SonarQube Analyzer for Solidity
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
solidity-checks
solidity-frontend
solidity-its
solidity-plugin
.gitignore
.gitmodules
.travis.yml
LICENSE.txt
README.md
Sonar Solidity Docs.pdf
pom.xml

README.md

Sonar-Solidity Build Status Quality Gate Coverage

SonarSolidity: is a SonarQube static code analyzer for Solidity Smart Contracts.

To begin with you should install a SonarQube 7.2+ instance (https://www.sonarqube.org/downloads/), please follow the instructions provided. As soon as you installed SonarQube, then download the latest release from here and copy paste it in the folder sonarqube/extensions/plugins/ then start your instance and you are ready to go!

Building

git clone --recursive https://github.com/sagap/sonar-solidity.git
mvn clean install

Features

  • Metrics (cognitive complexity, number of lines, number of contracts etc)
  • 25 Rules

ANTLR4 grammar to build the Parser and the Lexer.

SonarSolidity supports the import of reports from Solium linter version 1.0.0 .

  • 13 Security Rules
  • 32 Style Rules

Documentation

Please read documentation on how to take advantage of this feature.

License

Licensed under the GNU Lesser General Public License, Version 3.0