Code Coverage for COBOL code in a Jenkins pipeline - jenkins-pipeline

I want to include code coverage in my Jenkins pipeline. I am building a COBOL code and want to know if there are any plugins which support code coverage for COBOL on Jenkins.
I don't use Compuware Tool set so I cannot use Compuware Xpeditor Code coverage plugin.
Please suggest.

Many big financial companies relies on SONAR to evaluate their COBOL source code
A pluggin exists for Jenkins. See here for the installation and setup

Our COBOL test coverage tool handles (IBM Enterprise, implied by your Xpeditor note) COBOL and produces test coverage results. You'd probabaly have to reformat those results to plug into Jenkins but that's probably pretty minor string hacking.

Related

Does SonarQube always require an external code coverage tool to show coverage on sonar server?

Does SonarQube always require an external code coverage tool like jacoco (Java), Coverage (python), gcov (c/c++), in order to show coverage on a sonar server?
SonarQube by itself doesn't do any coverage. Its the job for other tools like jacoco and others.
However SonarQube can gather the "results" relevant to the project quality (of course including coverage as an important code quality metric) of the build and allows tracking of the quality over time.
Usually you run coverage tool first, it "adjusts" the code, then you run the tests in the build. Coverage tool creates some results, and only after that you run sonar plugin that processes the results and sends to the sonar qube server.
So, to answer your question: Yes, without an external code coverage tool, sonar won't produce any coverage results, and no, it doesn't have a "default, built-in" coverage tool

How to use NCover with SonarQube

We are starting to implement code coverage in our CI process and my task is to examine NCover from this perspective.
Specifically, we have SonarQube and a CI build in Azure DevOps that runs the unit tests and reports the coverage to SonarQube as described in https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-azure-devops/
Currently it works with the DotCover command line tool.
I would like to check NCover. While googling for it I came across this cheerful page - https://www.ncover.com/support/docs/extras/sonar-integration and sure enough I clicked the link to the respective Jira issue - https://jira.sonarsource.com/browse/SONARCS-653 Oops. Closed with Won't Fix.
According to https://docs.sonarqube.org/latest/analysis/coverage/ only VS Coverage, DotCover and OpenCover format are supported. So, if NCover is supported, it would be through the Generic Test Data format or if NCover knows to produce coverage results in one of the other 3 formats.
So far I do not see how NCover can play with SonarQube, but maybe I am missing something here.
Anyone?
Got an answer from an NCover representative. There is no integration between SonarQube and NCover. Full stop.

How to disable code coverage in sonarqube since 6.2

Since we updated to SonarQube 6.2 it seems code coverage plugin got merged in the core.
It shows red flags everywhere and I can’t find how to turn it off, we do not use code coverage.
You don't specify what language(s) you're analyzing. I'll assume Java and/or JavaScript. Starting from 6.2, SonarQube supports "force coverage to 0", which marks as uncovered executable lines in files that don't show up in any coverage reports. (That's assuming the underlying code analyzers support the feature, and Java and JavaScript already do.) The purpose is to have a more accurate picture of what's missing when you actually are using unit tests. Without this feature, it's impossible to tell whether a file that's omitted from coverage reports is missing because it has no executable code or because there are no tests on it - even when there should be.
Since you're not using unit tests (really?) you can exclude all the source files in your project from coverage calculations via the UI: Administration > Analysis Scope > Coverage Exclusions. A pattern value of **/*.* ought to do it for you.
Code coverage feature is in SonarQube misleading. To turn this off:
Under Quality gates create new or copy existing profile.
There delete Coverage metric
SonarQube Version: 9.2

