I am scanning my source code with sonarcube and the generated report on the sonarcube portal always showing Failed for analysis report. I have tried to increase disk space as suggested by some. Also, I shut down the sonarcube and restarted but same.
Related
We are evaluating how incremental Sonar static code analysis can be achieved. We usually do full code quality check and post the results on Sonarqube dashboard. The requirement is to run incremental scan on the modified changes from Git repository. My concern is results will be overwritten every time incremental scan is executed. Is there a way to resolve that issue? I need to have full report and also delta scan results (on every build) on Sonarqube project. Is it possible?
We are having an issue with SonarQube analysis where known issues are failing the quality gate. This is an existing code base, after initial analysis, existing issues should remain as is and new code is analyzed. Thus if a developer checks in code, I would expect only new changes are analyzed and scanned. However, SonarQube is detecting both new changes and existing changes as issues during the leak period.
How does Sonar determine the differences between current and previous for the leak period? Is it purely analyzing source files or is there something else happening? What could cause existing code to cause a new issue in the leak period? I'm trying to determine how to diagnose and troubleshoot this issue.
Running:
SonarQube 7.1
sonar-scanner-msbuild 4.2.0.1214
TFS 2012
4 TFS 2012 Build Agents
No SCM integration
Edit:
I mostly see these issues in Bugs and Code Smells. The leak period is based on the previous run, versions are not being used. It seems to be more problematic with SonarQube 7.1 than with the previous 6.7. Here is an example flow that happened:
1) Initial Sonar Analyzes/Scan -- All code is green
2) New check-in -- All code is green
3) New check-in, one line change -- all previously "green" items from step 1 are flagged and gate fails
Sonarqube full analysis mode is working fine, but incremental analysis is failing with below error:-
Main error is:-
Fail to download [http://IP:9000/sonar/batch_bootstrap/db?project=project_name], Response code: 500
I have 2 projects, JS and Java project.
For JS project, the incremental analysis is working, but it's not working for java code's analysis.
Sonarqube version - 4.5.2
Java version - 8
Mysql - 5.7
Update 1
Full analysis has detected 500 000 issues. So, is it possible that incremental analysis is failing because of scaling issues.
Moreover, full analysis did have some ERRORs in console like class not found, and ignored certain files. Still, analysis ultimately succeeded. So, could this be the reason that incremental analysis is failing?
I'm trying to run a preview analysis for a (Java) project of ours with SonarQube 5.1.1. I am able to get a local report generated, however I get no coverage data, and I also get the message [INFO] [XX:YY:ZZ.ZZZ] Build Breaker plugin is no more supported in preview/incremental mode.
If I check here, the page says that Starting with SonarQube 5.1, the Build Breaker plugin does not work any longer in the preview & incremental modes..
I'm confused - I thought that for continuous inspection one needs the build breaker plugin. Is that no longer so? Has the concept in SonarQube changed?
Why am I not getting coverage data when running a preview analysis?
I don't know where you've read this, but continuous inspection is not specifically related to the preview/incremental mode nor to the build breaker plugin - it's not even related to SonarQube (even though it has been pushed by SonarSource from the very beginning).
Here are the key points:
Continuous inspection is about analyzing your code as often as you can in order to monitor (and eventually improve) the quality of your code. Whatever the tool.
On SonarQube, this means running analyses that will push information on the server so that you can monitor what's going on and take the required actions for your application portfolio.
Obviously, when you are a developer, you'd like to manage those issues early, before they even get pushed to the source code repository. But experience tells us that preventing any code push because of issues is a bad pattern - because some issues might be false-positive or not relevant in the context (and still you want - and have the right, to push your code). This is why we feel that the build breaker plugin is not aligned with all this, and it will be replaced in upcoming versions of SQ by native features that match better these concepts:
Very efficient code analysis to display issues in the IDE at the speed of light - but without computing metrics
Preview mode that will compute everything and make it possible to check quality gate before pushing code to the source code repository - without impacting the results on the server
and in this case, using some specific information found in the logs, it will be possible for a CI to fail a build
I've configured sonarqube server on my local machine to run and I committed the initial project with Analysis mode. Also, I created an ant target for the developers to run in incremental mode to view their new issues. I installed issuesReport on sonar server and using it from the ant file to generate html files.
However, when each developer syncs with svn and runs the ant target, they see violations by other developers under the new issues instead of only their issues.
I expected the sonarqube plugin only scan newly edited file by the developer, but is instead showing all the new files that are introduced by other developers.
To make it work properly I have to run an analysis mode from my machine. However this fixes the problem only for me, my colleagues still see all the violations as new.
How does SonarQube decide if an issue is new or not? If each developer has to run a full analysis every time, this would be big over head. Is there something am I missing?
Thanks in advance for your time and help.
An issue is considered "new" if it does not exist on the analysis server. If you run a full analysis on a CI server on a scheduled basis, it will feed the server with issues and reduce the risk of developers seeing other developer's issues in issues report in preview mode.
Please note, that the sonar documentation says, incremental mode is only for the developers and that too for the code they run against sonar prior to scm (SVN or GIT) commit.
See incremental section on the page: http://www.sonarqube.org/analysis-vs-preview-vs-incremental-preview-in-sonarqube/
The sonar report, when run with incremental mode, will show the developer, how much issue will be generated, if he commits the code. This way developer gets to know, what he can do to keep the sonar issues low. This is the whole purpose of incremental mode.
Hope this answers your question!!!