Skip to Content

SonarSource: Visualizing Technical Debt

Source code control

Every righteous developer pays attention to the quality of his/her code. Still this is many cases a very personal process and not every developer involved on a project will measure by the same quality standards. Some don’t even bother about the quality at all. *shiver*

This means that sub-par code may end up in production and as a result, drag the overal quality of work down. It’s nearly impossible to avoid this, unless by hand checking every single transport and not approving anything until quality is up to the level. So the need for a central code aggregating and validating system grows. Something like, SonarSource.

The first time I heard about SonarSource was a couple of months ago, and I was really impressed by it’s capabilities of evaluating custom code, regardles of whether it was Java or .Net. I was however a bit sceptical about it’s use to SAP and ABAP, as we already have this very nice Code inspector.

Much fuss, little action

Still, It strikes me that there is only one blog on SDN which deals about Sonar and it refers to the community ABAP plugin. Moreover, it dates from nearly a year back, and in the meanwhile, nobody has ever mentioned it.

Nonetheless, the term “Technical debt” (which I too, love as a metaphore) is flying around the place. It refers to the fact that quality standards and guidelines, are frequently passed when the budget is under stress. This results in sub-par code in productive environments, which could lead to system instability. The longer these Abominations stay in production, the more it’s going to cost to fix it.

  • Dependencies might grow
  • Knowledge on the topic may move away from the company (especially in the case of consultants)
  • Software lificycle reaches critical use (the longer something is live, the more users come in)

Code inspector

If you’re a technical profile, or regularly do quality checks, you know the code inspector already. Depending on your job and the quality of your code, you either love it, or hate it. Personally, I think it’s a fabulous tool, for what it’s meant. It’s meant to perform code checks at build time and it does so brilliantly, especially if it’s configured as a required step in the activation or release process.

Code Inspector

So rewarding to see no errors whatsoever. Damn I’m good! :-p

It does not however, provide any trend analysis. It’s system dependent. It only works for ABAP, so the Java and .Net guys have to find their own solution. Quality control needs to access the SAP system to perform ad-hoc code checks.

Still, I believe the code inspector is a marvelous tool to improve your own code. It also works in a motivational way. It’s so rewarding to see a screen which indicates 0 errors, when you run the most stringent code-inspector on it. I have noticed on a personal basis that force-using the code inspector, made the quality, performance, knowledge and satisfaction of developers, go up.


So why would one than opt for a third party source inspector, which is external to the SAP system and doesn’t provide the deep, deep, inspection to the level of “select-performance” checks.

“We’ll get back to that later”

The answer to that, is in the fact that frequently, quality is sacrificed in favor of speed and budget. Mostly, this is done with the idea: “we’ll get back to that later and fix it”. But how often does that happen. You note it down in your own notebook, but you hardly ever come back to that. Let alone the fact that there are dozens of those notebooks out there, and you as a responsible programmer, have no idea what is in them.

So you could definitely use a central system, which aggregates these “I’ll come back to that later”-cases. Better would even be, that this central system, checks the source repositories, and identifies these cases by itself. And what if it keeps track of these cases over time, to see if quality improves? Or that it analyzes the problems and makes a prediction of the workload to fix them?

Who cares?

As a developer, this may sound rather “Meh..” to you, but that’s ok, because you have your trusty code inspector. As a quality assurance agent however… Oh My God, Where can I find this magical tool?! As it so happens, SonarSource can do all of these things mentioned above and it’s completely community and plugin driven, so new features are added with the speed of light.

You can have a play with Sonar on their cloud served demo environment, which they actually use to evaluate community projects. How cool is that? They even added their own source code in there for evaluation. Drinking own champagne, eating own dogfood, walk the talk, or whatever expression comes to mind…

Sonar Metrics

In theory, it looks great, and even in practice, it delivers. The only thing that is not clear yet, is that infamous ABAP plugin. About a year ago, Dirk Hirsh posted forementioned blog to call for assistance on the community driven plugin. Meanwhile, A commercial plugin exists (9500€ / year / sonar instance), I’ve seen it in action and it looks pretty darn good. It doesn’t provide all the features of the code inspector, but in order to quickly detect coding violations on a global system level, it’s invaluable.

Time machine


Quality does come at a price. Sonar itself is free of charge and you can just download it straight away. It includes free Java and .Net plugins, but if you want extra tools or plugins, such as SQALE, or the ABAP plugin, you may have to pay for them, as some are commercially built. But if I compare a price of 10K for the ABAP plugin to the amount of rework and maintenance caused by bad code, than I think that this is a very fair price.

Also featured on “Connecting the dots” (my own blog).

You must be Logged on to comment or reply to a post.
  • Congrats on the blog. When I saw the twitter post from SCNBlogs I thought: oh, someone was faster than me. Time to get my sonar blog on the way, from a Java developer perspective. It’s in my pipeline for over 6 months 🙁
    • Thanks Tobias,

      I know the feeling. Some of my articles never seem to get delivered. Mostly because I reread them myself and think: “Well,… That’s not interesting to read…”

      But I’m looking forward to see some more info on this great tool, and in more general, about code quality control.


  • Thanks for the article Tom.

    Reading your article I was wondering if Sonar can be used to analyse Source code on standard SAP ECC ?

    Have you heard of people using out of the cloud ?

    Best Regards


    • To answer your first question:

      Yes, you can use Sonarsource to analyze SAP standard code.

      But what would be the use of that?

      You can’t correct it anyway, that’s up to SAP. And SAP never gave any guarantee on code quality. (at least not that I know)

      On the second question: No, I have not heard of people using it in the cloud. Mainly because I haven’t followed developments around sonarsource. I did some initial research, wrote this blog, and then handed it over to the Development an Quality team lead within my former company to take advantage of it.

      But that’s already 3 years ago, so I’m not up to date on things.