Integrating SonarQube APIs with a Java application
At the beginning I would like to say that this is my first Medium post and please note that their will be some mistakes in here :-). In this very first post I would like to discuss about how to integrate Sonarqube APIs with a Java application by using sonar web client.
What is SonarQube?
SonarQube(AKA Sonar) is an opensource, static code analysis platform which was developed by SonarSource. This platform can be used to inspect code quality continuously in order to detect bugs, code smells and security vulnerabilities over 25+ programming languages like Java, C, C# and many more. Also sonar offers reports on duplicated code, code coverage, bugs, security vulnerabilities etc… I will provide some resources that can be used to refer the details of Sonar at the end of this post.
Integrating Sonar APIs with Java
At the beginning you need a Sonar platform which is used to analyze your codes. How to set up a Sonar platform can be found in here. The provided link will describe how to set up SonarQube 7.9 version. After successfully setting up the Sonar platform, you can find what kind of APIs that are available to be accessed by using SONAR_SOURCE/api/webservices/list API endpoint. SONAR_SOURCE is the URL which is allocated to your Sonar platform set up. This API endpoint will provide a full description about the web services (or the API endpoints) that can be accessed by you. Following figure will present a part of the response of the aforementioned endpoint.
Next you need to create a Java application which is able to connect with your Sonar platform and get the relevant details. Here I prefer to create a Java application by using maven project management tool. The reason for that is because there is a dependency called as SonarQube Web Services Client which we can use to connect to our Sonar platform from a Java application. By adding this dependency to the pom.xml file of your application, the application will be able to connect to your Sonar platform.
Now create a Java application(or a project) by using IntellijIDEA(personal preference. can be changed by your preference) IDE with a suitable application name. Here I am not going to describe how to create a Java project.
Then add the aforementioned maven dependency to the pom.xml file of your created application. The pom.xml file after adding the dependency is as follows.
Now create a Java class inside the Java directory of the project. After creating the Java class, create a Sonar Client object inside a method. This object is responsible to create the connection between your Java application and your Sonar platform.
In here, the URL of your Sonar platform must be replaced to /*Your_Sonar_platform_URL_goes_here*/ string inside the SonarClient.create() method. If you want to access the API with the security, you can add your username and password to the previous method as parameters. Now get an API endpoint that you want to access from the Java application. Here that is denoted as sonarEndpoint.
Now your Sonar client is ready and also the API endpoint is. Some APIs may need some parameters to be processed inside Sonar platform. So, if your API endpoint needs some parameters, you can create a HashMap and add those parameters to that HashMap as key value pairs as follows.
Lets call the API endpoint by using the created Sonar Client for your Sonar platform. To call the API endpoint, you can use the built-in methods of the created Sonar Client object. If the API endpoint is a GET, we can use the sonarClient.get() method. If the API endpoint is a POST, we can use the sonarClient.post() method. The responses of these two methods are Strings.
As you can see here we can get the response of the API call to a String. For the sonarClient.get() method, we need to add the API endpoint as well as the parameter list(if there is one), in order to execute the API correctly. Now run the method and see the miracle.
If you need to generate a JSON object or a JSON array from this response, you can do it by using google simple JSON like dependencies. Also if you need to expose an endpoint to outside of the Java application, you can try a spring-boot application for that purpose.
Following section contains the resources that I have followed in order to create this post.
Adios Amigos!
References
https://en.wikipedia.org/wiki/SonarQube
https://docs.sonarqube.org/display/SONARQUBE43/Web+Service+API
http://javadocs.sonarsource.org/5.1/apidocs/org/sonar/wsclient/SonarClient.html
https://blog.codingblocks.com/2017/why-java-is-here-to-stay/
