/sonar-solidity

SonarQube Analyzer for Solidity

Primary LanguageJavaGNU Lesser General Public License v3.0LGPL-3.0

Sonar-Solidity Build Status Quality Gate Coverage

SonarSolidity: is a SonarQube static code analyzer for Solidity Smart Contracts.

To begin with you should install a SonarQube 7.2+ instance (https://www.sonarqube.org/downloads/), please follow the instructions provided. As soon as you installed SonarQube, then download the latest release from here and copy paste it in the folder sonarqube/extensions/plugins/ then start your instance and you are ready to go!

Building

git clone --recursive https://github.com/sagap/sonar-solidity.git
mvn clean install

Features

  • Metrics (cognitive complexity, number of lines, number of contracts etc)
  • 25 Rules

ANTLR4 grammar to build the Parser and the Lexer.

SonarSolidity supports the import of reports from Solium linter version 1.0.0 .

  • 13 Security Rules
  • 32 Style Rules

Documentation

Please read documentation on how to take advantage of this feature.

License

Licensed under the GNU Lesser General Public License, Version 3.0