Small question on SonarQube 8.6 (but maybe can apply to other versions)
I just downloaded SonarQube, and out of the box, it has quality profiles for many languages (C, C#, Ruby, etc...)
I am only interested in analyzing few languages (JAVA in my case).
Hence, I would like to simply disable the other languages. I am sure I will not be needing them.
How to achieve this please? I only see "Create" and "Restore" from the admin view.
Just interested in disabling the languages I do not need, even if I do not use them.
Thank you
Flags/properties sonar.language and sonar.profile both deprecated since 4.5, have been dropped since 7.7.
SonarQube will now analyze all code for which you have installed language plugins.
To NOT analyze a particular language, uninstall the language plugin (Administration | Marketplace | Installed - {SQ_URL}/admin/marketplace?filter=installed).
Alternatively, consider what is a default Quality Profile:
Default - Every project not specifically associated with a quality
profile will be associated to this one by default
For each language there is a default profile. All projects not
explicitly assigned to some other profile will be analyzed with the
default. Ideally, all projects will use the same profile for a
language
You could create a dummy quality profile for each language of no interest consisting of no rules, make that the default. That would allow you to keep the plugins and retain the option assign language specific profiles as needed in future.
Another option you might try is under {SQ_URL}/admin/settings, you can edit the language specific settings to delete the default extensions that are scanned (ie: XML:.xml|.xsd|.xsl, JavaScript:js|.jsx|.vue). I imagine if there's no match, it would ignore scanning those languages.
There is also a general exclusions category {SQ_URL}/admin/settings?category=exclusions, but that may be more work to maintain.
WARNING: There is always a risk if you include code in your application but choose not to scan it, especially for Security Hotspots and Vulnerabilities. For example, we surprised to discover occurrences of Links with "target=_blank" are security-sensitive [Vulnerability: Blocker - Phishing] since we had previously not scanned HTML as we were a "Java shop".
Related
we have a legacy code (10 years old), I want to bypass that code not to be analyzed in SonarQube. Or, SonarQube should scan only recent changes which i made to the legacy code or new files. How to achieve this. I found the CutOff Plugin is deprecated since SonarQube4.0 , we are using SonarQube 7.5
Please help
SonarScanner doesn't support analyzing only part of source code (example: only newer than a specified date). It always scans everything. If you keep your legacy code in other packages than the new code, then you may configure exclusion filter to just ignore the old code. You have to set the sonar.exclusions parameter (comma-separated list with ignored paths). You can read more about Narrowing the Focus in the official documentation.
Be aware that the proposed solution is not recommended. SonarScanner is able to find many vulnerabilities which should be fixed also in legacy code. It can prevent your company against material (e.g. money) and non-material (reputation) losses. The recommended way is to scan all code, and use Quality Gate to prevent introducing new issues. You can read more about it in Fixing the Water Leak.
Are there any tools out there available that can be used to create conformance Profile other than Messaging Workbench (MWB). So far this is the only tool that I have found
I am having a difficult time creating a conformance profile on for a particular messaging specification in MWB due to the complexity and lack of documentation of the MWB.
Any help would be greatly appreciated!
If you’d like to create conformance profiles by scratch, or by generating rules from existing messages then I recommend you use the HL7 Soup tool.
They have a video on the subject here that will cover how to create the rules, and get you started.
http://www.hl7soup.com/ValidateHighlightAndCompare.html
Once you’ve created the profile it can be exported to others.
To build conformance profiles from scratch or from existing messages, you may take a look at Caristix Conformance (http://caristix.com/hl7-tools/conformance/scope-hl7-interfaces/). Once you have the conformance profile set, you can compare it with another profile (or set of messages) an get a gap analysis report.
This tool is much easier to use than Messaging Workbench.
Disclaimer: I'm part of the team developing this tool.
I know that the 5.0 release note say "After the migration, source syntax-highlighting won't be available on a project until it has been successfully analyzed"
BUT, i can't imagine that there is no way to activate just by running another analysis. In fact, when you have thousands of components (it's our case), you can't plan 4500 analysis just to "restore" a basic but helpful functionality ! And it's more true when you know that the majority of theses components wasn't changed since a time ago... :(
So, please, say me that we can write a little batch or program that will do the job without need to pull all the sources ! I don't know how because i don't' understand this limitation of this upgrade (why sources aren't accessible)
You should trust the release notes. Information required for syntax highlighting is computed during analysis. Note that it also requires the language plugins to support this feature. I suggest to upgrade them to latest versions.
background
I have designed many tools in the past year or so that is designed to help me program for XPages. These tools include primarily helper java classes, extended logging (making use of OpenLogger and my own stuff), and a few other things that I personally feel I cannot work without. It has been discussed with my employer, and we feel that it might be a good idea to start publishing these items to openNTF. Since these tools are made up of about 3 .nsfs, all designed to use the same java code, key javascript classes, css, and even a custom control or two, I would like to consolidate key items into a plug-in that can be installed at the server and client level. I want to do this consolidation before I even think about publishing any of the work I've done so far. It would just be far too much work to maintain, not just for me, but for potential users. I have not really found any information on how to do such a thing in google searches. I also have to make sure that I am able to make use of the ExtLib libraries, openNTF Domino API, and the Notes API.
my questions
How does one best go about designing such plug-ins? Must a designer
use eclipse, or is this it possible to do this directly in the Notes
Designer?
How does a designer best go about keeping a server and client up to date while designing and updating the plug-in code? Is this why GitHub is often used?
Where is the best place to get material to get started in this direction? I sort of feel lost in the woods, knowing I need to head north, but not having a compass for that first step.
