I'm trying to update Sonarqube usage to the latest LTS Community version, which at present is version 6.7.5. Prior to the upgrade I have been using sonarqube 5.4 and the Github plugin, and with these when we make Github pull requests the Sonarqube analysis runs in "preview" scan mode and makes comments on the pull request for any issues the scan finds. This setup is largely following this pattern.
However, with the upgrade to 6.7.5 this same flow is no longer working. The Github plugin
"is deprecated, and its functionality more than replaced by the
Developer Edition."
I understand that the Developer version of Sonarqube has pull request commenting built-in, but I have a strong preference to continue using the Community version due to the cost differences. Essentially, something that was once free and part of the open source version seems to have been removed or broken in the latest free and open source version because a similar paid option now exists. So I am trying to find a way to preserve the previous Community version usage with the latest Community Sonarqube version. 6.7.5 Community version runs the Github plugin (even though it the plugin is deprecated), but so far I have been unable to get things to make comments on the Github pull requests.
Is there a combination of parameters/plugins that will allow my 6.7.5 Community version of Sonarqube to analyze and make comments on a Github pull request?
These may be relevant:
https://community.sonarsource.com/t/after-upgrade-to-sq-6-7-5-target-sonar-issues-report-issues-report-light-html-is-not-produced/1921
https://jira.sonarsource.com/browse/SONAR-9770
https://community.sonarsource.com/t/preview-mode-ignored/1234
I believe in my case the issue was that after upgrading the rule sets changed, so the rules I initially thought were being used with 6.7.5 were not in fact being applied. This gave the impression that Sonarqube was not commenting on the pull request and led to my question. But after enabling the rules appropriately I was able to see it comment on GitHub pull requests as expected. So this appears to be a case of user error!
Related
My organization is using sonarqube:7.1 with sonar-bitbucket-plugin-1.2.3 (https://github.com/mibexsoftware/sonar-bitbucket-plugin) and everything is working fine. We are planning to upgrade to sonarqube:7.5 and while I was testing all the existing plugins, sonar-bitbucket-plugin is causing the issue(It's not supported in the newer version of Sonarqube). I want to upgrade to 7.5+ version of Sonarqube and want sonar-bitbucket-plugin as well. Could someone please help me out?
ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
java.lang.IllegalStateException: Fail to load plugin Bitbucket for Sonar [sonarbitbucket]
This community plugin was relying on the deprecated preview/issues analysis mode to analyze pull requests, that was finally removed.
Since SonarQube 6.7 the support of branches (and then pull requests) analysis has been properly integrated on the server side. Decorating PR was added progressively for various ALM, and for Bitbucket Server it is supported since 7.7.
Note that all branch/PR features are only available in commercial editions (or for free on SonarCloud for open source projects).
We launched sonar 4.5.4 in one of our application. Then, we have upgraded sonar with 6.7.5 version and we have got different results.
e.g.: the rule DLS_DEAD_LOCAL_STORE. When we passed our code with 4.5.4 version, this critical rule was not broken at all. With the new version, it appears as a new critical bug even when no changes have been implemented (last commit for this classes was made more than one year ago).
Is there any documentation about rule implementation changes per versions?
Does anyone any experience with this?
When you upgrade SonarQube you have to prepare yourself for some (big) changes. There is a large gap between 4.5.4 and 6.7.5 so, do not be surprised that checkers have been enhanced and severity revised.
It is normal and you should analyze changes before performing any application upgrade.
We'd like to have code analysis results from SonarQube in Stash pull requests, more precisely only for the changed/added code.
The setup looks like this:
Atlassian Bitbucket v4.14.4
Jenkins ver. 2.69
SonarQube Version 6.4 (with sonar-stash plugin from https://github.com/AmadeusITGroup/sonar-stash)
Jenkins fetches changes in branches and builds them. Depending on the branch it will then (for the development branch) call SonarQube to (per default) publish its analysis. For pull requests we want a preview, so SonarQube is called with the parameter -Dsonar.analysis.mode=preview. Additional parameters for the sonar-stash plugin are working so that the analysis result is sent to Stash (Bitbucket) from SonarQube. The problem is, that the results contain all issues/bugs/violations based on the complete source code, not on the changes.
Narrowed this issue down to a problem that the sonar-stash plugin uses a list of issues which are filtered to contain only those issues that are new and linked to a file. So it looks like all issues are marked as new which is strange because in SonarQube we have a baseline for our known (legacy) issues.
Thanks for your time and feedback!
I had a pretty similar issue, my resolution is outlined in the answers below.
My SonarQube Pull Request Issues only question
I'm trying to notify my Slack when a SonarQube analysis has been processed and for that I saw a plugin: https://github.com/astrebel/sonar-slack-notifier-plugin
I followed all the step but I didn't see the slack hook setting in my administration/general view.
You don't mention your version of SonarQube, but that plugin's README clearly states that it is no longer maintained, and implies that it's not compatible above SonarQube 5.4.
Assuming you have a more recent version than that, you should look at the built-in webhooks, which will POST notifications once analysis reports have been integrated.
Sonar is an open platform to manage code quality. I have the admin access to perform the updates. Recently I tried performing a version update from 3.7.3 to 4.1.1.Unfortunately 4.1.1 is only compatible with IE9 or above. Hence I back out the changes as in our organization IE8 is the internet browser. Now 3.7.3 is not working as it is showing as database is pointing to a latest version.MySQL is used to hold the sonar data. I am completely stuck with the issue. Sonar is a very important tool for us as this can only take a code coverage metrics for the source code.
May I request you to look in to this issue and provide some help. I cannot move forward without your help.
Anticipating your help and support.
The only way to get back to a normal state is to start over from a 3.7.3 database backup.