Code Quality Analysis in Deployment Pipeline with Gradle, Jenkins and Sonar

Code Quality Analysis in Deployment Pipeline with Gradle, Jenkins and Sonar

Sonar is a tool that integrate a range of quality analysis tools into a single website. It provide one page visibility into quality of project source code. Developers and managers are interested in test coverage, code duplication, adherence to coding standard, cyclomatic complexity of the code and several other parameters. Sonar is an open source product and can keep all your code metrics in database, as a matter of fact, in any relational database. I integrated Sonar with Enterprise Oracle which provides storage for code quality metrics for different projects.
Our target to produce Sonar report using Jenkins, Sonar plugin, Gradle plugin and Coberture. End result should looks like this one:

Assuming you have Sonar and Jenkins ready, let concentrate on our gradle build script.
Gradle build script:

apply plugin: 'java'
apply plugin: 'code-quality'
apply plugin: 'sonar'

// cobertura dependencies and initialization
buildscript {

    // using a variable to make wiki look cleaner
    def githubBase = ''
    apply from: "${githubBase}/gradle_cobertura/gradle_cobertura/1.0-rc4/coberturainit.gradle"
// sonar settings - gradle-1.0-milestone-3 2  - check new sonar plugin for milestone 5 release
sonar {
    serverUrl = "http://sonar.server.url/"

    globalProperty "sonar.jdbc.url", "jdbc:oracle:thin:@sonardb"
    globalProperty "sonar.jdbc.driverClassName", "oracle.jdbc.driver.OracleDriver"
    globalProperty "sonar.jdbc.username", "sonarusername"
    globalProperty "sonar.jdbc.password", "sonarpassword"
    // Tell sonar where the cobertura code coverage reports are and what version of java to use.
    projectProperties(['': '1.6', 'sonar.dynamicAnalysis': 'reuseReports',
            'sonar.cobertura.reportPath': 'build/reports/cobertura/coverage.xml'



dependencies {
 testCompile(group: 'junit', name: 'junit', version: '4.8.+')

Then we run our build script:
> gradle cobertura test sonar
The result should be a report on your sonar server.

Note: I had great experience using gradle with IntelliJ Idea IDE community free edition. Probably the only IDE to support gradle at this moment.
Make sure you configured your init.gradle file in your .gradle directory with repository location, for example maven central repository.
Now let’s create a Jenkins job to run our report generating build every night. I don’t think you need to run sonar report on every build because it may take some time to run it.
Once a day is sufficient to see where is your code int terms of quality.

In Jenkins configuration we need to install Sonar plugin and configure it to read result of sonar tasks executed by gradle. For this we have to check “Check if this project is NOT built with maven 2.” on Jenkins task configuration page.

Now we can run our build job and see sonar icon appear next to out build linking to our sonar server and reports.

Combination of Gradle, Jenkins and Sonar provide very simple and effective way to monitor code quality on any software project.


  1. Peter /

    Thank you for this post. However I would like to know where was that Sonar screenshot taken from. I do not recall this sort of settings in Jenkins Configure System page neither on Job Configuration. Can you please advice?

    • edvorkin /

      Sonar screenshot is taken from Sonar web interface. Not from Jenkins.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>