Thank you very much for your input.
In my experience, I found that diving into plug-in development is a huge PITA until you get used to it, but it's definitely worth it overall.
As for whether you can use Designer for plugin development: yes, but you will likely eventually want to not do so. I started out by using Designer for this sort of thing for a while, presumably with the same sentiment as you: why bother installing another instance of Eclipse when I'm already sitting in one all day? However, between Designer's age (it's roughly equivalent to, I think, Eclipse 3.4), oddities when it comes to working sets between the "Applications" and "Project Explorer" views, and, in my case, my desire to use a Mac app, I ended up switching.
There are two major starting points: the XSP Starter Kit (http://www.openntf.org/internal/home.nsf/project.xsp?name=XSP%20Starter%20Kit) and Niklas Heidloff's video on setting up Eclipse for XPages development (http://www.openntf.org/main.nsf/blog.xsp?permaLink=NHEF-8RVB5H). The latter mentions the XPages SDK (http://www.openntf.org/internal/home.nsf/project.xsp?name=XPages%20SDK%20for%20Eclipse%20RCP), which is also useful. In my setup, I found the video largely useful, but some aspects either difficult to find (IBM's downloads are shifting sands) or optional (debugging, which will depend on whether or not you're using Eclipse on Windows).
Those resources should generally get you set up. The main thing to worry about when setting up your Eclipse environment will be making sure your Plug-In Execution Environment is properly done. If you're following the SDK setup instructions, that SHOULD get you where you need to be.
The next thing to know about is the way plugins are structured. Each plugin you want to install in Designer or Domino will also be paired with a feature project (a feature can house several plugins), and potentially an update site - the last one is optional if you just want to import the features into an Update Site NSF. That's how I often do my normal plugin development: export the paired feature to a directory and then import the feature into the server's Update Site NSF and then install in Designer from there using Application -> Install. You can also set things up so that you deploy into the server's plugin/feature directories instead of taking the step of installing into an update site if you'd prefer. GitHub doesn't really come into play for this aspect - it's more about sharing/collaborating with your code and also having a remote storage location for your git repositories (which I highly advise).
And as for the "lost in the woods" feeling: yep, you'll have that for a good while. There are lots of moving parts and esoteric concepts to get a hold of all at once. If you mostly follow the above links and then start with some basics from the XSP Starter Kit (which is itself a plugin project that you can pair with a feature) - say, printing text in the Activator class and making an implicit global variable just to make sure it works - that should help get your feet wet.
It's best done in Eclipse. You can debug your code running on the server from there, as well as run it directly from there. The editors are also more up-to-date. You want:
Eclipse for RCP and RAP developers
XPages SDK for Eclipse RCP (from OpenNTF)
XPages Debug Plugin (from OpenNTF - basically allows you to load the plugins to the Domino server dynamically, rather than exporting to an Update Site all the time)
XSP Starter Kit on OpenNTF is a good starting point for a plugin. There are various references to the library id, which has to be unique for your plugin. Basically, references to org.openntf.xsp.starter need changing to whatever you want to call your plugin. You're also best advised to remove what you don't need. I tend to work in a copy of the Starter, remove stuff, build and if there are errors with required classes (Activator.java obviously will be required and some others), then paste them back in from the Starter.
XPages OpenLog Logger is a good cross-reference, that was built from XPages Starter Kit. It's pretty much stripped down and you'll be able to see what had to be changed. A lot of the elements of the XSP Starter Kit correspond to Java classes you'll probably be familiar with from your XPages Java development.
GitHub etc tend to be used as source control, which is useful for working out what's changed from time to time.
I know the title might be a little misleading so if you find better words for what I mean, please feel free to modify it. I take the concept of 'target' from Xcode.
I'm an iPhone developer now turning to android one. With Xcode I can do the following, supposing I have a list of apps in which users grow different plants:
I can set different target, e.g. apple, bear etc.
for each target I can choose to load different database/UI images, they are all in the project file with same names but in different folders, and I can set which target uses which files.
at building phase I simply choose targets and click build, and then I can have a list of my apps.
The advantage of this is I don't need to change anything in code, just grab the resources from designer and change a little project setting, and all is done.
Now with eclipse I can't find out how I can do that so simple. I have to remove old resources and copy new ones there to build for a different target. This takes too much time when I have to make an update for 20 apps. So is there a better to achieve what I'm requiring? any plugin for eclipse or there are some easy ways that I don't know yet?
I got a solution with Android Studio's Gradle Build System i-e defining different flavors of my app and then using build variant configuations, producing different apps from same/shared code base, resources etc.
As per Android Developers Docs
The build system uses product flavors to create different product versions of your app. Each product version of your app can have different features or device requirements. The build system also uses build types to apply different build and packaging settings to each product version. Each product flavor and build type combination forms a build variant. The build system generates a different APK for each build variant of your app. Now one can have two or more product flavors e.g (paid flavor, free/demo flavor) etc for one single project with same code base.
For more information See Build Variants & Product Flavors Doc
I started a similar topic and added a bounty, so I even got responses.
Here is the topic with explanation of the problem and possible solutions that I found on the web. These are mainly library projects and broadcast receivers. Maybe library projects will work for you?
There is also a satisfactory answer that I got with a solution for Android/Eclipse. It proposes using SharedPreferences for determining which code/image/package is invoked and which not. The problem I see with it is that the entire code and resources must be in the app, so this gets quite large in case that one has a lot of different images.
Maybe there will be other helpful answers there, you can have a look after a couple of days. What I already know is that there is no such thing like targets in Eclipse... In Android Studio there are modules which seem to be similar, but that does not really help us.