SonarQube analysis in our project lasts arround 5 hours, because of large code base.
Is there any way to narrow SonarQube analysis to single commit, so that after push, sonarqube will analyse only that single commit, and form report, based on new code in this commit?
I expect a solution, that allow sonarqube to run analysis on single commit or any other solution, so analysis time will be shortened as much as possible
Related
I have a project with very strict time budgets for SonarQube scan as part of CI pipeline. We essentially want to only scan the lines that have changed and not the full project. Is it possible to scan only changed files in the last commit, and provide report based only on changed lines of code? I want to check if added or modified lines make the project quality worst as the developer don't care about old code - only what they committed.
I saw a few notes on the Sonar Community that said this was not possible, but checking if this has changed over the past 12 months? Did not find anything in the docs.
New Code analysis only
I want sonar analysis on newly checkin code
We are evaluating how incremental Sonar static code analysis can be achieved. We usually do full code quality check and post the results on Sonarqube dashboard. The requirement is to run incremental scan on the modified changes from Git repository. My concern is results will be overwritten every time incremental scan is executed. Is there a way to resolve that issue? I need to have full report and also delta scan results (on every build) on Sonarqube project. Is it possible?
On the dashboard there is a cool block with new code analysis. I'd like to see something like this for every feature. I hoped to solve this using sonar-branch-community plugin, but it doesn't measure coverage of new code in short-lived branches. As for long-lived branches - I tried to make all the feature branches long-lived. There is an analysis of new code in this case, but it starts from first scan of this branch and there is no way to compare it to another long-lived branch (or is it?)
Is there a way to execute the new code analysis by features? May be it's possible to pass 2 scanning results to this widget to see the difference?
Newer versions of SonarQube support reporting of code coverage on branches and the introduction of new issues compared to the target long-lived branch.
The SonarQube Community Branch Plugin supports the new branch scanning features introduced in SonarQube 7.2, although I don't believe SonarQube provides the charted/visual history of the branches, just the numeric values.
I am considering the implementation of a Code Quality tool for our team's Projects.
SonarQube seems to be a good choice. I haven't gotten the ideal workflow figured out yet (we use SVN and Maven Projects and have a Jenkins server running the tests on every commit).
Aside from the importance of being able to analyse the quality of the current commit, historical evolution is also very interesting.
Given that we already have a few years of commits, is it possible, when setting up the project, to request a retrospective analysis of those commits, or will SonarQube only work for the commits from the day it is installed onwards?
SonarQube only displays data uploaded by scanners. You can checkout to any commit (read more here: How to checkout a specific Subversion revision from the command line?) and next execute a scanner. The used scanner depends of what kind of a build tool you use:
Ant
Gradle
Maven
MSBuild
Other
The analysis result will be pushed to a SonarQube server. Unfortunately, it is always treated as the last version of the application, so you cannot "insert" analysis of some old commits to the project history. But do you really need it? Scanners always analyze all sources. If somebody added some code three years ago and nobody deleted it, then it will be available on the server. If the code is deleted, then you shouldn't spend time on analyzing something, what doesn't exist anymore. That's why SonarQube always shows the last state of the project.
You can read a good blog post written by Fabrice Bellingrad (April 06, 2016): Stop planning; fix the leak!
Read more about SonarQube Architecture and Integration.
Yes, this is possible using the sonar.projectDate analysis parameter. Its purpose is precisely what you are asking for.
Quote from the docs:
Assign a date to the analysis. This parameter is only useful when you need to retroactively create the history of a not-analyzed-before project. The format is yyyy-MM-dd, for example: 2010-12-01. Since you cannot perform an analysis dated prior to the most recent one in the database, you must analyze recreate your project history in chronological order, oldest first.
You could for example check out your last 10 version tags in chronological order (oldest first!). For each tag run the analysis with sonar.projectDate set to the date the tag was created.
I am triggering a Sonar analysis from Jenkins whenever a user commits any change to any branch of my project. In SonarQube I see the project analysis result, and quality gate status, for the most recently run analysis. It only shows the most recently run analysis for a given project.
How can I see a 'history' of previous analyses that were run prior? Specifically I would like to see the coverage from before and the where in the codebase specific 'critical' issues triggered a quality gate failure. Basically I want a historical snapshot of the 'project overview' page for each time the analysis is run. Since I am triggering the analysis from different branches I need to be able to differentiate an analysis of Branch A vs. a previous analysis of Branch B.
If you use SonarQube up to version 5.6: Use the Sonar Timeline Plugin, which allows you to add a graph to your dashboard.
If you use SonarQube version 6.5 or later (to be released in August 2017): Get feature rich history graphs out of the box (no plugin required)!
It looks like you have to make a custom dashboard and add a history widget. It looks like it shows you just the times the gate changed (which i guess is what I should have expected) for example the project I tested with only changed status 3 times so even though I asked for 10 columns it only showed 3.
This is on the Sonar homepage for your project, not the sonar widget in jenkins fyi