JBC So n a rQ u b e Plugin

Doc u m e n t Hist o r y

Revi si o
Dat e Ame n d e d Na m e De s c r i p t i o n
n
1 19 th May 2017 JN. Char pi n Initial version
2 30 th May 2017 JN. Char pi n Minor ame n d m e n t

3 4 th May 2018 JN. Char pi n Self- deploya bl e art efa c t

4 8 th May 2018 JN. Char pi n LTS 6.7.3 migr a ti o n

Add capa bility to run analysis on non- compo n e n t iz e d

5 14 th June 2018 JN. Char pi n
code. JBC Preco m pil e r rule tem pl a t e suppo r t.

6 22 nd Marc h 2019 S. Sakt hi R19 AMR Review

7 25 th Marc h 2020 S. Sakt hi R20 AMR Review

Bash e e r
8 8 th Jan 2021 Sona r Q u b e version upgr a d e from 6.7 to 7.8
Aham e d

Bash e e r
9 12 th April 2021 R21 AMR review
Aham e d

10 25 th April 2022 M. Kuma r R22 AMR review

11 6 th April 2022 M. Kuma r R23 AMR review

H. Sanofa r
12 15 th May 2023 Jdk11 Review
Nish a

2
 JBC So n a rQ u b e Plugin

Copyri g h t

Copyrig h t © Teme n o s Hea d q u a r t e r s SA 2009- 2023.

All right s rese rv e d.
This docu m e n t cont ain s prop rie t a r y inform a tio n that is prote c t e d by copyrig h t. No part of this docu m e n t may
be repro d u c e d , tra ns m i t t e d , or mad e availa ble direc tly or indirec tly to a third party without the expr e s s
writt e n agre e m e n t of TEMENOS UK Limite d. Receipt of this mate ri al direc tly TEMENO S UK Limite d
constit u t e s its expr e s s per mis sion to copy. Per mis sion to use or copy this docu m e n t expr e s sly exclud e s
modifying it for any purpo s e , or using it to cre a t e a derivative the r ef ro m .

Errat a and Com m e n t s

If you have any com m e n t s reg a r di n g this man u al or wish to repor t any error s in the docu m e n t a t i o n ,
plea s e docu m e n t the m and send the m to the add r e s s below:
Technology Depa r t m e n t
Teme no s Hea d q u a r t e r s SA
2 Rue de l’Ecole- de- Chimie,
CH - 1205 Geneva,
Switze rl a n d

Tel SB: +4 1 (0) 22 708 1150

Fax: +4 1 (0) 22 708 1160

Pleas e includ e your na m e , comp a n y, addr e s s, and telep h o n e and fax num b e r s , and email add r e s s if
applica bl e. TAFJdev@t e m e n o s . c o m

3 Teme no s Application Fra m e w o r k Java – (TAFJ)

 JBC So n a rQ u b e Plugin
Ta b l e o f C o n t e n t s

Intro d u c t i o n
The JBC Sona r Q u b e plugin is a Teme no s exte n sion to the popul a r Sona r Q u b e (SQ) contin uo u s code
quality platfor m to provide suppo r t for JBC langu a g e analysis.
It allows gettin g met ri c s, when coding Tem e no s T24 applic a tio n s agains t TAFJ runti m e , such as:
- Pote n ti al bugs and “code smells” (SQ ter mi nolo gy).

- Code cover a g e by unit test s.

- Code duplica tio n.

- Rating or code quality.

- Lines of code and docu m e n t a t i o n .

This docu m e n t is not inte n d e d to be a compl e t e SQ guide, but a manu a l to deploy the JBC plugin, run
analysis and pars e resul ts.
Being familiar with SQ platfor m is reco m m e n d e d .
Docu m e n t a t i o n rega r di n g SQ can be found online.
https://doc s. so n a r q u b e . o r g / di s pl a y/ SO NAR/Doc u m e n t a t i o n

Soft w a r e prer e q u i s i t e s
SQ minim al relea s e for JBC Sona r plugi n (PB 20210 2 and highe r ) is 7.8
Version highe r than 7.8 requi r e s Java 11 +
https://w w w. so n a r q u b e . o r g / d o w nl o a d s/
Sona rQ u b e scan n e r 3.X and highe r or Maven 3 depe n di n g on the analysis mode used.
https://doc s. so n a r q u b e . o r g / di s pl a y/ SCAN/Analyzing + w i t h + S o n a r Q u b e + S c a n n e r
There is no comp a ti bility mat rix betw e e n Sona r Q u b e and Sona r S c a n n e r
https://co m m u n i t y.so n a r s o u r c e . c o m / t / s o n a r- scan n e r- version- comp a ti bility- check/ 1 1 7 3 2
Oracl e JRE or OpenJDK (a JRE is sufficien t for SQ but JDK is requi r e d for JBC compilatio n to Java).
https://doc s. so n a r q u b e . o r g /l a t e s t / r e q u i r e m e n t s / p r e r e q u i si t e s- and- overvie w/

