Your most unhappy customers are your greatest source of learning.

How to upgrade Jenkins ?

1. Shutdown Jenkins .
2. Take backup of current Jenkins repository
3. Download jenkins.war file & put it in current webapps folder of apache tomcat.
4. Restart Jenkins
5. Start Sonar & Jenkins

Very easy and straight forward right ??????

How to upgrade sonar ?

1.    Take backup of current sonar filesystem & DB.
2.    Unzip sonar351 (Your current sonar version) in /opt/ folder.
3.    Shutdown Sonar.
4.     Update the content of the and wrapper.conf files located in the     {$NEW_SONAR_HOME}/conf directory according of the content of the related files in the {$OLD_SONAR_HOME}/conf directory
5.    Copy the directories extensions/plugins and extensions/rules from {$OLD_SONAR_HOME} to {$NEW_SONAR_HOME} (if you see problems while starting, try to remove the copied plugins from the extensions/plugins-directory and reinstall the plugins manually via the webinterface)
6.    Update with ldap settings
7.    Update sonar with http://url/setup
8.     Rename /opt/sonar351 to /opt/sonar
9.    Start Sonar

Please provide the values of the properties sonar.login and sonar.password Error in sonar

Hi guys,

If you get below error in your sonar build, don't worry we have solution for that.

org.sonar.api.utils.SonarException: Not authorized. 
Analyzing this project requires to be authenticated. 
Please provide the values of the properties sonar.login and sonar.password.
 at org.sonar.batch.bootstrap.ServerClient.handleHttpException(
 at org.sonar.batch.bootstrap.ServerClient.request(
 at org.sonar.batch.bootstrap.ServerClient.request(
 at org.sonar.batch.bootstrap.BatchSettings.downloadSettings(
 at org.sonar.batch.bootstrap.BatchSettings.init(
 at org.sonar.batch.bootstrap.BatchSettings.<init>(
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAcc

You just need to add below 2 properties to get it work 

sonar.password=your password

You can add this property 2 ways :

1) by setting it in build.xml with sonar target
2) By setting system property using -Dsonar.login=admin -Dsonar.password=password


Beauty of Mask Password Plugin in Jenkins

Hi Friends,

If you know when we build any project through jenkins, it shows console where we can see deployment log.
So if you are passing any secure information in build information like user name and password and if  you want to secure that information which masked passwords and other information, There is one jenkins plugin available by using that you can mask any secure information.

You can get more detail about this plugin from

You can configure it from manage jenkins >> configure system section for global settings. And for job wise settings you can enable mask password and can set any secure information by setting it in variable and that variable you can use anywhere in the job configuratipon property.

Looks interesting right ?????

Know about java code coverage plugins : sonar

The default Java code coverage engine for unit tests to be used must be defined in
Settings > Configuration > General Settings > Java > Code coverage plugin property.
By default the Java code coverage engine with come up with sonar is JaCoCo but Cobertura, Emma or Clover can also be used.


JaCoCo is an open source and robust Java code coverage tool.
For more information, see: Comparison of Emma, Clover, Cobertura and JaCoCo.
Known limitations:
  • Some libraries complain on classes, which were instrumented by JaCoCo, so exclusions must be set:
    • Javassist (e.g. when Hibernate used) - "*_javassist_*"
    • Drools - "org.drools.*"
  • Exact number of line hits not available, because JaCoCo reports only status of line (no code, not covered, partly covered, fully covered) - see JaCoCo Coverage Counters.


The Sonar Cobertura plugin is based on the cobertura-maven-plugin and so can only be used to compute code coverage information on Maven projects.
This plugin has only one parameter to define the maximum amount of memory used by the java process in charge to extract all code coverage information from the Cobertura report:

No relationship between generic parameter and method argument

Hi All,

If you are usinf findbugs to check code quality,
you may see violations like "No relationship between generic parameter and method argument".

Since Map.get() is not fully generic, we often find cases where a developer passed a different type of object (and hence bugs). Frequency of such cases went up when we started using artifacts/services from other teams. What are the reasons why Map.get(Object key) is not (fully) generic explains why get() is not fully generic.

Here's a helper method that provides checked access:

public static <K, V> V safeGet(Map<? super K, ? extends V> map, K key) {
    return map.get(key);
Sample Usage:
Map<List<String>, Date> map = new HashMap<List<String>, Date>();
// this compiles:
Date date = safeGet(map, Arrays.asList(""));
// this doesn't
Date date2 = safeGet(map, "foo");

jacoco code coverage with Ant - Sonar

Here is the detail for how to setup code coverage using jacoco plugin which is OOB come out with SONAR :

  1. Write sample java project called ant-jacoco-codecoverage
  2.  Project folder structure would be given as below snapshot:
  3. Under the target folder you may have to create classes & reports folders where reports folder will have one more folder called junit
  4. Write sample Java class in src folder you can copy paste below code  :
    1. public class One {
        String message = "foo";
        public String foo() {
          return message;
        public void uncoveredMethod() {

What is LCOM4 ?

Hi Everybody,

If you want to know about the LCOM4(Lack of Cohesion of Methods) which sonar having , please see below example:

Cohesion is the degree to which the methods of a single class are tight together. When two methods in a class do not use a common attribute or a common method, it means that they share nothing and should probably not belong to the same class to respect the Single Responsibility Principle. In other words you can split your class into several new classes to gain modularity at class level.

LCOM4 lack of cohesion example

  • LCOM4=1 indicates a cohesive class, which is the "good" class.
  • LCOM4>=2 indicates a problem. The class should be split into so many smaller classes.
  • LCOM4=0 happens when there are no methods in a class. This is also a "bad" class.
There is not any magic here, only common sense. Let’s take a simple example with class Driver. This class has two fields : Car and Brain, and five methods : drive(), goTo(), stop(), getAngry() and drinkCoffee(). Here is the dependency graph between those components. There are three blocks of related components, so LCOM4 = 3, so the class seems to have three different responsibilities and breaks the Single Responsibility Principle.

Hope this will helpful to you to understand the LCOM4 concept which can be used for any programming language.

Malicious code vulnerability - May expose internal representation by returning reference to mutable object

Hi Everyone,

Normally this kind of violations comes when you are using mutable object in getter settter.

Ideally you should not direct return mutable object, instead you can return clone of that mutable object.

If you see this violation in your code , you can use below code for your mutable object :

If you are using Date :

public class DateTest {
    private Date date;

    public DateTest() {


    public Date getDate() {
        return (Date) date.clone();

    public void setDate(Date date) { = (Date) date.clone();

If you are using Array:

public String[] getChkBox() {

return (String[])chkBox.clone();


Switchoff plugin for sonar


Have you ever been tried to use switch off plugin of sonar ?

This plugin is really helpful when you switch-off any specific violation from the specific line or specific files.
I really liked this plugin.

See below details to get it installed :

Most Reading


Like Me & Share

Buy Websites