I have developed an Android app using the Eclipse IDE and now the code count has grown very huge. I want to do the code review using a static code analysis tool to help me find any silly mistakes in the code such duplicate code, exception handling errors etc. It should be pluggable within the Eclipse IDE.
Can anybody suggest a tool which I can use in my project to detect coding issues?
I don't know about "best"; I only know about "useful". I would start by simply opening the Lint Warnings view (Window -> Show View -> Other -> Android -> Lint Warnings). Then you might consider using FindBugs, an excellent tool.
It's not a static code analysis tool, but during development you should enable StrictMode. It helps find a lot of coding problems specific to Android. (Turn it off for deployment!)
For other tools, take a look at this thread.
Sonarqube step by step implementation
Step 1: First download the sonarqube LTS(Stable version) from this link
Don't download latest version. It produce java version issue. I tried 7.3 version working fine for me.
https://www.sonarqube.org/downloads/
Step 2: goto conf -> wrapper.conf -> set your java path
wrapper.java.command=C:\Program Files\Java\jdk1.8.0_60\bin\java
Next goto bin -> select your OS -> Click StartSonar
Step 3: http://localhost:9000/
Default Login credentials
Username - admin
Password - admin
Step 4: Project Build gradle File
repositories {
jcenter()
maven { url "https://plugins.gradle.org/m2/" }//add
}
dependencies {
classpath 'com.android.tools.build:gradle:2.3.0'
classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6.1" //add
// NOTE: Do not place your application dependencies here; they belong
// in the individual module build.gradle files
}
}
allprojects {
repositories {
jcenter()
}
}
task clean(type: Delete) {
delete rootProject.buildDir
}
Step 5: (Just copy & paste at bottom of build.gradle)
App Module Build gradle File
apply plugin: 'org.sonarqube'
sonarqube
{
properties
{
property "sonar.projectName", "RealmSample"
property "sonar.projectKey", "org.sonarqube:android-simple-sq-scanner-gradle"
property "sonar.language", "java"
property "sonar.sources", "src"
property "sonar.binaries", "build"
property "sonar.sourceEncoding", "UTF-8"
property "sonar.login", "admin"
property "sonar.password", "admin"
}
}
Step 6: Gradle.Properties File
systemProp.sonar.host.url=http://localhost:9000
systemProp.sonar.login=admin
systemProp.sonar.password=admin
Step 7:
Open android studio terminal tab(Android studio bottom) & open your current project path ex: cd:\ d:yourProjectPath
And apply this command
Windows OS
.\gradlew sonarqube
MAC OS
bash ./gradlew sonarqube
Step 8:
Check now http://localhost:9000 (if not refreshed click refresh button)..
Now you can analyze your code.
Note: If anybody using mac try this
Step 1:(Install homebrew command) ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Step 2: Install open JDK (Java)
brew cask install adoptopenjdk
Step 3: Install Sonar
brew install sonar
Step 4: Start sonarqube
brew services start sonarqube
For kotlin support. (don't go latest version it will produce java version issue)
Use 7.3 version
download link - version https://www.sonarqube.org/sonarqube-7-3/
follow all above steps with 7.3 version and change language in build.gradle
property "sonar.language", "kotlin"
SonarQube is a platform to analyze code quality, security and reliability. It is a continuous inspection engine and offers reports on duplicated code, exception handling, coding standards, unit tests, code coverage, code complexity, potential bugs, comments, design and architecture etc.
I have used it and it helps me to detect bugs and keep my code clean and of good quality.
UPDATE
Below is the link of post on my blog which gives complete detailed explanation of integrating SonarQube with SonarQube Scanner.
