I am trying to workout code analysis for my COBOL code with SonarQube. I installed sonarcobol plugin and using sonarscanner I am trying to check for analysis. when I do sonar-scanner in respective directory, it says success but unable to see analysis in SonarQube server.
Attached is my sonar-project.properties
sonar.host.url=http://xxxxx:9000/
sonar.login=admin
sonar.password=admin
sonar.projectKey=cobol
sonar.projectName=cobol
sonar.projectVersion=1.0
sonar.sources=.
sonar.sourceEncoding=UTF-8
## Cobol Specific Properties
# comma-separated paths to directories with copybooks
sonar.cobol.copy.directories=copybooks
# comma-separated list of suffixes
sonar.cobol.file.suffixes=cbl,cpy
sonar.cobol.copy.suffixes=cpy
## Flex Specific Properties
# retrieve code coverage data from the Cobertura report
#sonar.flex.cobertura.reportPath=coverage-report/coverage-cobertua-flex.xml
# PL/I Specific Properties
sonar.pli.marginLeft=2
sonar.pli.marginRight=0
from the Author's comment above:
I solved this by adding sonar.languages=COBOL in sonar-project.properties
Pasting here for convenience.
Related
I'm trying to use SonarScanner with SonarCFamily plugin on my C codebase on ubuntu. I see that the scanner is able to only detect "code smells - duplicate blocks of code" in my codebase and no other forms of bugs/vulnerabilities. I intentionally added a memory leak in the code and SonarQube couldn't detect it while open source SA tool Cppcheck was able to. Am I missing some setting in the sonar-project.properties file ? My sonar.properties file is as follows. Are there any settings needed in the server/SonarCFamily plugin for the tool to detect other forms of SA errors ?
# must be unique in a given SonarQube instance
sonar.projectKey=c-sa-test
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=c-sa-test
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=src
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
sonar.host.url=http://localhost:9000
sonar.cfamily.build-wrapper-output=bw_output
sonar.c.file.suffixes=.c,.h
sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp
Found the root cause - Was missing providing some elements of the project build process as input to the build wrapper. Once those were added, SonarQ provided a detailed report.
I had the exact same problem where SonarCFamily was only reporting code duplications. It was due to an incorrect build process as input to the build wrapper. In my case, I was using SonarScanner.MSBuild and on my build-wrapper line, I didn't have the Configuration and Platform specified, so my projects were not getting built or scanned. The final working lines were:
SonarScanner.MSBuild.exe begin /k:"your key" /d:sonar.cfamily.build-wrapper-output=”bw_output”
build-wrapper-win-x86-64.exe --out-dir bw_output MSBuild.exe your_solution.sln /p:Configuration=Release /p:Platform=x64
SonarScanner.MSBuild.exe end
I have very little exposure to SonarQube but have been asked to make a document explaining how to set up / use "sonar-project.properties file". Any information or input would be greatly appreciated.
Here are some resources to get you started
https://www.wrightfully.com/setting-up-sonar-analysis-for-c-projects/ - See Step 6: The sonar-project.properties file.
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
There are also some sample projects on github, you can refer to the project.properties files there as well,
https://github.com/SonarSource/sonar-scanning-examples
Create a configuration file in the root directory of the project:
sonar-project.properties:
# Must be unique in a given SonarQube instance
sonar.projectKey=my-project
# This is the name and version displayed in the SonarQube UI.
# Was mandatory prior to SonarQube 6.1.
sonar.projectName=My project
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file.
# Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=src
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
Reference:
https://docs.sonarqube.org/latest/analysis/analysis-parameters
https://www.devopsschool.com/tutorial/sonarqube/sonarqube-properties.html
I am trying to analyze code coverage for .NET project.
Here is my sonar.project file.
# Project identification
sonar.projectKey=ABC
sonar.projectVersion=trunk
sonar.projectName=ABCD
# Info required for Sonar
sonar.sources=.
sonar.language=cs
sonar.sourceEncoding=UTF-8
sonar.visualstudio.enable=true
sonar.visualstudio.testProjectPattern=UnitTest
#Core C# Settings
sonar.dotnet.visualstudio.solution.file=./MySample.sln
#sonar.silverlight.4.mscorlib.location=C:/Program Files (x86)/Reference Assemblies/Microsoft/Framework/Silverlight/v5.0
sonar.dotnet.excludeGeneratedCode=true
sonar.dotnet.4.0.sdk.directory=C:/Windows/Microsoft.NET/Framework64/v4.0.30319
sonar.dotnet.version=4.0
# To prevent any issues while analyzing multiple solutions containing projects with similar keys
# Will be set by default to safe starting at version 2.2: http://jira.codehaus.org/browse/SONARDOTNT-339
sonar.dotnet.key.generation.strategy=safe
sonar.cs.opencover.reportsPaths=C:/openCoverAnalysis/Sample.xml
# FXCop
sonar.fxcop.mode=skip
sonar.fxcop.mode=skip
is not working. Am I missing anything ?
