what is the best static code analysis tool for android project?-ThrowExceptions

Exception or error:

I have developed one Android app using eclipse IDE and now code count grows very hugh, so I want to do the code review using some static code analysis tool which can help me to find out all silly mistakes in the code, duplicate code , exception handling errors etc. and it should be pluggable with eclipse IDE.

Can anybody suggest me the tool which i can use it in my project to resolve all coding issues.

How to solve:

Sonarqube step by step implementation

Step 1:
First download the sonarqube LTS(Stable version) from this link

Don’t download latest version. It produce java version issue. I tried
7.3 version working fine for me.

enter image description here

https://www.sonarqube.org/downloads/

Step 2:
goto conf -> wrapper.conf -> set your java path

wrapper.java.command=C:\Program Files\Java\jdk1.8.0_60\bin\java

Next goto bin -> select your OS -> Click StartSonar

enter image description here

Step 3:
http://localhost:9000/

Default Login credentials

Username – admin

Password – admin

Step 4:
Project Build gradle File

   repositories {
       jcenter()
       maven { url "https://plugins.gradle.org/m2/" }//add
   }

   dependencies {
       classpath 'com.android.tools.build:gradle:2.3.0'
       classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6.1" //add
       // NOTE: Do not place your application dependencies here; they belong
       // in the individual module build.gradle files
   }
}

allprojects {
   repositories {
       jcenter()
   }
}

task clean(type: Delete) {
   delete rootProject.buildDir
}

Step 5: (Just copy & paste at bottom of build.gradle)

App Module Build gradle File

apply plugin: 'org.sonarqube'

sonarqube
       {
           properties
                   {
                       property "sonar.projectName", "RealmSample"
                       property "sonar.projectKey", "org.sonarqube:android-simple-sq-scanner-gradle"
                       property "sonar.language", "java"
                       property "sonar.sources", "src"
                       property "sonar.binaries", "build"
                       property "sonar.sourceEncoding", "UTF-8"
                       property "sonar.login", "admin"
                       property "sonar.password", "admin"
                   }
       }

Step 6:
Gradle.Properties File

systemProp.sonar.host.url=http://localhost:9000
systemProp.sonar.login=admin
systemProp.sonar.password=admin

Step 7:

Open android studio terminal tab(Android studio bottom) & open your current project path ex: cd:\ d:yourProjectPath

And apply this command

Windows OS

.\gradlew sonarqube

MAC OS

bash ./gradlew sonarqube

Step 8:

Check now http://localhost:9000 (if not refreshed click refresh button)..

Now you can analyze your code.

Note: If anybody using mac try this

Step 1:(Install homebrew command)
ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”

Step 2: Install open JDK (Java)

brew cask install adoptopenjdk

Step 3: Install Sonar

brew install sonar

Step 4: Start sonarqube

brew services start sonarqube

For kotlin support. (don’t go latest version it will produce java version issue)

Use 7.3 version

download link – version https://www.sonarqube.org/sonarqube-7-3/

follow all above steps with 7.3 version and change language in build.gradle

property "sonar.language", "kotlin"

###

I don’t know about “best”; I only know about “useful”. I would start by simply opening the Lint Warnings view (Window -> Show View -> Other -> Android -> Lint Warnings). Then you might consider using FindBugs, an excellent tool.

It’s not a static code analysis tool, but during development you should enable StrictMode. It helps find a lot of coding problems specific to Android. (Turn it off for deployment!)

For other tools, take a look at this thread.

###

Sonarqube is a platform to analyze code quality,security and reliability.It is a continuous inspection engine and offers reports on duplicated code,exception handling, coding standards, unit tests, code coverage, code complexity, potential bugs, comments , design and architecture etc.

I have used it and it helps me to detect bugs and keep my code clean and of good quality.

UPDATE

Below is the link of post on my blog which gives complete detailed explanation of integrating sonarqube with sonarqube scanner.

Integrating and Understanding SonarQube in Android

Leave a Reply

Your email address will not be published. Required fields are marked *