Add example.jar into pmd classpath.
  • Build your pmd project as normal. You can see if any custom rule is applicable in the code.
  • We can also use the custom ruleset with a predefined ruleset like image here below.

ruleset image

 

PMD_warnings

  • Below is the screenshot of the custom Rule applied in sample project.

java_custom_rules

SonarQube

SonarQube is an open platform to manage code quality. As such, it covers the 7 axes of code quality that is mentioned below.  Adding rules engines and computing advanced metrics can be done through a powerful extension mechanism.

  • Architecture and Design
  • Duplications
  • Unit tests
  • Cyclomatic complexity
  • Potential bugs
  • Coding Rules
  • Documentation and comments

 

sonarqube

Details about the 7 axes of code:

  • Coding standards – Respect coding standards and follow best practices.
  • Potential bugs – Eliminate code violations to prevent vulnerabilities.
  • Documentation and comments – Provide documentation especially for the Public API, the source code.
  • Duplicated code – Isolate and refine duplications. Don’t Repeat Yourself.
  • Complexity – Equalize disproportionately distributed complexity among Components. Eliminate complexity if possible.
  • Test coverage – Write unit tests, especially for complex parts of the software.
  • Design and architecture – Minimize dependencies.

How to configure SonarQube

  • Download the sonar-ant-task-x.x.jar and add that into ant classpath.
  • Add the below code in build.xml.
  •  Install this required Plug-in – Jenkins Sonar Plug-in.

sonar_plugin

  • Create a new Job as a Free-Style type.
  • Click Configure link on the left side menu.
  • Click on Add Build Step under Build category.
  • Add Ant Version and add target name in the build.xml.
  • Click on Add post-build action and select Sonar.
  • Configure the Maven settings if it is necessary.
  • Then click on the Save button.
  • Now click the Build Now link to build.
  • Before clicking on the link, make sure the SonarQube is running.
  • Click on the Sonar Symbol on the project page. You will be redirected to a new page that is the SonarQube Dashboard.
  • Below are few screenshots of the SonarQube Dashboard.
  • The default login or the Dashboard is admin.
  • Title Bar with Administrator login:

title_bar_admin

  • Dashboard Home page:

dashboard_homepage

  • Left Side Navigation Menu

left_side_nav_menu

profile_sonarqube

sonar_ant_task_1

sonar_ant_task_2
maven_quckstart_archetype

JDepend

JDepend traverses Java class file directories and generates design quality metrics for each Java package. JDepend allows you to automatically measure the quality of a design in terms of its extensibility, reusability, and maintainability to manage package dependencies effectively.

Before using JDepend, it is important to understand that “good” design quality metrics are not necessarily indicative of good designs. Likewise, “bad” design quality metrics are not necessarily indicative of bad designs. The design quality metrics produced by JDepend should not be used as yard sticks to measure all designs. The main features of JDepend are:

  • Measure Design Quality
  • Invert Dependencies
  • Foster Parallel, Extreme Programming
  • Isolate Third-Party Package Dependencies
  • Package Release Modules
  • Identify Package Dependency Cycles

It will provide annotation with the following metrics:

CC

Concrete Class Count

AC

Abstract Class (and Interface) Count

Ca

Afferent Couplings (Ca)

Ce

Efferent Couplings (Ce)

A

Abstractness (0-1)

I

Instability (0-1)

D

Distance from the Main Sequence (0-1)

V

Volatility (0-1)

Cyclic

If the package contains a dependency cycle

The Advantage of this plug-in is that we can create and customize it.

How to configure JDepend

  • Download Jdepend.jar and add that into ant classpath.
  • Add the below code in build.xml.
  •  Install this required Plug-in – Jenkins JDepend Plug-in

jdepend_plugin

  • Create a new Job as a Free-Style type.
  • Click Configure link on the left side menu.
  • Click on Add Build Step under Build category.
  • Add Ant Version and add target name in the build.xml.
  • Click on Add post-build action and select jDepend.
  • Then click on the Save button.
  • Now click the Build Now link to build.
  • Click on the build number and you can see the JDepend Icon.
  • Click on the icon to view the report.
  • Below are few screenshots of JDepend Plugin.

Conclusion

Some of the operations that can be performed using Jenkins Continuous Integration Server and libraries are – traverse Java class file directories, generate design quality metrics for Java package and SonarQube (supports more than 20 programming languages), add Rules Engines. Computing advanced metrics can also be done through a powerful extension mechanism.

References

http://jenkins-ci.org/node

http://pmd.sourceforge.net/pmd-4.3.0/howtowritearule.html

http://pmd.sourceforge.net/pmd-4.3.0/rules/design.html

http://docs.codehaus.org/display/SONAR/Setup+and+Upgrade

http://clarkware.com/software/JDepend.html

http://www.sonarqube.org

4741 Views 1 Views Today