4
 JBC So n a rQ u b e Plugin
Data b a s e : Microsoft SQL Serve r , MySQL, Oracle, Post g r e S QL

NOTE: OpenJDK 11 test e d with SQ version 8.x.x.x and Sona r Scan n e r version 4.x.x.x

5 Teme no s Application Fra m e w o r k Java – (TAFJ)

 JBC So n a rQ u b e Plugin
JBC Plu g i n ins t a l l a t i o n

As a pre r e q ui sit e SQ must be installe d and conne c t e d to a data b a s e .

https://doc s. so n a r q u b e . o r g / di s pl a y/ SO NAR/Inst a llin g + t h e + S e r v e r
Get the JbcSon a r P l u gi n.j a r art efa c t from your distrib u ti o n chan n e l.
Deploy within SQ the plugin, simply by copying it unde r
$Sona r Q u b e_ H o m e / e x t e n si o n s/ pl u gi n s
Set the environ m e n t variabl e te m n . t a fj.r u n t i m e . e n a b l e . j b c . m e t e r = f a l s e durin g the star t u p of SQ
Rest a r t SQ if insta n c e run ni n g.
To valida t e that the JBC plugins has bee n succ e s sf ully installe d, brow s e SQ Administ r a ti o n page, Gene r a l
Settin g s. (Default port is 9000, which can be cha n g e d )
i.e.
http://localho s t : 9 0 0 0/ s e t t i n g s
You should note a JBC ent ry within the CATEGORY menu.
http://localho s t : 9 0 0 0/ s e t t i n g s ? c a t e g o r y = j b c

Getti n g start e d

To get star t e d with your first JBC project analysis you could use the dem o provide d within the
JbcSon a r Pl u gi n distrib u ti o n.
JbcSon a r Pl u gi n/ d e m o
It cont ai n s a sam pl e JBC compo n e n t project TI_Sona rT e s t and som e configu r a ti o n s files to run a SQ
scan n e r analysis.

Using sona r scan n e r

Installation and configuration

6
 JBC So n a rQ u b e Plugin
Pleas e refer to following docu m e n t a t i o n for more inform a t i o n about installing and analysin g using the
sona r scan n e r .
https://doc s. so n a r q u b e . o r g / di s pl a y/ SCAN/Analyzing + w i t h + S o n a r Q u b e + S c a n n e r

To be able to run the full compo n e n t build analysis, includi n g JBC compo n e n t compilatio n, a modifica tion
to the sona r sca n n e r is requi r e d since sona r scan n e r versi o n 3 and hi g h e r to do not us e th e
em b e d d e d JRE as a JDK is req u i r e d .
Simply am e n d in the scan n e r batc h file,
i.e., for a windows installatio n unde r
sona r- scan n e r- 3.1.0.11 4 1- window s\ bi n\so n a r- scan n e r . b a t
the prope r t y
set use_e m b e d d e d _j r e = fal s e
i.e., for a linux installa tion und e r
sona r- scan n e r- 3.1.0.11 4 1- linux/bin/so n a r- scan n e r
the prope r t y
use_e m b e d d e d _j r e = fals e
Since the batc h file is am e n d e d your environ m e n t must define a valid java JDK 8 version.

Project configuration and execution

The scan n e r is makin g use of a sona r projec t define d within the configu r a t io n file sonar-
projec t.pro p e r ti e s .

7 Teme no s Application Fra m e w o r k Java – (TAFJ)

 JBC So n a rQ u b e Plugin
Pleas e note that you have to replac e "\" by "/" on Window s when defining a pat h.
Pleas e refer to the configu r a t i o n section to get more det ails about projec t prope r t i e s.

