I have 3 different projects. One of them is based on java 1.6 and the others are using java 8 features. I have sonar-scanner locally and running the analysis by using scripts (no Maven or Gradle is being used). I have configured the sonar.java.source to be 1.6.
My problem is that same runner is being used to analyze the other 2 projects (java 8 ones). How can I change the version of the java source for the other ones? I don't want to manually change it each time I want to run the runner.
Can I somehow pass it as parameter?
Source version is not a property of the scanner, but of the projects. Configure these values in your pom, or your sonar-project.properties files, or in the command line arguments (-Dsonar.java.source=1.x), but not in the SonarQube Scanner properties.
Related
I have a JavaFX project I am working on using Gradle. What version of java is used when I use the gradle run task from the application plugin?
In IntelliJ I can go into the Gradle settings and change the "Gradle JVM" to any version I want. Is this just the version of java that is used to run the build? Or is this also the version that my application will be run on?
Where does my JAVA_HOME come into this, if at all?
Irrespective of IDEs, Gradle will use whatever language level of the JVM that is running Gradle. Typically whatever the value is for JAVA_HOME.
See Environment variables and Targeting a specific Java version
The new way to do it as of Gradle 6.7 is to use Toolchains for JVM projects
Your IDE should respect whatever Gradle configuration that is configured.
I am using sonarqube-gradle-plugin v2.2 to generate reports using code coverage data from clover. On my local system, I can see the reports on the sonarqube version 6. But as soon as I run the same gradle task on the build system I start seeing bunch of errors. The build system has sonarqube 5.4. Hence I was wondering which versions are compatible together. Some more information:
grade version = 3.1
for generating clover reports, I am using this plugin: com.bmuschko:cradle-clover-plugin:2.0.1
Examples of errors:
358 files in clover report did not match any file in SonarQube Index ...
Use the new property "sonar.web.file.suffixes" instead of the deprecated "sonar.web.fileExtensions"
[13:37:01]Class not found: javax.annotation.Nullable
[13:37:02]Class not found: org.springframework.jdbc.datasource.init.DatabasePopulator
Never-mind, I was using ${project.name} instead of ${name} hence it was showing up with a different name.
I'm trying to get FxCop analysis for .NET projects within a Jenkins build (Invoke Standalone SonarQube Analysis).
Configuration looks like this:
SonarQube 5.1.2
C# 4.2
sonar-runner 2.4
Jenkins: SonarQube Plugin 2.2.1
And the main problem is that when I enable FxCop rules in SonarQube I get the error:
java.lang.IllegalArgumentException: The property
"sonar.cs.fxcop.assembly" must be set and the project must have been
built to execute FxCop rules. This property can be automatically set
by the Analysis Bootstrapper for Visual Studio Projects plugin, see:
http://docs.codehaus.org/x/TAA1Dg.If you wish to skip the analysis of
not built projects, set the property
"sonar.visualstudio.skipIfNotBuilt".
However, if I explicitly set sonar.cs.fxcop.assembly in sonar-project.properties to point at an assembly (.dll) I get the analysis for that one, but the project has multiple assemblies for which I'd like the FxCop analysis.
Even if it's possible to set a list of assemblies as an argument (is it?) this is not an elegant/generic solution and patterns are not an accepted value.
I understand that MSBuild SonarQube Runner could solve this problem (no need to set sonar.cs.fxcop.assembly), but it looks like it's not a good candidate for the Jenkins plugin (under SonarQube Runner installations), as only sonar-runner installations are allowed.
Is there any way I could get FxCop working using the Jenkins plugin and sonar-runner without setting the sonar.cs.fxcop.assembly property?
Indeed, MSBuild projects should be analyzed using the MSBuild SonarQube Runner, for which there is currently no dedicated build step in Jenkins yet: You can use the Execute Windows batch command step to execute MSBuild.SonarQube.Runner.exe begin ... and MSBuild.SonarQube.Runner.exe end in between the call to msbuild.
With the upcoming release of the Jenkins SonarQube plugin version 2.3, there will be two dedicated build steps, one for the MSBuild SonarQube Runner's begin call, and another one for the end call. See https://jira.sonarsource.com/browse/SONARJNKNS-219
You should not use the sonar-runner, nor the Invoke Standalone SonarQube Analysis Jenkins build step (which simply calls the sonar-runner) to analyze .NET projects: The MSBuild SonarQube Runner is the way to go.
I have scoured the forums and cannot seem to quite understand the config for the fortify plug-in with Sonar.
I understand it simply builds a widget based on data from a previously generated .fpr file.
My setup:
Maven 3 project
Jenkins 1.606
SonarQube 5.0.1
Sonar-Fortify plug-in 2.0
Prerequisites:
.fpr file is in Jenkins workspace
Sonar is added to pom.xml
sonar-fortify-plug-in v2.0 added to pom.xml - (wasn’t sure this was needed or not)
Sonar server configured in Jenkins
sonar fortify plug-in v2.0 added to Sonar – (only see a dropdown to ‘enableReportLink’ under ‘Configure widgets’
should there be more config somewhere?
Questions:
Where should this property be set? Jenkins Sonar config, Sonar, pom file?
sonar-runner -Dsonar.fortify.reportPath=/path/to/project.fpr
Is that path to the .fpr file where it is within the Jenkins workspace?
The setup instructions on Github seem short and I feel I am missing something specific in my understanding.
Any help or direction to additional documentation is great appreciated.
First of all as documented version 2.0 can not be used anymore. Version 2.1 is going to be released soon. Vote for release will be started this week. Meanwhile you can:
download 2.1-SNAPSHOT version and copy it in extensions/plugins of your SonarQube server installation
restart server. The Fortify rules should be available in the page "Rules".
execute Fortify command "sourceanalyzer", independently from SonarQube. It generates a report file suffixed by .fpr.
execute a standard SonarQube analysis of your project by adding the property sonar.fortify.reportPath, for example:
mvn sonar:sonar -Dsonar.fortify.reportPath=/path/to/project.fpr
sonar-runner -Dsonar.fortify.reportPath=/path/to/project.fpr
If everything works, then you can automate these steps in Jenkins.
I'd like to know how to specify the path of JRockit libraries to Maven to use , same as we do for eclipse when you specify the JRE .
Also how do i configure maven to use Sun JDK in a project and use JRockit in another project ?
Thanks
A number of options available:
Maven uses the JAVA_HOME environment variable to determine which JVM
should run Maven (Maven is itself a Java program). I recommend this as the first option because build servers like Jenkins can easily control the JVM being used to run Maven.
You can tweak the settings of the compiler plugin to compile using
a different JDK
An alternative approach (clearer to others running your build) would
be to build in a pre-condition check into the POM, using the
enforcer plug-in. Specify a rule that the it should be compiled
using a specified Java version.