Continuous QA for IOS apps with SonarQube - small steps, huge gains

In the era of automation, having another person to spend time to review my code sounds like spoiling my habits.

I was yet into another project, and needless to mention it was very innovate initiative, very challenging, tight deadlines and watched closely by top management in multinational corporate. My technical architect now came up to me and made his expectation very clear on high quality under the given constraints. I was sure that now i cannot depend on anyone to review my code. This prompted me to summon all the tools on the internet to automate quality assurance while i was developing.

Technology selection

Continuous QA, automation and the tools to do them are not new. Especially when i attended interviews a while back, these questions were part of every interview. So i had pretty good familiarity and hands on practice on this. However in this project, i was going to use the tool for iOS and on my Mac, to be integrated with other tools in the pipeline. Enough of a challenge? So i get into action and grabbed on from the internet. Got a plugin and shot it to my architect. Since it was paid, it as rejected. Now the level of challenge matched my tenacity :) So as usual i rise up the situation and fish for a free tool.

What prompted me to write this blog

There was free tool available, but not with bugs. It is easy guess that it was open source, so not regulary supported. Luckily it was in Java. So i was able to troubleshoot the problem and fix the defect. However, the original developer has now fixed the problem. Even in this situation, if someone wants to setup continuous QA for this kind of envrioment they lose a week. Now my colleagues are able to do it in couple of hours leverging my lessons learnt.

Shortlisted technology stack

I ended up using SonarQube. The most pressing criteria, ofcourse was the fact that it was free. And it perfectly aligned with other DevOps tools in the project like Gitlabs, Jenkins, Docker and Jira. It matched my core requirements. It had support to review code in 25 languages. All the best practices and standards were configured. The preconfigured rules were adequate for my project. So here is how you go about


  • a Mac with Xcode 7+
  • SonarQube and SonarQube Scanner
  • xcpretty (gem install xcpretty)
  • SwiftLint (HomeBrew installed and brew install swiftlint). Version 0.3.0 or above.
  • Tailor (HomeBrew installed and brew install tailor). Version 0.11.1 or above.
  • slather (gem install slather). Version 2.1.0 or above (2.4 since Xcode 8.3).
  • lizard (PIP installed and sudo pip install lizard)
  • OCLint installed. Version 0.11.0 recommended (0.13.0 since Xcode 9).
  • Faux Pas command line tools installed (optional)
We can follow below steps to full fill Prerequisites.


Download the SonarQube Community Edition. Unzip it, let's say in C:\sonarqube or /opt/sonarqube. Start the SonarQube Server:

On Windows, execute:


On other operating systems, execute:

/opt/sonarqube/bin/[OS]/ console

Log in to http://localhost:9000 with System Administrator credentials (admin/admin) and analyze your first project.In terminal run below command to install Homebrew (ignore if it is already installed)

/usr/bin/ruby -e "$(curl -fsSL"

update Homebrew using below command

brew update

Install Sonar Scanner using below command

brew install sonar-scanner

when it’s installed you may have to add the path in .bash_profile as follows (depending where it’s installed):

export PATH=/Users/Shared/sonar-scanner-$PATH

execute .bash_profile using following

. ~/.bash_profile or source ~/.bash_profile

Install Xctool

brew install xctool

Install OCLint

brew tap oclint/formulae brew install oclint

Installation (once for projects)

  • Download the plugin binary into the $SONARQUBE_HOME/extensions/plugins directory
  • Copy somewhere in your PATH(For Swift) Copy somewhere in your PATH(For Objective-c)
  • Restart the SonarQube server.
  • Copy in your Xcode project root folder (along your .xcodeproj file)
  • Edit the file to match your Xcode project>

\# Required configuration #

\# Project description

\# Path to source directories 
sonar.sources= sources/
\# Path to test directories (comment if no test)


\# Coverage type to expect from project
\# can be 'legacy' (pre Xcode 7) or 'profdata'
\# If not set : defaults to profdata

\# Destination Simulator to run surefire
\# As string expected in destination argument of xcodebuild command
\# Example = sonar.swift.simulator=platform=iOS Simulator,name=iPhone 6,OS=9.2
sonar.objectivec.simulator=platform=iOS Simulator,name=iPhone 8,OS=latest

\# Xcode project configuration (.xcodeproj or .xcworkspace)
\# -> If you have a project: configure only sonar.objectivec.project
\# -> If you have a workspace: configure sonar.objectivec.workspace and sonar.objectivec.project
\# and use the later to specify which project(s) to include in the analysis (comma separated list)

\# Scheme to build your application
\# Scheme to build and run your surefire (comment following line of you don't have any surefire)

In Terminal go to project's root directory and run below command to scan project for errors and bugs.

. (For swift) . (For Objective-c)

Fruits of your labor

Here are few screenshots of the code review. I just marked points where you get started.

Last words

I specially liked SonarQube because i develop both native Andorid and iOS app. I can use the same plug-in for both swift and Objective-C. Be careful while configuring. It is great tool to use. It will really help. I loved the way SonarQube prompts after every code block.