You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

SonarQube is a static source code analysis tool. It can quickly flag common developer mistakes and help to enforce language specific best practices. SonarQube leverages reports generated by other build tools such as Jacoco for analyzing test coverage, and is executed during our build process via the Gradle Sonarqube Plugin. Besu has integrated these scans into our CI process to provide developers with reporting on their PRs, and encourage them to maintain the metrics we deem important.

How it fits into CI

As of this writing, SonarQube results do not affect the ability to merge any submitted PR. Although a failed check will be displayed on the PR, it is not gated from being merged. We encourage devs to make sure these scans pass, but we do not require it at this point. SonarQube scans were introduced in Q3 of 2021, and the development team is still learning how they can best be leveraged by our CI process.

SonarQube is currently being run on all PRs opened into the repository. Results are listed as comparisons

The Besu Way

SonarQube ships with a default collection of rules that reflect it's opinion on what Java programming best practices are. This is referred to by Sonar as "The Sonar Way", and is a regularly updated reflection of the very broad Java software development industry. The developers maintaining Besu, have started with this ruleset and then removed any rules that they disagree with. The key differences are:

  1. Disabling code duplication warnings. Duplication of code is sometimes acceptable when it leads to performance improvements in Java. There are a few cases in Besu, particularly in the EVM subsystem, where repeated code is faster than it would be if it were reusable via method calls.
  2. Code coverage requirements set to 80%.

Code Coverage

Besu uses jacoco from gradle to calculate the coverage of our unit tests. Currently, our integration and reference test targets which also run on CI, are not contributing to the coverage statistics. 

  • SonarQube IntelliJ Plugin
  • Example usage workflow.
  • Setting strategy
  • Outstanding Issues
    • Coverage on non-unit tests?
    • Only run on PRs into main?
    • Only run nightly?
    • Leak periods?


  • No labels