Assume we have a maven project with several versions released: 1.0, 1.1.
We started work on version 1.2, changed it in pom.xml, run sonar as usual. but in few days we decided to change version 1.2 to 2.0.
And now, sonar default leak period is started from 1.2 version. But, we'd like the leak period will be version 1.1.
I try to tune sonar.leak.period with maven command line parameter:
$ mvn sonar:sonar -Dsonar.leak.period=1.1 -e
But, I still see issues started from 1.2 in leak period statistics
Is there any option to set up sonar.leak.period from maven command line? How to debug it?
check version 1.1 is know in the Activity page of your project (you can filter Version event)
change the leak setting to 1.1 at the project level, in the project General Settings
Related
How to increase snapshot version or release version automatically through maven. I am aware we could use maven goals such as release:prepare or release:update-versions. But i have a scenario where my snapshot version or release version should increment automatically for each build. Should we add any custom line code in pom.. please suggest me a solution.
I am getting error in pom file - org.apache.maven.archiver.MavenArchiver.getManifest(org.apache.maven.project.MavenProject, org.apache.maven.archiver.MavenArchiveConfiguration)
in my pom i am using maven-war-plugin 3.0.0 , IDE- STS , java 7
encountered the same issue after updating the maven-jar-plugin to its latest version (at the time of writing), 3.0.2.
Eclipse 4.5.2 started flagging the pom.xml file with the org.apache.maven.archiver.MavenArchiver.getManifest error and a Maven > Update Project.. would not fix it.
Easy solution: downgrade to 2.6 version
Indeed a possible solution is to get back to version 2.6, a further update of the project would then remove any error. However, that's not the ideal scenario and a better solution is possible: update the m2e extensions (Eclipse Maven integration).
Better solution: update Eclipse m2e extensions
From Help > Install New Software.., add a new repository (via the Add.. option), pointing to any of the following URLs:
https://otto.takari.io/content/sites/m2e.extras/m2eclipse-mavenarchiver/0.17.2/N/LATEST/ or
http://repo1.maven.org/maven2/.m2e/connectors/m2eclipse-mavenarchiver/0.17.2/N/LATEST/
Then follow the update wizard as usual. Eclipse would then require a restart. Afterwards, a further Update Project.. on the concerned Maven project would remove any error and your Maven build could then enjoy the benefit of the latest maven-jar-plugin version.
Additonal notes
The reason for this issue is that from version 3.0.0 on, the concerned component, the maven-archiver and the related plexus-archiver has been upgraded to newer versions, breaking internal usages (via reflections) of the m2e integration in Eclipse. The only solution is then to properly update Eclipse, as described above.
Also note: while Eclipse would initially report errors, the Maven build (e.g. from command line) would keep on working perfectly, this issue is only related to the Eclipse-Maven integration, that is, to the IDE.
Upgrade your m2e extensions instead downgrade.
(In Eclipse IDE) From Help > Install New Software.., add a new repository (via the Add.. option)
Specify name for your plugin and add path http://repo1.maven.org/maven2/.m2e/connectors/m2eclipse-mavenarchiver/0.17.2/N/LATEST/
once you are done with installation, please restart eclipse and update your project.
I recognized that Maven not always uses the latest version of a plugin.
For example org.codehaus.mojo:sonar-maven-plugin version 2.7 has beed released on 19th of October but on 23th of October, 2.6 was still used by Maven (mvn sonar:sonar).
I even remember some plugins, where the latest version was several minor releases above the version that Maven decided to use.
Is there any (central) index/list/database where Maven looks up what version to use? If yes, where can it be accessed manually?
I know this is an ancient thread but in the interest of posterity and accuracy: all pom.xmls logically inherit from the super POM. You can always see what your "real" pom.xml looks like by typing:
mvn help:effective-pom
The resulting pom.xml that is printed is a combination of the super POM, your pom.xml, and of course any parent POMs in the mix as well.
The super POM is provided by the org.apache.maven.model.superpom.DefaultSuperPomProvider class (https://github.com/apache/maven/blob/bce33aa2662a51d18cb00347cf2fb174dc195fb1/maven-model-builder/src/main/java/org/apache/maven/model/superpom/DefaultSuperPomProvider.java#L56-L85). The resource it loads is org/apache/maven/model/pom-4.0.0.xml (https://github.com/apache/maven/blob/bce33aa2662a51d18cb00347cf2fb174dc195fb1/maven-model-builder/src/main/resources/org/apache/maven/model/pom-4.0.0.xml#L23-L149).