SonarQube version 4.5
i've read the documentation about exclusions, tried several combinations, but still Sonar is analyzing code that it was not supposed to. The following is a sample of my sonar-runner.properties file:
#----- Required metadata
sonar.projectKey=ProjectKey
sonar.projectName=ProjectName
sonar.projectVersion=1.0
sonar.sources=MySourceFolder
sonar.build-stability.url=-
sonar.language=cs
sonar.dotnet.visualstudio.solution.file=MySourceFolder\\Solution.sln
sonar.donet.visualstudio.testProjectPattern=*.Tests*
#----- Default source code encoding
sonar.sourceEncoding=UTF-8
#----- Default Sonar server
sonar.host.url=http://myserver
#----- MySQL
sonar.jdbc.url=jdbc:mysql://myserver:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true
sonar.jdbc.driver=com.mysql.jdbc.Driver
#----- Global database settings
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar
#----- Static analysis
sonar.fxcop.installDirectory=C:/Program Files (x86)/Microsoft Fxcop 10.0
Last option i used was to configure the exclusions through the Sonar UI (Project Settings > Exclusions > Source File Exclusions) and set a value like the following:
MySourceFolder/FolderA/FolderB/*.cs
In the logs i see the following message:
[17:27:10][Step 7/9] 17:27:10.919 INFO - Excluded sources:
[17:27:10][Step 7/9] 17:27:10.919 INFO - MySourceFolder/FolderA/FolderB/*.cs
Still, i the code is being analyzed as it appears in sonar violations and duplications plugins info.
Any idea on what might be causing this behaviour or how to correctly configure exclusions for C# files ?
Thanks a lot!
Ricardo
As specified on the SonarQube analysis parameters page, the property to specify exclusions is "sonar.exclusions".
So here's what you can specify in your "sonar-project.properties" file:
sonar.exclusions=FolderA/FolderB/*.cs
Actually, for me it worked the opposite.sonar.exclusion didn't excluded the file from analysis but adding the file name to exclusion list through Sonar GUI worked fine.
I used it for JavaScript analysis.
I'm trying to use sonar for static analysis on a c++ code. I've installed sonar and configured my project (it appears on the localhost sonar page, but i do not see any code violation for the respective code). I have the C++ community plugin installed.
My sonar-project.properties looks like this:
# required metadata
sonar.projectKey=DiceInvaders
sonar.projectName=Dice Invaders
sonar.projectVersion=1.0
# optional description
sonar.projectDescription=DiceInvaders by CS
# path to source directories (required)
sonar.sources=D:\\DiceInvaders\\Code
# path to test source directories (optional)
#sonar.tests=D:\\DiceInvaders\\Code
# path to project binaries (optional), for example directory of Java bytecode
#sonar.binaries=binDir
# optional comma-separated list of paths to libraries. Only path to JAR file is supported.
#sonar.libraries=path/to/library/*.jar,path/to/specific/library/myLibrary.jar,parent/*/*.jar
# The value of the property must be the key of the language.
sonar.language=c++
sonar.exclusions=**/*.ipch, **/**/*.rc
sonar.cxx.cppcheck.path = "C:\Program Files (x86)\Cppcheck\cppcheck.exe"
sonar.cxx.cppcheck.reportPath="D:\DiceInvaders\Code\cppcheck-reports\cppcheck.xml".
# Additional parameters
#sonar.my.property=value
I do not get any error when running sonar-runner from cmd.
If i run manually the cppcheck.exe tool on my project I can find violations. Why don't the violations appear on sonar's page?
Is there something else I should configure, am I doing something wrong?
I was able to make it work by running the cppcheck tool independently before sonnar-runner, and placing the generated xml report in the bin folder of sonnar-runner.
In the sonar-project.properties file I've specified the xml directly:
sonar.cxx.cppcheck.reportPath=cppcheck-result-1.xml
I had a similar problem, which was caused by a whitespace after 'sonar.language=cs'. Be sure that there is a linebreak immediately after 'cxx'. Hope it works.
The language key of the Sonar C++ Community plugin is not 'c++' but 'cxx'. See http://docs.codehaus.org/pages/viewpage.action?pageId=185073817.
So you must replace 'sonar.language=c++' by 'sonar.language=cxx'