Class p a t h setu p in Wrap p e r . c o nf und e r Sona r Q u b e / c o nf folder:

Add the below classp a t h in wrap p e r . c o nf file pres e n t s in the above- mention e d location to avoid the
FileNot F o u n d E x c e p t i o n while star ti n g the Sona r Q u b e
wrap p e r .jav a . c l a s s p a t h . 4 = C : / T e m e n o s / D e v e l o p m e n t / T A FJ_S o u r c e s / T A FJ_DEVN E W/TAFJH o m e / l i
bMo n i t o r /*.jar
Once the sona r projec t is configu r e d an analysis could be trigg e r e d by run ni n g from the projec t root
direct o ry the sona r- scan n e r batc h.
i.e.

8
 JBC So n a rQ u b e Plugin
….
On first exec utio n on verbos e mode you will notice a stack trac e as the project being analyse d does n’t
exist yet.

We will det ail in the Configur a t i o n section what occur s duri ng this build.
As mention e d in the console you should be able to brows e the analysis result.
ANALYSIS SUCCES S F UL, you can brow s e htt p://loc al ho s t : 9 0 0 0 / d a s h b o a r d / i n d e x/TI- Sona rT e s t

9 Teme no s Application Fra m e w o r k Java – (TAFJ)

 JBC So n a rQ u b e Plugin

Using mave n sona r sca n n e r

Pleas e refer to following docu m e n t a t i o n for more inform a t i o n about installing and analysin g using the
mave n sona r scan n e r .
https://doc s. so n a r q u b e . o r g / di s pl a y/ SCAN/Analyzing + w i t h + S o n a r Q u b e + S c a n n e r + f o r + M a v e n
As a pre- requisi t e you nee d a valid mave n inst allatio n.

The mave n projec t configu r a t i o n is define d within the pom.xml file within the TI_Sona rT e s t projec t.
The notion of sona r project used with sona r scan n e r in the section above is now repla c e d by the notion of
mave n projec t. The impor t a n t thing to note is that prope r ti e s used are the sam e.

10
 JBC So n a rQ u b e Plugin

Pleas e refer to the configu r a t i o n section to get more det ails about projec t prope r t i e s.

11 Teme n o s Application Fra m e w o r k Java – (TAFJ)

 JBC So n a rQ u b e Plugin

As mention e d in the console you should be able to brows e the analysis result.
ANALYSIS SUCCES S F UL, you can brow s e htt p://loc al ho s t : 9 0 0 0 / d a s h b o a r d / i n d e x/ co m . t e m e n o s . t 2 4 :TI-
Sona rT e s t

12
 JBC So n a rQ u b e Plugin
Confi g u r a t i o n and life cy l e
The sam e prope r ti e s than the one demo n s t r a t e d in the dem o TI_Test So n a r projec t are availa bl e in the
Administ r a t i o n section. They allow chan gi n g the analysis beh aviou r.
http://localho s t : 9 0 0 0/ s e t t i n g s ? c a t e g o r y = j b c
These are global prope r t i e s, but they can be refine d on a per project basis, eithe r thro u g h the sona r-
project. p r o p e r t i e s file or the pom.xml in case of mave n projec t as see n in the Gettin g star t e d section.
Befor e going into prope r ti e s det ails, let’s define the analysis lifecycle.

Lifecycle

The JBC plugin lifecycle is the following dep e n di n g on the project settin g s:
- Run the compo n e n t build senso r if ena bl e d to perfor m static JBC code analysis, exec ut e unit test s
and com p u t e code cover a g e .

- Run the highlighti n g senso r for code colorizatio n.

- Run the issue senso r to gene r a t e issues base d eithe r on existin g issue repor t (com po n e n t build
senso r exec utio n) or preco m pile r senso r .

- Run the duplica tio n senso r if ena bl e d.

- Run the cover a g e senso r if cover a g e repo r t is available (com po n e n t build senso r execu tion or
existin g repor t).

Component build sensor lifecycle

13 Teme n o s Application Fra m e w o r k Java – (TAFJ)

JBC So n a rQ u b e Plugin

14
 JBC So n a rQ u b e Plugin
Issue loader lifecycle

Code coverage lifecycle

15 Teme n o s Application Fra m e w o r k Java – (TAFJ)

 JBC So n a rQ u b e Plugin
Gene r al prop e r ti e s tab

Gene r a l prop e r t i e s
 Key: sona r.jbc.d u plic a tio n

Default: true
Enable code duplic ation analysis, mem o ry consu m i n g in case of large project with high duplica tion
rat e. Approp ri a t e hea p size must be set at scan n e r and sona r q u b e platfor m level.
 Key: sona r.jbc.co m p o n e n t . b u il d

Default: true
Full compo n e n t build: compiles compo n e n t s, run unit test s, comp u t e code cover a g e and run JBC
static code analysis.
 Key: sona r.jbc.file.s uffixes

Default: .b
Com m a- sep a r a t e d list of suffixes for JBC files to conside r durin g analysis
 Key: sona r.jbc.p r e c o m p i l e r .c h e c k

Default: false
Preco m pil e r check: run JBC static code analysis - do not run whe n com po n e n t build is ena bl e d. Do not
exec ut e unit tests nor code cover a g e .
 Key: sona r.jbc.p r e c o m p i l e r .c h e c k . n o n . c o m p o n e n t

Default: false
Preco m pil e r check par a m e t e r : run JBC static code analysis even for non- com po n e n t i z e d JBC code
(files with no $PACKAGE).