As far as i know, this link will answer your question.
Automatic Plugin Version Resolution
When a plugin was invoked without an explicit version given in the POM
or on the command line, Maven 2.x used to pick the latest version
available where the latest version could either be a release or a
snapshot. For the sake of stability, Maven 3.x prefers the latest
release version over the latest snapshot version.
Given the threat of non-reproducible builds imposed by automatic
plugin version resolution, this feature is scheduled for removal as
far as plugin declarations in the POM are concerned. Users of Maven
3.x will find it output a warning when missing plugin versions are detected to encourage the addition of plugin versions to the POM or
one of its parent POMs. The Enforcer rule requirePluginVersions can be
used additionally check for missing plugin versions in the POM
For command line execution if a version is not specified Maven looks up the latest version from the GA (group ID/artifact ID) maven-metadata.xml file.
Example: http://repo1.maven.org/maven2/org/apache/maven/plugins/maven-clean-plugin/maven-metadata.xml
If you're encoding command line execution of Maven goals into your builds you should specify a version for these, otherwise your builds may change as new versions of plugins are released.
I have scoured the forums and cannot seem to quite understand the config for the fortify plug-in with Sonar.
I understand it simply builds a widget based on data from a previously generated .fpr file.
My setup:
Maven 3 project
Jenkins 1.606
SonarQube 5.0.1
Sonar-Fortify plug-in 2.0
Prerequisites:
.fpr file is in Jenkins workspace
Sonar is added to pom.xml
sonar-fortify-plug-in v2.0 added to pom.xml - (wasn’t sure this was needed or not)
Sonar server configured in Jenkins
sonar fortify plug-in v2.0 added to Sonar – (only see a dropdown to ‘enableReportLink’ under ‘Configure widgets’
should there be more config somewhere?
Questions:
Where should this property be set? Jenkins Sonar config, Sonar, pom file?
sonar-runner -Dsonar.fortify.reportPath=/path/to/project.fpr
Is that path to the .fpr file where it is within the Jenkins workspace?
The setup instructions on Github seem short and I feel I am missing something specific in my understanding.
Any help or direction to additional documentation is great appreciated.
First of all as documented version 2.0 can not be used anymore. Version 2.1 is going to be released soon. Vote for release will be started this week. Meanwhile you can:
download 2.1-SNAPSHOT version and copy it in extensions/plugins of your SonarQube server installation
restart server. The Fortify rules should be available in the page "Rules".
execute Fortify command "sourceanalyzer", independently from SonarQube. It generates a report file suffixed by .fpr.
execute a standard SonarQube analysis of your project by adding the property sonar.fortify.reportPath, for example:
mvn sonar:sonar -Dsonar.fortify.reportPath=/path/to/project.fpr
sonar-runner -Dsonar.fortify.reportPath=/path/to/project.fpr
If everything works, then you can automate these steps in Jenkins.
I have recently upgraded Sonar from Version 3.4.1 to Sonarqube 4.3.2. I am using Cobertura version 1.6.2 and Java plugin 2.3 in Sonar.The Unit Tests Success% is same that is 100% in both the cases but there is difference in the Code Coverage% being displayed (Earlier it was 22.7% and now in Sonarqube 4.3.2,it is 15.9%).The difference is significant.Also there is difference in the Lines of Code after upgradation (Earlier it was 1,906 and after upgradation it is 2,704).Anyone having idea that what can be the reason for this difference.
Any help is appreciated.Thanks in advance.
Maybe you have you have analysis/coverage exclusions activated on your 3.4.1 instance but not on your 4.3.2 instance. This would explain the coverage difference / lines difference.
Check in globlal settings and project settings :
Global Source File exclusions
Source File exclusions
Jacoco excludes
We had the exclusions mentioned in pom.xml but in 4.3.2 version we came to know it needs to be specified on Sonar UI under •Global Source File exclusions
or Source File exclusions.but this didn't work either for LoC.