We will be using sonarqube for code analysis and reviews .
How get my Visual Studio projects visible on sonar dashboard ?
Any leads regarding same will be appreciated.
Thanks.
To get your projects into SonarQube, you'll need to analyze them.
Since you're dealing with Visual Studio projects, take a look at the SonarQube Scanner for MSBuild (once you've set up your SonarQube instance, that is).
Related
I have installed Sonar Lint Extension for Visual Studio 2019 and according to the project i am working it is not required to fix the Code Smell Violations.
So is there a way that i can ignore the code smell violations using sonar lint in VS2019
please note that we are using sonar Lint in connected mode wit sonar cube server
Connected mode is to designed to configure the IDE to use the same set of rules as are configured in your Quality Profile on the SonarQube server, so if the code smell rules are part of your Quality Profile then they will be enabled in the IDE too.
If you don't want to see those issues reported in the IDE then you could either remove those rules from the Quality Profile, or use standalone mode and configure the set of rules to run locally as described here.
After doing some tweaks in the visual studio I was able to add the column category to the sonar output window and in that filtered out the sonar issues other than code smells.
I am bit confused regarding binding a visual studio project with sonarqube server.
We bind project to sonarqube server to :
1) See the analysis run by SonarLint on SonarQube server
OR
2) To use the Sonarqube quality profiles rule to detect warning/error in visual studio .
Which one is correct ?
It's for (2): binding the MSBuild solution to the server synchronises the ruleset used in Visual Studio with the Quality Profile defined in SonarQube. The goal is to have the same set of issues appearing in the IDE as would appear when an analysis is run on a CI machine and pushed to SonarQube. Note however that the issues will be slightly different due to some current limitations e.g. parameterised rules are not run in the Visual Studio at present as the connected mode doesn't yet synchronise the necessary configuration).
In addition, when a Visual Studio solution is bound to a SonarQube project, issues that are suppressed in SonarQube will not be reported in the IDE, and notifications will be displayed in the IDE when the quality gate changes.
We are using sonarqube version 6.7. I would like to execute all sonar bugs and vulnerability java rules with blocker and critical severity locally on my Intellij Idea. I want to run these rules on multiple IDEA projects that are configured in my IDE.
I have installed the SonarLint plugin (version 3.2) and configured it to bind to the sonar server. On running the analysis from the "Project Files" tab I get errors for all iml files as
"File 'feature.iml' can't be analyzed. Skipping:
F:/modules/feature.iml"
.
My goal is to identify all sonar rules that are failing on my projects so that I can activate them on the sonar server for periodic runs as part of CI. To get started I thought of starting with blocker and critical vulnerabilities.
Could someone guide me on this?
You should activate all rules with the desired severity in the quality profile assigned to your project in SonarQube. Then you can bind your project in IntelliJ to the project in SonarQube. SonarLint will use the same quality profile.
About the iml files, it's not an error. SonarLint will exclude certain files from analysis that doesn't make sense to be analyzed, such as binary files.
I installed the SonarLint 6.6 for Eclipse (neno) using Eclipse marketplace.
It successful scanned my java project and returned 4725 items found.
I bind the project to SonarQube server which installed at the same PC
After anaylized the project again, I click "update all project bindings" at the SonarQube at Eclipse server to syn the result to SonarQube
My Questions
1) How can I syn the analyzed result to my server?
2) Are there any tool to category the analyzed result such as by severity? as I only interest on the "BUG"?
3) How can I configure the rule of SonarLint in Eclipse Environment?
May I have your help? Many thanks!
1) How can I syn the analyzed result to my server?
To analyze your project and see the result on SonarQube, you need to use one of the scanners. For example, if you build your project with Maven, then you can use the scanner for Maven. Or if you build your project with Ant or Gradle, there is a dedicated scanner for those too (as I linked). If you don't use any build tool, then you can use the scanner for CLI.
2) Are there any tool to category the analyzed result such as by severity? as I only interest on the "BUG"?
I'm not aware of such tool. And, at the time of this writing, the SonarLint On-The-Fly view is not configurable to do this (unlike the "native" Problems view of Eclipse). (This might be a good idea for future improvement, if there's enough interest for it.)
3) How can I configure the rule of SonarLint in Eclipse Environment?
It seems your project is bound to a project on SonarQube.
You can configure this on SonarQube.
In SonarQube, each project is associated with a quality profile.
After you can configure what rules to include,
you can update the bindings in Eclipse to apply the same configuration for SonarLint in Eclipse.
newbie to Sonarqube
I have a Sonarqube instance up and running.
How do I go about creating a project for my VS2013 solution in Sonarqube and do an analysis. (Not using any version control for now)
Thanks
You're using an unofficial Visual Studio extension for SonarQube - which I would not recommend.
Within Visual Studio 2015+ (2013 is not supported), you can use the C# Code Analysis: http://docs.sonarqube.org/display/SONAR/SonarQube+C%23+Code+Analysis
Have a look at the following page to see how to analyze your project in SonarQube (not in Visual Studio): http://docs.sonarqube.org/display/PLUG/C%23+Plugin
you need to have the project first analysed in your sonar server, after that you can associate to that project and then it will allow you to run further local analysis. you need to have the correct permissions. please check documentation for more details