From the Job log it looks like Travis enable all Sonar way that is available
...
INFO: Quality profile for css: Sonar way
INFO: Quality profile for java: Sonar way
INFO: Quality profile for js: Sonar way
INFO: Quality profile for ruby: Sonar way
INFO: Quality profile for web: Sonar way
...
Is there a way to choose which quality profiles Travis will enable?
My repo is Ruby and I want to enable Ruby quality profile only.
You can define empty quality profiles with no rules for the languages you're not interested in, and then activate those empty profiles in your project.
Go to your organization's page, and then the Quality Profiles tab
Click Create, enter a name (for example "empty"), select the language
You will need to repeat this for each language
Go to your project's page, and then Administration / Quality Profiles, and select the newly created "empty" quality profile for each language
If that sounds tedious, you could script it, with the help of the web API:
token=your-sonarcloud-token
org=your-sonarcloud-organization-key
project=your-sonarcloud-project-key
languages=(abap apex c cobol cpp cs css flex go java js jsp kotlin objc php plsql py ruby scala swift ts tsql vbnet web xml)
for lang in "${languages[#]}"; do
params="language=$lang&name=empty&organization=$org"
curl -u"$token:" "https://sonarcloud.io/api/qualityprofiles/create?$params" -X POST
params="project=$project&language=$lang&qualityProfile=empty&organization=$org"
curl -u"$token:" "https://sonarcloud.io/api/qualityprofiles/add_project?$params" -X POST
done
This will set the empty profile for all languages. So you will need to go to Administration / Quality Profiles of your project to set a non-empty profile for the languages you're interested in.
Related
I am generating sonar report from teamcity sonar runner but I see that Quality Profile is set to
Use 'Sonar way' (XML) but I want it to be Stop using sonar way (xml).
Can anyone suggest the parameter or setting I need to do.
Note: I can not share the logs or screenshots here because of organization policy.
The way to handle this is to use the UI to assign the project to the profile(s) you want it to use: Project-level Administration > Quality Profiles. You'll be presented there with an option to assign a profile for each language available in the instance.
If you simply must do this from TeamCity, then use web services to assign the profile. Although once assigned, assignments "stick" so this really is something you should be able to do from the GUI and then just leave alone.
I used parameter sonar.Language=cs. it excluded xml analysis and now I see Stop using sonar way (xml).
https://docs.sonarqube.org/display/SONAR/Analysis+Parameters
sonar.language
Set the language of the source code to analyze. Browse the Plugin
Library page to get the list of all available languages. If not set, a
multi-language analysis will be triggered.
I want to use a specific sonar profile with analysis mode preview for generating comments that go into our github pull requests.
The default quality profile for the project includes minor and info level rules which will cause hundreds of extra comments (and literally thousands of github notification emails). So it has to be a quality profile specific to this purpose.
Running the build like this:
mvn sonar:sonar -Dsonar.profile.java=PRComments -Dsonar.analysis.mode=preview
Fails with the following error:
sonar.profile was set to 'PRComments' but didn't match any profile for any language.
The PRComments quality profile exists and works perfectly if I don't specify the preview mode. And yes I know that -Dsonar.profile is deprecated and it makes me sad too.
For info I'm using the sonarqube github plugin http://docs.sonarqube.org/display/PLUG/GitHub+Plugin to push the comments into github - but the failure above appears even if I don't use this plugin. Unfortunately the github plugin doesn't seem to have an option to skip adding comments for violations below a configurable severity level.
Is this possible or do I have to give up?
I am currently developing a new PL/SQL plugin (language: "plsql", key: "plsql-cop") for SonarQube (using sonarqube-5.0.1), my PL/SQL "checker" is an external java program which is analyzing the PL/SQL code and creates an XML report with all the found recommendations. I started with the recommended "sonar-reference-plugin" from GitHub to do this. To test my plugin I use SonarQube on localhost in a web browser.
The rules are implemented by implementing "RulesDefinition"; this part is easy to implement, works fine and I can see all my PL/SQL rules in my local running SonarQube in the tab "Rules".
The profile is now harder to implement. So I imported my XML profile manually via "Restore Profile" button into the SonarQube web app on the tab "Quality Profiles" successfully (no errors). But I cannot see my profile with my rules mapped. In fact I cannot see my profile definition at all on the tab "Quality Profiles" anywhere. But when I install the sonar-plsql-plugin-2.7, I can see my Profile with my mapped rules and of cause the "Sonar way" definition.
Now here are my questions:
Why do I have to install the SonarQube PL/SQL plugin to see the
section "PL/SQL Profiles" on the "Quality Profiles" tab?
How can I make my own "PL/SQL Profile" section on the "Quality
Profiles" tab?
When I try to analyze some PL/SQL project, the process is stop with
the follwoing error messages "ERROR: Error during Sonar runner
execution ERROR: Unable to execute Sonar ERROR: Caused by: No
license for plsql". Can I not create my own plugin for SonarCube for
the language "plsql"?
How can I analyze PL/SQL with my own plugin without getting the
error message above and still see my profile in SonarCube?
Any help is highly appreciated! I would like to continue with my own SonarQube PL/SQL plugin.
You are not allowed to install the commercial PL/SQL plugin without a license. You also are not allowed to alter it. So, you should either obtain a valid license, or uninstall it from your SonarQube server.
See how an open source language plugin such as PHP does it: PHPProfile.java
See point 1
See point 1
Here are a few considerations to take into account:
If you want to be able to use your plugin without the SonarQube PL/SQL plugin installed, you need to declare a new SonarQube language in your plugin: See Php.java
If you want to be able to use your plugin both without and side-by-side with the SonarQube PL/SQL plugin (i.e. run both on your project), you will need to use a different language name than plsql - else the license validation from the official plugin will kick in [that is - only when it is installed of course].
If you want to make your plugin a pure addition to SonarQube PL/SQL plugin (i.e. you must have it installed and have a valid license for it) - then you do not need to declare your own SonarQube language: simply create a new rule profile using the existing plsql language key.
Quick question with regards to Sonar and JavaScript. I was able to get examples of JsTestDriver and Jasmine working with Maven - Hudson - Sonar (code coverage and tests). The only piece I am missing is the rules violations report. When I look at sonarsource's doc/post on the JavaScript plugin, it says that it comes with 60 default rules. But when I install the SonarQube JavaScript plugin and then go into my Quality Profiles (selecting the "Sonar way"), there are no rules within this profile. I assume this is why I am not seeing metrics produced within my project and so I was wondering does the SonarQube JavaScript plugin come with the 60 default rules described within the sonarsource site? Or do I need to create all my JavaScript rules?
Is there a way to have several profiles for one project in Sonar ?
For example we have a Java EE project with : EJB and WebApp (JSP and Back Bean).
We have 3 quality profiles: Java, Web and XML. To "execute" these 3 profiles on our project we run three sonar analysis and create 3 result projects in Sonar.
We use views to regroupe these three projects, is there a way to have one project that use 3 profiles and not use views?
We want to use views to group different projects and not on the same project.
You can't have multiple profiles for the same project. But if you want this, you just have to create your own custom profile which has all the rules defined in your profiles. For Example, let's say you have quality profile "Android Lint" and "Sonar Way", and if you wan't to check your project against both these profiles, just do the following:
Go to Quality Profiles tab in SonarQube
Click on Back Up on the Profiles you want. It will download an .xml file for each profile.
Just go through the .xml file and figure out how it is written and then Create a new .xml file which contains the rules of both the profiles and give it a cool name.
Go back to Quality Profiles tab in SonarQube
Click on Restore Profile and upload your .xml file.
That's it.
You now have your own custom quality profile with all the rules that you want.
UPDATE:
In the latest version of SonarQube (I am using 6.2), you can use the concept of "Inheritance" to combine multiple quality profiles. You can now set a parent quality profile for any profile. Using this you can chain multiple quality profiles.
See: SonarQube: How to apply multiple quality profiles to one project?
Applying multiple profiles for one project is not possible.
I see two alternatives: Merging your profiles as already mentioned or scanning the same project under a different "branch" (as in SonarQube terminology).
For a scan under a different branch refer to the sonar quality profile to project association. Please be aware that the syntax of the maven call is actually wrong, use this one instead:
mvn ... -Dsonar.profile="Your profile name" -Dsonar.branch=YOUR BRANCH
Using this will create a new project under the same name plus the branch as postfix. (projectName:branchName)
Regarding the merge of two profiles the easiest way is within the Rules tab:
Select Quality Profile x in Filter View
Bulk Change (in the upper right of the List View)
Activate In
Select Quality Profile y
This will automatically merge the two sets and prevent redundancy.
Just expanding on #guitarium 's answer above:
For SonarQube 7, you can simply do the following on the SonarQube web portal to add extra rules from other profiles into a custom profile (same as merging, really):
Go into Quality Profiles and click the dropdown next to a profile you want to merge
select Copy
Give the copy a cool name
Click on the new copy to go into it's Quality Profiles page
Go to Actions -> Activate more rules
Click Bulk Change , then Activate in and select your new cool profile
You now have a super cool merged profile. Nice job