“Any fool can write code that a computer can understand. Good programmers write code that humans can understand.” — Martin Fowler

If we are good programmers that are willing to be better, we have to strive for writing clean code.

So what is clean code, then? It is code that is easy to read, understand, and change for our future self and others. It has meaningful and intention-revealing naming that does not force the reader to guess. It is like a good joke, in that we don't have to give a description after it. It has a good unique formatting style that is agreed by the team.

By the way, clean code doesn't happen on the first shot, so we need to adopt a mindset to improve the code that we are working on. Code review procedure is a good way to achieve this goal. Double-checking the code with different perspectives not only evolves the code to be cleaner but also helps to share the knowledge across the team. So we have to take the time for code review. In order to make this time pass more effectively, we can take some simple steps before it, like using static code analyzers.

Static code analyzers analyze the source code without running them. With static code analyzers, we can improve overall code quality, fix early stage bugs, and keep the team to the same coding standards. Besides these features, static code analyzers also help us to improve our coding knowledge as they are searching for common bugs and problems that someone experienced before us and give advice on solutions.

In this post, I wanted to share my experience on how to use static code analyzers in our development environment. As I am using IntelliJ IDEA, I will mention the plugins that I am using there. But you can also find the same or similar alternatives in your favorite IDE.

Save Actions Plugin

I suggest using the Save Actions plugin that I am using. With this plugin, we can easily do some standard actions such as reformatting our code, optimizing imports, and more right after we have synchronised (or saved) our code.

Code Inspection

When we click on “Analyze > Inspect Code” to access that menu, we can easily start a code inspection on our whole project. Code inspection detects compiling errors, code inefficiencies, unreachable or unused code, memory leaks, and spelling problems.

IntelliJ IDEA also provides quick fix suggestions for most of the detected issues. We can apply those fixes with just one click. You can find more detail here.

FindBugs

FindBugs is a defect detection tool for Java, which searches for bugs like null pointer dereferences, and infinite recursive loops. After installing the FindBugs plugin and clicking on “Analyze > Inspect Code > FindBugs > Analyze Project Files,” we can start a code inspection on our whole project.

CheckStyle

Checkstyle checks whether code adheres to established coding standards. After installing the CheckStyle plugin, we can see the issues in the code inspection results as a separate item.

SonarLint

SonarLint checkx for quality issues. SonarLint also provides comprehensive documentation about the issues, giving explanations, links, and both compliant and noncompliant examples. You can find details about the rules here, which also help us improve our coding knowledge.

After installing the plugin and clicking on “Analyze > Inspect Code > Analyze All Files With SonarLint,” we can start code inspection on our whole project. We can also configure the plugin to analyze our code just after writing.

SonarQube

While SonarLint lives only on the IDE and can give instantaneous feedback, SonarQube is a central server that processes full analyses which need to be triggered by the various SonarQube scanners. Its purpose is to give a vision of the quality of our code base. If we want to use SonarQube in our local environment, we can download it or use its Docker image to start the server. Either way, after starting the SonarQube server, we have to login to the server at http://localhost:9000 with credentials "admin/admin," add our project to the server, and then we have to build our project with the parameters provided by the SonarQube server.

If we don’t want to deal with the steps above, we can also run a code inspection extremely simply. In order to do that we should save the "docker-compose.yml” file below into our project’s root directory and at the same directory as therun docker-compose up command. Notice that we have to have Docker installed in our local environment. I am using Maven in my project, but you can change the bash command in the file according to your needs.

docker-compose.yml

version: "3.1"

services:

  analyzer:
    image: maven:3.6.0-jdk-8-alpine
    working_dir: /usr/src/app
    restart: on-failure
    volumes:
      - ./:/usr/src/app
      - m2_repo:/root/.m2
    command: >
      bash -c "mvn clean install \
               -Dsonar.host.url=http://sonar:9000 \
               -Dsonar.login=admin \
               -Dsonar.password=admin \
               sonar:sonar"
    depends_on:
      - sonar

  sonar:
    image: sonarqube
    restart: on-failure
    ports:
      - "9000:9000"
    volumes:
      - sonar_cache:/root/.sonar/cache
      - opt_sonarqube:/opt/sonarqube

volumes:
  m2_repo:
  sonar_cache:
  opt_sonarqube:

After analysis finishes, then we can open http://localhost:9000/issues?resolved=false to see the detail about issues without logging in.

If you install Docker Integration Plugin you can add docker-compose run configuration and after that you can start a Sonar analysis with one button click.

In this post, I have tried to share my experience on clean code and static code analyzers that I am using in my local environment. I hope you enjoyed it. It would be appreciated if you could share your experiences, too.