16
 JBC So n a rQ u b e Plugin
Options
 Key: sona r.jbc.co m p o n e n t . b u il d. a r g s

Argum e n t s to be pass e d to the compo n e n t builde r. Default e d to '-cf ${so n a r .j bc.c o m p o n e n t . p r oj e c t } -I

root.dir e c t o r y root.di r e c t o r y/...' when und efin e d.

 Key: sona r.jbc.co m p o n e n t . p r oj e c t

TAFJ project nam e to use durin g compo n e n t s build. Default e d to 'sona r. p r oj e c t N a m e ' .
 Key: sona r.jbc.p r e c o m p i l e r . r e p o r t . p a t h

Path used by the JBC preco m pil e r to flush analysis repo r t s. Default e d to '$
{son a r .jb c.t afj.ho m e } / j bc P r e c o m p il e r R e p o r t ' when undefine d .
 Key: sona r.jbc.co m p o n e n t . b u il d.t h r e a d s

Num b e r of thre a d s to run compo n e n t s compilation.

 Key: sona r.jbc.cov e r a g e .i n s t a n c e

Na m e of the code cover a g e inst a n c e use d duri ng compo n e n t s build. Default e d to '$
{son a r .jb c.co m p o n e n t . p r oj e c t } ' whe n undefine d.
 Key: sona r.jbc.cov e r a g e . p o r t

Code cover a g e inst a n c e port num b e r . A code cover a g e inst a n c e is star t e d durin g a compo n e n t s build
and com m u ni c a t e s cover a g e dat a to the cover a g e rec eive r .
Default: 7474
 Key: sona r.jbc.cov e r a g e . r e p o r t

Code cover a g e repo r t pat h. Gene r a t e d durin g com po n e n t build and used durin g code cover a g e
analysis. Default e d to '${son a r .j bc. t afj.ho m e } / C o d e C ov e r a g e R e c e iv e r / d a t a / $
{son a r .jb c.cov e r a g e .i n s t a n c e } / c ov e r a g e . s e r ' whe n undefine d .
 Key: sona r.jbc.cov e r a g e . r e c e iv e r . p o r t

Code cover a g e receive r port num b e r . Used duri ng compo n e n t s build. Ther e is one uniqu e cover a g e
receive r which can handl e multiple cover a g e inst a n c e s .
Default: 7470
 Key: sona r.jbc.t afj.ho m e

Path used to store and acces s TAFJ build files, analysis repor t s and logs. Default e d to projec t working
direct o ry when und efin e d sona r. wo r ki n g . di r e c t o r y whe n using sona r scan n e r or mave n build
direct o ry.

Tunning
In case of a full com po n e n t build has alre a dy been perfor m e d on anot h e r platfor m or part of anot h e r
proc e s s, sam e analysis met ri cs can be comp u t e d with the following setu p:
Turn off the compo n e n t build:
sona r.jbc.co m p o n e n t . b u il d = f a l s e
Enable the preco m pile r issue gen e r a t i o n:
sona r.jbc.p r e c o m p i l e r .c h e c k = t r u e
Deploy an existing cover a g e . s e r repo r t :
sona r.jbc.cov e r a g e . r e p o r t = / p a t h / t o/ c ov e r a g e . s e r

17 Teme n o s Application Fra m e w o r k Java – (TAFJ)

JBC So n a rQ u b e Plugin

18
 JBC So n a rQ u b e Plugin
Rul e s , qual i t y profil e s an d jbc ratin g

Preco m pil e r rules

Preco m pil e r rules are base d on JBC_Pre co m pile r .j a r art efa c t.
Pleas e refer to the prec o m pil e r docu m e n t a t i o n for mor e det ails abou t thes e rules.
These rules are ena ble d by defaul t and are tagg e d as “jbc- preco m pil e r”.
They can be brows e d in the Rules section unde r JBC lang u a g e .
http://localho s t : 9 0 0 0/ c o di n g_r ul e s # l a n g u a g e s = j b c | t a g s = j b c - preco m pil e r

19 Teme n o s Application Fra m e w o r k Java – (TAFJ)

 JBC So n a rQ u b e Plugin
Custo m rules from tem pla t e s .
Som e of thes e rules are “tem pl a t e s ” which allow crea ti n g custo m check base d on their par a m e t e r s .
JBC rule tem pl a t e s could be displaye d throu g h the options “Tem pl a t e”- >” Show Tem pla t e s Only” in the
Rules men u.

