Continuous Inspection – Sonar

Code Quality


If more than two developers work together on the same project for a while, nobody ever says that code quality is good enough. Developers are very often unhappy with their application code quality. Very often those judgments are subjective and are not proven by data.

And what does it exactly mean  – “code quality”? If an application has no bugs, can we say that it has low quality?

Yes, we can!

A low-quality code has the following characteristics:

  • high complexity
  • difficult to maintain
  • difficult to extend
  • lots of dependencies
  • no tests
  • no documentation
  • no unified code style

And those characteristics can be measured. Moreover, we can measure them automatically, and we can include this measurement process into our build process.

Continuous  Inspection

Continuous Inspection is a new approach to code quality management. It helps to make software quality measurement a  part of the software development lifecycle.

The key concept in Continuous Inspection is finding problems early. In this case, it would be easy and cheap to fix them. Automated code audits can be performed daily or might become a step in your continuous integration pipeline.


Prevention is the best medicine!

  • Quality improvements of code produced by increasing developer knowledge and understanding of code quality issues.
  • Reducing maintenance cost through early identification of quality issues.
  • Reducing time that is spent on code reviews
  • Improving the productivity of software development teams (suppress code duplication and redundancy)
  • Automatic detection of bugs and provides an opportunity to fix them before rolling software out to production

Developers 7 Deadly Sins



SONAR is an open source web application to manage code quality.

It provides support for numerous languages, including Java, C#, C/C++, PL/SQL, JavaScript, and COBOL, SonarQube offers a unique solution to cover large portfolios of applications.


More than 60 community and commercial plugins are available for SonarQube, making it easy to enhance your experience with extra languages, metrics, pages. Plugins can also be developed to meet specific needs within an organization.

Key Metrics

Sonar has a lot of plugins with hundreds of metrics to check. I would recommend focussing on the rules that would help to find the next problems:

  • Potential bugs
  • Potential performance problems
  • Potential security issues
  • Duplicates
  • Сoverage

Sonar for iOS

Unfortunately, SonarQube plugins for Objective C and for Swift cost a fortune.

Thanks to the community you can try to use community plugin:


community plugin
official plugin
price Free

€ 5,000 per year

support no included
  • Complexity: uses Lizard
  • Documentation: blank comments, comment lines, %
  • Duplication: blocks, lines, %
  • Issues: Uses OCLint: 63 rules, and Faux Pas: 102 rules
  • Size
  • Test: Uses xctool, will probably switch to xcodebuild + xcpretty soon
  • Code coverage: With gcovr for project before Xcode 7, otherwise slather
200+ rules: details
supported systems
  • 0.4.x releases for SonarQube >= 4.3 (4.x and 5.x) 

  • the latest release was in 01/2015

  • no  information about XCode supported
  • all Sonar versions are supported

more details:

Sonar for Android

Recommended Process


Installation and Configuration

Sonar installation guide: 

Plugins installation: 

Please find additional information in my presentation:



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at

Up ↑

%d bloggers like this: