Sonar analysis & report publishing permissions - sonarqube

Is it possible to restrict the publishing of new analysis on a sonar instance. My use case is I created new instance of sonar with the latest version. There are couple of projects configured with the old version. I want to make sure that no project team use old instance of sonar. At server level, is it possible to stop publishing new report.
Also what customization options sonar server gives for its home page. I want to display a custom message with Sonar 5.6 version
Atul

You seem to have stood up two different instances of SonarQube side by side. In doing so, you impose on your teams the requirement to update their CI configuration to point to the new instance.
You should instead replace the old version with the new one. See the Upgrading docs for details.

Related

migrate sonarqube history from one server to another

I have deployed one sonarqube server with a postgresql database in an openshift 3 cluster.
The versions that i use are respectively 8.4.2-community and 9.5 for my database.
I am currently in the process of migrating my project in a new openshift 4 cluster.
I have deployed a new sonarqube server with a postgresql db with the exact same versions that i used before. Now is the step where i have to migrate the project history of the old sonar to the new one. i already tried to dump from the old database to the new one , but that did not work so well.
open to solutions for those who want to help
Take a look into Project Move feature of SonarQube Enterprise Edition.
It will allow to export and import of the projects in SonarQube.
Note: Administrative access is needed to perform Project Move.

How to use a certain sonar server in sonar-maven-plugin

I've successfully built up a SonarQube server, and I wrote several custom rules to review the code. Now, I can use the server and custom rule with Jenkins and with Maven only when the code is on the same server.
My question is when I develop maven project on another computer, and I want to use maven build or maven install, how can I still use the certain SonarQube server? Simply add plugins in the pom.xml can't use the SonarQube server I established, and the custom rules I developed are also not taken into effect.
As stated in the docs, you only need to make sure the address of your SonarQube server is available to the analysis. Beyond that, you should provide the token of a user with analysis permissions (and 'create project' permissions if the project doesn't already exist) and analyze away.
Of course, this pre-supposes that your SQ server is visible on your network.

Custom Rules do not get imported when Quality Profile is restored on another SonarQube instance

I am using SonarQube 5.1.2. I have created many custom rules using Rule Templates for quality profiles of both Java (plugin version 3.13.1) and C# (4.3) languages. I wanted to replicate this SonarQube instance onto a new server and hence did a Backup of the quality profiles and performed 'Restore Profile' on the new SonarQube server.
Strangely, all the custom rules are not imported on to the new SonarQube instance. Why is it so? What should I do to import the custom rules onto new SonarQube instance?
You're looking for SONAR-5366
Make it possible to back up and restore customizations of rules, which is not yet implemented, unfortunately.

How to secure SonarQube 5.2?

The Release notes for SonarQube 5.2 indicate that scanners no longer access the database directly.
With SonarQube 5.1, it's possible to ensures that the dashboard only ever shows reports on code in version control by configuring the database to only accept connections from the build server.
With SonarQube 5.2, I wouldn't expect this approach to work, because scanners aren't connecting directly to the database.
How can SonarQube 5.2 be secured so that only the build server can update the results shown on the dashboard?
This is really straightforward:
Make sure that your build server runs SQ analyses with non-empty sonar.login and sonar.password properties
Usually, the user corresponding to this sonar.login is a technical user
In the SQ Web Administration console, go to "Security > Global Permissions" and make sure that only the user corresponding to sonar.login has the "Execute Analysis" permission
Note that this can (or I'd even say "should") be done even on versions older than 5.2.

Map sonar components to jira components

I'm using Jira plugin in SonarQube. I can choose component which needs to be used in new jira issues created from sonar. But this setting is available only on sonar project level (sonar.jira.issue.component.id). On the component level this setting is missing (there is "Jira filter name" parameter only).
Is there some way how to fill in the component value in jira issues according to component value in sonar?
This is not possible for the moment with the current version of the JIRA plugin. Feel free to come and discuss this on the user mailing list.

Resources