The tem pl a t e “Track uses of disallowe d keywor d” allows cre a ti n g a custo m check for the keywor d of
inter e s t .

By clicking “Custo m Rules Crea t e ”, tem pl a t e s par a m e t e r s are displaye d and allow the custo m rule
cre a tio n.

20
 JBC So n a rQ u b e Plugin

Once crea t e d the custo m rule can be seen within the tem pl a t e .
It simply nee d s to be adde d to the quality profile use d for the analysis.

Quality profiles
Quality profiles are set of rules which can be define d when run ni n g an analysis.
There is one JBC quality profiles define d by default, refer e n c i n g the preco m pil e r rules.
They can be brows e d in the Quality profile section.
http://localho s t : 9 0 0 0/ p r ofiles

21 Teme n o s Application Fra m e w o r k Java – (TAFJ)

 JBC So n a rQ u b e Plugin

Since it is the defa ul t built in quality profile, default rules cannot be modified.
Howeve r , it could be exte n d e d with the custo m rule define d above by crea ti n g a new quality profile and
inhe ritin g its default rules.

Exten di n g the built- in quality profile

Crea t e a new profile for JBC lang u a g e from the “Quality Profiles” men u.

By default, a new quality profile does n’t cont ai n any rule.

It is possible to inherit all rules from the built- in quality profile or any existin g Eithe r by chan gi n g the
par e n t profile:

22
 JBC So n a rQ u b e Plugin

Or to activa t e a set of selec t e d rules by clicking “Activat e More”:

The rule severity can also be over ri d d e n .

The newly cre at e d quality profile could be beco m e the new defa ult profile for all project s analysis or be
use d only for a set of select e d projec t s.

Quality gate and JBC rating

When perfor mi n g pre- compilation or code parsi n g duri ng issue senso r execu tion an addition al met ric is
being comp u t e d for each JBC progr a m .

23 Teme n o s Application Fra m e w o r k Java – (TAFJ)

 JBC So n a rQ u b e Plugin
This is the JBC rating. Please refe r to the prec o m pil e r docu m e n t a t i o n for more inform a t i o n about rating
com p u t a t i o n.
You could define a quality gat e to fail your build base d on a cert ai n rating thr e s h ol d.
Browse the quality gat e section
http://localho s t : 9 0 0 0/ q u a li ty_g at e s
Crea t e a new quality gat e and define an associ a t e d rule.
i.e.

Next time you will run an analysis, base d on the aver a g e JBC rating for your project, you will pass the
quality gat e or not.
The mea s u r e s section of the projec t will display the aver a g e ratin g for the whole projec t and for each jbc
sour c e file.
http://localho s t : 9 0 0 0/ d a s h b o a r d ? i d = c o m . t e m e n o s . t 2 4 % 3ATI- Sona rT e s t

http://localho s t : 9 0 0 0/ c o m p o n e n t _ m e a s u r e s ? i d = c o m . t e m e n o s . t 2 4 % 3ATI-
Sona rT e s t & m e t r i c = j b c_ r a ti n g_cl a s s

http://localho s t : 9 0 0 0/ c o m p o n e n t _ m e a s u r e s ? i d = c o m . t e m e n o s . t 2 4 % 3ATI- Sona rT e s t & m e t r i c = j b c_ r a t i n g

24
JBC So n a rQ u b e Plugin

25 Teme n o s Application Fra m e w o r k Java – (TAFJ)

 JBC So n a rQ u b e Plugin
Trou b l e s h o o t i n g

Scan n e r me mo ry setu p
In case of larg e project analysis, you can add more mem o ry to the sona r sca n n e r throu g h the
SONAR_SCAN NER_OPTS
i.e.

set SONAR_SCANN ER_OPTS = - Xmx4G -Xss200 M

Scan n e r verbo s e mode

Add to the sona r projec t the following prope r t y.
sona r.ve r b o s e = t r u e

26