Improve your code using Sonar with Flex plugin

Bad code leads to bugs, hard understanding, hard maintenance. We should really learn to write good code, and with so much open source tools for code analysis we could improve it one step higher.

Sonar is a tool for code quality analysis. It helps improving software quality using static analysis tools. It targets Java code, but there are plugins for Flex, C, PHP, .Net and other languages. The Flex plug-in specifically uses FlexPMD, FlexMetrics, FlexCPD and FlexMojos.

In this post I will show you the features that FlexPMD gives us within Sonar. I think that this tool is not really known by the Flex developers, I admit that I also didn’t have an idea what it is until recently.
Have you used eclipse for Java developing? I really love when warnings like unused variables and not called methods appear. Well FlexPMD does this for us along with a lot more things. It even can be used inside of Eclipse to show you live reports. There are defined rules that FlexPMD follows to catch issues in the code and bad practices. Great thing is that you can also define your own rules using this flex app

Step 1. So first go and download Sonar. After that download the flex plugin for it. It is a jar file. Now extract the contents of the sonar archive in a desired location, and place the sonar-flex-plugin-x.x.x.jar in extensions\plugins directory of sonar. That’s pretty much what you need to start sonar. By default it uses an embeded Apache Derby database, that you can change to whatever you want in file in conf folder. So now start Sonar. I start it from bin\windows-x86-32\StartSonar.bat as I am a windows user, if you are on other operating system start it from bin\YOUR_SYSTEM\ Have in mind that it takes a while to start so have patience. To assure that it is started open a browser and navigate to http://localhost:9000/

Step 2. Create a flex project. I will create a small test project with one class written really ugly and bad and doesn’t actually do a thing it is here to show you what errors Sonar will find. Pff It doesn’t even deserve to be put it in a code tag and to be styled because I am embarrassed of it 🙂
Here it is:

public class MyTestComponent extends UIComponent  
 private var r:Number;  
 private var variableNotUsed:Object;  
 override protected function updateDisplayList(unscaledWidth:Number, unscaledHeight:Number):void  
  r = Math.random()* 85;  
  var child1:UIComponent = new UIComponent();  
 public function myFunctionWithVeryLongNameAndLotsOfParametersThatDoesNothing(p1:String, p2:Number, p3:Object, p4:Boolean, p5:int, p6:*, p7:Array):void  

Step 3. Run analysis built with Maven. For this step you should have Maven 2 on your computer (I think Maven 3 will also work, but I have tested it with 2). Note A lot of Flex developers think of Maven as the Black ninja, Java developers use for their projects. Maven is a tool that helps managing the building, documentation, testing and reporting for Java projects. With FlexMojos you can even use it for your Flex projects also. It is a lot useful for continuous integration. So my note to the Flex developers: don’t be afraid of Maven, it is here to help us 🙂

Assuming that you have Maven on your computer, as the documentation on the sonar site suggests, add

      <name>FlexPMD repository on</name>  

this to the settings.xml file of maven located either in $M2_HOME/conf/settings.xml or ${user.home}/.m2/settings.xml

And now in the flex project folder add a new file named pom.xml

<project xmlns:xsi="" xmlns="" xsi:schemalocation="">  
  <name>Test Sonar Project</name>  

Now open a console, navigate to the location of your flex project and type “mvn sonar:sonar -Pflex”.

Step 4. After some time of downloading the needed jars for the build and running the analysis task we can check what happened when we open http://localhost:9000/ There should be displayed our project with all the violations that were detected.
For my test project I have
Blocker 12
Critical 0
Major 9
Minor 0
Info 1

And when I select to see the Blocker issues for example I see:

Hmm strange, but it found most of the issues I think are present in this code 🙂

So tell me, do you use Sonar for static analysis of the code, or maybe some other tool? And I’m really interested on how do you use it? Did you integrated it in continuous build or do you check the code once in a while on your computer? Do you use it individually or your whole team uses it.


  1. Serge · March 5, 2011

    Hey there, Tony,

    Do not think that a static analysis tool will help you in becoming a better developer.

    I believe that such a tool can only make your code reviews easier, as you will spot issues earlier. It can be used for guidance, never for guaranties.

    What I mean to say is, if you want to write better code do not start with a tool, start with someone reviewing your code, start with you reviewing the code of your colleagues.

    Only turn to such a tool if you feel the need to spend less time for reviews.


  2. Tony Georgiev · March 5, 2011

    Thanks Serge for your comments.
    I also believe that code reviews are far better than using whatever tools, after all what these static analysis tools do is more like subset of what is done on a code review. And I think that using such tools is usefull in the time between code reviews. However when using such tools you start to know what are some problems in the code, therefore you start avoiding those problems by writing better, therefore you make a step at being a better developer. At least that is my point of view.


  3. Vladimir Tsvetkov · March 5, 2011

    To be honest, I'm one of the Flex developers having troubles adopting Maven. My first attempt was autumn 2009 and it was so discouraging that prevented me from giving it another try…

    I would love to see a step-by-step tutorial of how to setup a mixed nature project – Flex and Java with FlexUnit and JUnit and the framework stack we use at Obecto – you know… Spring, Hibernate, etc.

    @Serge Static code analysis can be automated and run at the cost of 0 effort, while code reviews can't! I'm not gonna argue on whether code review is a useful technique – both of us know it's something really mandatory. But you gotta agree that using the right tools can really change the way you write code. Simple things like setting your compiler in strict mode… Static analysis tools are enforcing a certain discipline – simple rules on how to keep a basic hygiene.


  4. Serge · March 6, 2011

    Of course that's true, my only point was that you need to know why each and every rule is enforced.

    If you enforce these rules on a beginner just imagine how he'd go working around each rule and creating a hell of a mess. 😉

    I personally have spent the time going over all of StyleCop and FxCop rules (yes, .NET) and I have learned a lot from them. But we have not felt we need to include these in our CI at work. Mainly because we have a HUGE code base that we do not want to work on at the moment. (10 years of legacy).


  5. Vladimir Tsvetkov · March 7, 2011

    I have to agree with Serge – using just the tool won't help in the long run if the programmers haven't read Clean Code: A Handbook of Agile Software Craftsmanship or a similar title.


  6. Kavya Reddy · June 11, 2013


    Can any one please tell me how to implement custom rule in sonar code analysis tool for c# project… Please suggest me what is the best way to do it…

    Thank you


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s