I have a brand new TFS2018 test installation and try to run a maven build with sonarqube analysis.
The sonarqube extension is installed from the marketplace and configured to use our internal Sonarqube. I added the prepare and publish SonarQube steps to my build like described.
In the prepare step I can successfully select my SonarQube endpoint from the drop down box.
When I now tick the "Use SonarQube" check box in my maven task the SonarQube-Endpoint drop-down box is empty. My SonarQube-Server "Heuboe" does not show up. Even if I type it in the box stays invalid.
Any hint what's going wrong? Does anybody now how to file an issue to SonarQube directly. I can view issues under: https://jira.sonarsource.com/browse/VSTS/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel
but I didn't find a way to report one.
The Maven task is expecting a Generic Endpoint. The SonarQube extension adds another type of endpoint specifically for SonarQube, which the built-in Maven task has no awareness of.
Version 2.* of the task (which should be selectable from the dropdown menu for the task) has another method of running SonarQube, which will use the endpoint defined in the Prepare Analysis step.
Related
I recently downloaded the SonarQube demo from Devops official page. I used it a little bit and kind of left it there for a week.
No changes were made but when I came back today for showing how the sonarQube pipeline integration works, build fails.
From the logs, I see the following error
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project myshuttle: Not authorized. Please check the properties sonar.login and sonar.password
From there I tried adding username and password at the Prepare analysis for sonar Qube stage om advanced options (which was not necessary before) but the build keeps failing.
I think sonarQube was updated recently and the problem may be there. Issue is still weird because im following word by word the steps on setting up a sonarQube scan.
Any idea on what could be going on?
You may need to update your sonarQube service connection.
You can go to your Project settings and click the Service Connections under Pipelines.
Select your sonarqube connection and click update service connection under Actions, Recopy your SonarQube Token and click Ok. Please refer to below screenshot.
after fighting now with integrating JaCoCo results into my SonarQube to see code coverage for more then one working day, I will try to open another post regarding this topic, because the internet is really messed with postings.
Preconditions:
SonarQube: Version 6.7.2
Maven: 3.5.2
Windows Server2012 R2
I successfully integrated Sonar Scan and results are published. I added the configuration for JaCoCo in the pom.xml of my application and the result files are generated after the build and just using the JaCoCo Jenkins plugin they can be displayed on the Jenkins dashboard. But I did not figure out what Analysis properties the Jenkins action "Execute SonarQube Scanner" needs in order to import the results and display them.
Is "scan" the correct operation or do I need something else to trigger the import?
I saw so many variantes of giving JaCoCo and Sonar the correct parameters, that I do not have a clear picture any more. Any hints maybe looking at my parameters?
As described in the docs, since you're building with Maven you should analyze with it too. There's some global setup you want to do (see the docs) but once that's done, you'll add this to your job instead of your current SonarQube Scanner build step:
$SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL
Note that this needs to come after your build and test execution. The JaCoCo reports should be picked up automatically.
I successfully integrated it now with these Analyses properties and it is working.
sonar.projectName=
sonar.projectKey=
sonar.login =
sonar.password =
sonar.sources=./
sonar.java.binaries=./
sonar.jacoco.reportPaths=./trackingboard-service/target/jacoco.exec
sonar.jacoco.reportMissing.force.zero=true
I am using sonar to review my code for a java project. the version that I am using is v.2.9, I am using sonar for the first time. I have no idea how to add project in sonar server.
Please help on this
Thanks.
There's no option to "add" a project in Sonar from Sonar UI. Projects are automatically added to Sonar whenever a successful analysis occurs.
I'd suggest you the following :
Upgrade to a more recent Sonar version. http://www.sonarqube.org/downloads/
Read the analyzing source code guide where you can find instructions for all available methods to trigger a new analysis
Update : Sonarqube allows (I think after 5.x version) provisioning of projects as described in their documentation
With Administrator role, you can "Provision" a project.
Log in as administrator
Select Settings from the menu
Select System -> Provisioning from the sub-menu
Click Create (at the very far right of the frame)
It's pretty straight forward with the newest version. All you have to do is installing as the guide. And it will prompt a command which you need to execute with your build tool at the project folder.
For an example for maven it would be like
mvn sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.login=4aa32e977ab1513e3fe5c3ac0c7883528d01a5e8.
With a command similar to this reports will be sent to the Sonarqube. And code analysis will be done
We have upgarded sonar server 3.5.1. In order to use sonar I have upgraded my local eclipse to Juno(4.2) and sonar plugin to 3.1. Sonar server is able to exclude some packages usign sonar.excustions key and does not show violations for those packages. But when I run report for sonar local analysis I see even though I added sonar.exclusions from local properties it does show violations for exluded files. How i can resolve this issue.
Thanks in advance.
Sapana.
There's currently a limitation on Sonar side (see http://jira.codehaus.org/browse/SONAR-4265) that prevents modules to retrieve all their related settings when analyzed independently from their root project.
Feel free to watch and vote for the ticket.
I have configured one project in sonar and integrated sonar with maven for build time analysis of the project.
After analysis, report is generated and uploaded to Sonar for browsing. But once another user compiles the same project their report overwrites mine.
Basically I want that one user's report on one project is not overwritten by report from other user. A user must be able to see their current violations independently. Is it possible in Sonar?
Sonar stores it's analysis on a daily basis, which explains why it's kind of pointless to run analysis several times in a day. Each analysis run will overwrite that day's existing results, which in turn spoils ongoing statistical analysis.
I would suggest running Sonar, from a dedicated build server like Jenkins (which has a Sonar plug-in). This daily analysis will populate the Sonar database and keep the project dashboard current. This architecture also enables you to keep the database credentials confidential.
Obviously developers would like to see the results of their bug fixing. For that I'd recommend running the Sonar Eclipse plug-in. The latest version will run the same Sonar analysis locally. Recent versions of Sonar also enable you to assign violations to developers for resolution.
This is not possible, last performed analysis will always be the one you browse in the interface. However, I guess what you need is the Issue Report Plugin which will enable analysis to store results locally, with the dry-run option.
This way your developers will be able to run an analysis on their code and see the violation delta without pushing the results.
You can do it by explicitly setting the below properties in pom.xml
<properties>
<sonar.projectKey>Test</sonar.projectKey>
<sonar.projectName>Test</sonar.projectName>
</properties>
Every user should set different projectKey and projectName, if you want that one user's report on one project is not overwritten by report from other user.