I recently downloaded the SonarQube demo from Devops official page. I used it a little bit and kind of left it there for a week.
No changes were made but when I came back today for showing how the sonarQube pipeline integration works, build fails.
From the logs, I see the following error
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project myshuttle: Not authorized. Please check the properties sonar.login and sonar.password
From there I tried adding username and password at the Prepare analysis for sonar Qube stage om advanced options (which was not necessary before) but the build keeps failing.
I think sonarQube was updated recently and the problem may be there. Issue is still weird because im following word by word the steps on setting up a sonarQube scan.
Any idea on what could be going on?
You may need to update your sonarQube service connection.
You can go to your Project settings and click the Service Connections under Pipelines.
Select your sonarqube connection and click update service connection under Actions, Recopy your SonarQube Token and click Ok. Please refer to below screenshot.
Related
I have a brand new TFS2018 test installation and try to run a maven build with sonarqube analysis.
The sonarqube extension is installed from the marketplace and configured to use our internal Sonarqube. I added the prepare and publish SonarQube steps to my build like described.
In the prepare step I can successfully select my SonarQube endpoint from the drop down box.
When I now tick the "Use SonarQube" check box in my maven task the SonarQube-Endpoint drop-down box is empty. My SonarQube-Server "Heuboe" does not show up. Even if I type it in the box stays invalid.
Any hint what's going wrong? Does anybody now how to file an issue to SonarQube directly. I can view issues under: https://jira.sonarsource.com/browse/VSTS/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel
but I didn't find a way to report one.
The Maven task is expecting a Generic Endpoint. The SonarQube extension adds another type of endpoint specifically for SonarQube, which the built-in Maven task has no awareness of.
Version 2.* of the task (which should be selectable from the dropdown menu for the task) has another method of running SonarQube, which will use the endpoint defined in the Prepare Analysis step.
I am trying to run SonarQube using Sonar runner in local dev box for pre-commit check. We have a central SonarQube server where a analysis is done every day and published to the dashboard. When we are running on local dev box everytime the the issue report contains all the issues as new hence incremental data is not available. I have also tried both incremental and preview mode but the result is some.
Please find below the version of the tools used.And also configuration files. Please let me know if some other data is required.
SonarQube version : 5.1
Sonar Runner version : 2.4
sonar-runner.properties
sonar.host.url=http://[central sonar server]:9000/
sonar.issuesReport.html.enable=true
sonar.login=admin
sonar.password=admin
sonar-project.properties
sonar.projectKey=myProj:myProj-master
sonar.projectName=MASTER_PROJECT
sonar.projectVersion=21.0
sonar.sources=./src
sonar.binaries=./bin/
sonar.issuesReport.html.enable=true
sonar.exclusions=com/**/test/*.java
sonar.skipPackageDesign=true
sonar.profile=SonarWay
sonar.preview.excludePlugins=devcockpit,buildstability,pdfreport,report,buildbreaker,views,jira,issueassign,scmstats
Command Used :
c:\sonar-runner-dist-2.4\sonar-runner-2.4\bin\sonar-runner -e -Dsonar.analysis.mode=preview -Dsonar.issuesReport.console.enable=true -Dsonar.issuesReport.html.enable=true
Updated with additional properties tried as well. in sonar-runner.properties
I believe your problem is tied directly to your use of a local server.
The purpose of preview analysis is to allow you to compare your local changes with what's on the remote SonarQube server. Since your remote server is update every night, running your preview against it will show you the issues you've introduced that day. Instead, you're running against a local instance which gets updated with a full analysis... never? Which (if true) would be why all your issues show up as new.
To execute a preview analysis against your remote server, you will need both the global Execute Preview Analysis permission and the project-level Browse permission for the project in question.
If for some reason you're unable to get those permissions (which is possibly why you're running a local SonarQube server?) Then you'll want to do the same full checkout and analysis locally every night that's being done for the official, remote server. I.e. you'll probably have to set up a second, parallel architecture. In short, it's probably easier in the long run to nag to get the appropriate permissions on the remote server.
Issue is resolved . 2 things fixed the issue.
Creating a user with the required permissions.
Installing "Issues Report" plugin
We are using scripted build in our VSO environment and integrate with SonarQube, using the SonarQubePreBuild and SonarQubePostTest tasks.
Especially since SonarQube version 5.2 we experience that builds are always succeeding as long as SonarQube succeeds in generating the report.
For VSO Git pre-commit policies we have configured pull requests to start a build including SonarQube analysis.
However the configured Quality Profile is not met for the project, the build seems to succeed since SonarQube was able to do the actual analysis.
...But we want the build to fail....since quality conditions are not met.
We could add an additional custom (powershell) task to retrieve the results from the SonarQube instance, but what if we are running in preview mode and reports are not stored in the SonarQube database?
Before 5.2 you could use the Build Breaker Plugin to have the build fail in VSO. But the Plugin is no longer compatible with 5.2 and is planned to be included in Sonar Core in 5.4.
See this question for details.
I had a project built with maven on a Jenkins CI server, and recently the Sonar portion of the build began to fail with the well known
org.sonar.core.persistence.BadDatabaseVersion: Database must be upgraded. Please browse http://x.x.x.x:9000/setup
I browsed to http://x.x.x.x:9000/setup, and the message there was green and said my database was up to date. The database looks good and the sonar server doesn't throw any Exceptions as far as I can tell from the output, and this installation had been working well up until a few days ago.
I checked that the id was the same between the running server and the database, and insured that only one instance of Sonar was talking to the H2 DB.
My next step is to step through Sonar code, which I'm not eager to do. Any pointers as to what's wrong would be appreciated.
Thanks.
Your Maven plugin version is probably not aligned with your Sonar install.
I am using sonar to review my code for a java project. the version that I am using is v.2.9, I am using sonar for the first time. I have no idea how to add project in sonar server.
Please help on this
Thanks.
There's no option to "add" a project in Sonar from Sonar UI. Projects are automatically added to Sonar whenever a successful analysis occurs.
I'd suggest you the following :
Upgrade to a more recent Sonar version. http://www.sonarqube.org/downloads/
Read the analyzing source code guide where you can find instructions for all available methods to trigger a new analysis
Update : Sonarqube allows (I think after 5.x version) provisioning of projects as described in their documentation
With Administrator role, you can "Provision" a project.
Log in as administrator
Select Settings from the menu
Select System -> Provisioning from the sub-menu
Click Create (at the very far right of the frame)
It's pretty straight forward with the newest version. All you have to do is installing as the guide. And it will prompt a command which you need to execute with your build tool at the project folder.
For an example for maven it would be like
mvn sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.login=4aa32e977ab1513e3fe5c3ac0c7883528d01a5e8.
With a command similar to this reports will be sent to the Sonarqube. And code analysis will be done