How do I get the measures (like code-coverage, technical debt, complexity, nloc, ...) of a certain build version (eg. 1.0.0.20) from the api of SonarQube?
My goal is to get these information and display it along with some-other info pertaining to that version got from other sources like bitbucket.
I am able to only see the measures of the current (latest) build (eg. 1.0.0.45) version through the api/measure/component api link.
Although, I can see these measures for individual builds through the UI under the compare option. But how to get it through rest api?
SonarQube Version 5.5
Plugins:
sonar-scoverage-plugin-5.1.3.jar
sonar-scm-git-plugin-1.2.jar
sonar-scalastyle-plugin-0.0.1-SNAPSHOT.jar
sonar-javascript-plugin-2.11.jar
First of all, SonarQube 5.5 is old, you should first consider using the latest LTS (5.6) in order to be able to get feedbacks.
Versions of projects can be found by using :
api/events/index (it's replaced by api/project_analyses/search in 6.3) -> it will return you the date of analysis on which there's a version.
And in order to get measures from the past, you can use :
api/timemachine/index (it's replaced by api/measures/search_history
in 6.3) -> you'll be able to found the measures from the version you want.
Related
I'm trying to update Sonarqube usage to the latest LTS Community version, which at present is version 6.7.5. Prior to the upgrade I have been using sonarqube 5.4 and the Github plugin, and with these when we make Github pull requests the Sonarqube analysis runs in "preview" scan mode and makes comments on the pull request for any issues the scan finds. This setup is largely following this pattern.
However, with the upgrade to 6.7.5 this same flow is no longer working. The Github plugin
"is deprecated, and its functionality more than replaced by the
Developer Edition."
I understand that the Developer version of Sonarqube has pull request commenting built-in, but I have a strong preference to continue using the Community version due to the cost differences. Essentially, something that was once free and part of the open source version seems to have been removed or broken in the latest free and open source version because a similar paid option now exists. So I am trying to find a way to preserve the previous Community version usage with the latest Community Sonarqube version. 6.7.5 Community version runs the Github plugin (even though it the plugin is deprecated), but so far I have been unable to get things to make comments on the Github pull requests.
Is there a combination of parameters/plugins that will allow my 6.7.5 Community version of Sonarqube to analyze and make comments on a Github pull request?
These may be relevant:
https://community.sonarsource.com/t/after-upgrade-to-sq-6-7-5-target-sonar-issues-report-issues-report-light-html-is-not-produced/1921
https://jira.sonarsource.com/browse/SONAR-9770
https://community.sonarsource.com/t/preview-mode-ignored/1234
I believe in my case the issue was that after upgrading the rule sets changed, so the rules I initially thought were being used with 6.7.5 were not in fact being applied. This gave the impression that Sonarqube was not commenting on the pull request and led to my question. But after enabling the rules appropriately I was able to see it comment on GitHub pull requests as expected. So this appears to be a case of user error!
We'd like to have code analysis results from SonarQube in Stash pull requests, more precisely only for the changed/added code.
The setup looks like this:
Atlassian Bitbucket v4.14.4
Jenkins ver. 2.69
SonarQube Version 6.4 (with sonar-stash plugin from https://github.com/AmadeusITGroup/sonar-stash)
Jenkins fetches changes in branches and builds them. Depending on the branch it will then (for the development branch) call SonarQube to (per default) publish its analysis. For pull requests we want a preview, so SonarQube is called with the parameter -Dsonar.analysis.mode=preview. Additional parameters for the sonar-stash plugin are working so that the analysis result is sent to Stash (Bitbucket) from SonarQube. The problem is, that the results contain all issues/bugs/violations based on the complete source code, not on the changes.
Narrowed this issue down to a problem that the sonar-stash plugin uses a list of issues which are filtered to contain only those issues that are new and linked to a file. So it looks like all issues are marked as new which is strange because in SonarQube we have a baseline for our known (legacy) issues.
Thanks for your time and feedback!
I had a pretty similar issue, my resolution is outlined in the answers below.
My SonarQube Pull Request Issues only question
I am triggering a Sonar analysis from Jenkins whenever a user commits any change to any branch of my project. In SonarQube I see the project analysis result, and quality gate status, for the most recently run analysis. It only shows the most recently run analysis for a given project.
How can I see a 'history' of previous analyses that were run prior? Specifically I would like to see the coverage from before and the where in the codebase specific 'critical' issues triggered a quality gate failure. Basically I want a historical snapshot of the 'project overview' page for each time the analysis is run. Since I am triggering the analysis from different branches I need to be able to differentiate an analysis of Branch A vs. a previous analysis of Branch B.
If you use SonarQube up to version 5.6: Use the Sonar Timeline Plugin, which allows you to add a graph to your dashboard.
If you use SonarQube version 6.5 or later (to be released in August 2017): Get feature rich history graphs out of the box (no plugin required)!
It looks like you have to make a custom dashboard and add a history widget. It looks like it shows you just the times the gate changed (which i guess is what I should have expected) for example the project I tested with only changed status 3 times so even though I asked for 10 columns it only showed 3.
This is on the Sonar homepage for your project, not the sonar widget in jenkins fyi
I'm using sonarqube 6.2. We increment version number on every build, and sonarqube analyzes every build.
Not every build goes into production environment, however.
I need to configure the leak period to compare the latest build against the latest version released in production (so not necessarily the previous version, or previous analysis, or "x" days...).
I thought I could create a custom measure (e.g. "is_released") to identify which version is in production, but then how do I configure the leak period to use this field (compare the current build against the latest version that "is_released")?
You can't configure the Leak Period based on a custom measure.
At this stage I'd suggest using the SonarQube Web API. Get the info (from your external systems) about which versions are released in prod' for project foo and set it accordingly in SonarQube (e.g. with api/properties):
curl -u admin:admin -X POST "http://your_sonar_host/api/properties?resource=foo&id=sonar.timemachine.period1&value=v1.5.2"
Note: api/properties is about to be replaced by api/settings in upcoming SonarQube v6.3 .
I want differential view based on version , how to assign version to my current set of issues / analysis?
Issues cannot be assigned a version.
Issues are tied to a project & the project has a version. Let's say it's currently 1.0.
When you update the project version to 1.1, you'll then be able to distinguish issues created since previous_version.
To set up the differential, just look at the interface, it will guide you in your options:
Number of days before analysis, for example 5.
A custom date. Format is yyyy-MM-dd, for example 2010-12-25
previous_analysis' to compare to previous analysis
'previous_version' to compare to the previous version in the project history
A version, for example '1.2' or'BASELINE'