Unit Test Coverage; Graphical Display

I have been tasked with introducing automated unit test coverage reporting to our CI build environment (we use Hudson and MSBuild). I have used dotCover to produce the coverage data across several projects within a build job, merge that data, produce a single HTML report and integrated that with the Hudson dashboard for that job using the HTML Publisher Hudson add-in.
So far so good. But, what we ultimately want is a graphical display of unit test coverage metrics across the entire system code base (half a dozen build jobs, circa 50 projects) up on one of our team displays; a highly visible 'at a glance' test coverage status. I can build this myself with an app that will merge the dotCover coverage reports for all builds, report to xml and build my own UI around that, but is there a product out there that does this already? We are not married to dotCover, that can change, and it's doesn't have to be free or open source either.
We are using NCover to get the test coverage and a bunch of other code metrics(symbol coverage, branch coverage and cyclomatic complexity).
It is pretty good for highlighting the coverage, you can browse through the source code as part of the reports and see which lines are covered and which are not.
You can also exclude test categories or specific namespaces from your reports.
As far as I know it integrates with Hudson.
OpenCover and PartCover are both open source code coverage tools that can be integrated into build automation systems.
With both you can use ReportGenerator to display results; though PartCover does come with it's own viewer I prefer to use the ReportGenerator one myself as the HTML can be integrated quite nicely into a build status report.
You may also build your own reports using XSLT or such like as both tools have an XML output.
Our C# Test Coverage Tool tool can combine test coverage vectors for separate C# artifacts into a single overall view, out of the box.
In fact, our family of test coverage tools will can combine results from multiple different languages (e.g., C#, VB.net, C++, Java, PHP, COBOL, ...) in the same way.
The tool(s) provide both visual view of the covered code, and reports of the coverage data including in an XML form.
I like the treemap functionality from SonarQube a lot, but this only works for one 'project' in SonarQube, nevertheless, a great tool to look into.
Google for SonarQube and treemap for examples.

Is SonarQube Replacement for Checkstyle, PMD, FindBugs?

We are working on a web project from scratch and are looking at the following static code analysis tools.
Conventions (Checkstyle)
Bad practices (PMD)
Potential bugs (FindBugs)
The project is built on Maven. Instead of using multiple tools for the purpose, I was looking at a single flexible solution and came across SonarQube.
Is it true that we can achieve the results from Checkstyle, PMD and Findbugs with SonarQube?
Sonar will run CheckStyle, FindBugs and PMD, as well as a few other "plugins" such as Cobertura (code coverage) by default for Java projects. The main added value, however, is that it stores the history in a database. You can then see the trend. Are you improving the code base or are you doing the opposite? Only a tool with memory can tell you that.
You should run Sonar in your CI system so that even things that take some time to execute (such as CPD – copy paste detector) can run. And you'll have your history. Whereas with an Eclipse plugin, for example, you'll detect violations sooner – which is great – but you will be tempted to run it less often if it starts taking too long, or run less "quality plugins" (such as skipping CPD or skipping code coverage analysis). And you won't have history.
Also, Sonar generates visual reports, "Dashboard" style. Which makes it very easy to grasp. With Sonar in Jenkins, you'll be able to show developers and your management the effects of the work that was performed on the quality of the code base over the last few weeks and months.
Sonar uses these 3 tools as plugins and aggregates the data from all three giving addition value by showing graphs and such from these tools. So they are complementary to sonar.
Yes and no. In addition to the other answers.
SonarQube is currently on the way to deprecate PMD, Checkstyle and Findbugs and use their own technology to analyze Java code (called SonarJava). They do it, because they don't want to spend their time fixing, upgrading (or waiting on it) those libraries (e.g. for Java 8), which for example uses outdated libraries.
They also got a new set of plugins for your personal IDE called SonarLint.
Sonar is great, but if you want to use the mentioned tools separately and still have nice graphs, you can use the Analysis Collector Plugin as part of your Jenkins CI build. A slight advantage of this is that you can check in your PMD/Findbugs/Checkstyle configuration into your SCM and have it integrated into your Maven build, rather than relying on a separate Sonar server.
... a few years later: no, it is not! SonarQube supposes to be able to cover all the rules with its own analyzer, but there are still rules from PMD or CheckStyle not covered by SonarQube. See for example: PMD ReturnFromFinallyBlock.
Sonar is much more than these tools alone.
The greatest benefits is the gui, which lets you configure anything easily.
The statistics it offers are very detailed (lines of code etc).
And it even offers great support for test coverage etc :)
Here you can take a good look:
http://nemo.sonarsource.org/
I would still use these tools in addition to sonar because they can fail the maven build when someone violates a rule. Where as sonar is more retrospective.
Well at least since SonarQube 6.3+ it seems to be that Findbugs is (at the moment) no longer supported as a plugin. Sonarsource is working on replacements of Findbugs-rules with its own Java-plugin.
They even had a list for the replacement status of each rule here, but it got removed by now.
See https://community.sonarsource.com/t/where-is-dist-sonarsource-com-content/5353 for more details.

Resources