How do I use Sonar Plugin with Hudson? - sonarqube

I want to use SonarQube for Code Quality analysis. I have Hudson as the CI tool and have integrated clearcase. How do I use SonarQube when the Ant build happens? Do I need to install SonarQube in a server and use a plugin to access it?
Can someone help me?

Install SonarQube web server as a first step. Default port will be localhost:9000.
After installing SonarQube you need to create an Ant target. Sample Script is available on GitHub. If Hudson is working correctly earlier. It will pick up the changes in Ant Script and perform the Analysis. After the completion of Analysis report will be generated and accessible at SonarQube Web Dashboard.

Related

Integrated JaCoCo results in SonarQube using Jenkins Maven Multitarget-App

after fighting now with integrating JaCoCo results into my SonarQube to see code coverage for more then one working day, I will try to open another post regarding this topic, because the internet is really messed with postings.
Preconditions:
SonarQube: Version 6.7.2
Maven: 3.5.2
Windows Server2012 R2
I successfully integrated Sonar Scan and results are published. I added the configuration for JaCoCo in the pom.xml of my application and the result files are generated after the build and just using the JaCoCo Jenkins plugin they can be displayed on the Jenkins dashboard. But I did not figure out what Analysis properties the Jenkins action "Execute SonarQube Scanner" needs in order to import the results and display them.
Is "scan" the correct operation or do I need something else to trigger the import?
I saw so many variantes of giving JaCoCo and Sonar the correct parameters, that I do not have a clear picture any more. Any hints maybe looking at my parameters?
As described in the docs, since you're building with Maven you should analyze with it too. There's some global setup you want to do (see the docs) but once that's done, you'll add this to your job instead of your current SonarQube Scanner build step:
$SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL
Note that this needs to come after your build and test execution. The JaCoCo reports should be picked up automatically.
I successfully integrated it now with these Analyses properties and it is working.
sonar.projectName=
sonar.projectKey=
sonar.login =
sonar.password =
sonar.sources=./
sonar.java.binaries=./
sonar.jacoco.reportPaths=./trackingboard-service/target/jacoco.exec
sonar.jacoco.reportMissing.force.zero=true

Calling non-hosted Sonar using Travis Plugin

I'm trying to push to self run SonarQube after Travis runs tests and am unable to do so with the official plugin.
Only work around I can get to work is pulling sonar scanner directly but I would rather be using the plugin.
The Travis-CI plugin is designed specifically to work with SonarCloud. To analyze from Travis with another instance, you'll need to explicitly configure your built to execute analysis pointed at your self-hosted instance.

SonarQube VSO Buildagent task (pre checkin) always succeeds

We are using scripted build in our VSO environment and integrate with SonarQube, using the SonarQubePreBuild and SonarQubePostTest tasks.
Especially since SonarQube version 5.2 we experience that builds are always succeeding as long as SonarQube succeeds in generating the report.
For VSO Git pre-commit policies we have configured pull requests to start a build including SonarQube analysis.
However the configured Quality Profile is not met for the project, the build seems to succeed since SonarQube was able to do the actual analysis.
...But we want the build to fail....since quality conditions are not met.
We could add an additional custom (powershell) task to retrieve the results from the SonarQube instance, but what if we are running in preview mode and reports are not stored in the SonarQube database?
Before 5.2 you could use the Build Breaker Plugin to have the build fail in VSO. But the Plugin is no longer compatible with 5.2 and is planned to be included in Sonar Core in 5.4.
See this question for details.

sonar-3.5.1 deploying project on sonar server but code not showing

I have upgraded my sonar version from sonar-3.2 to sonar-3.5.1 and upgraded sonar-runner from sonar-runner-1.1 to sonar-runner-2.2.2, now when i am deploying project on newly installed sonar 3.5.1 it run successfully and showing ANALYSIS SUCCESSFUL, it also show project name on sonar server when i use localhost:9000 on browser but code is not showing there, no violations are coming etc.
i am using sonar in two ways and both results the same. Two ways are:
1. using sonar standalone through sonar runner from cmd.
2. integrating sonar with Jenkins(1.515) and using maven(3.0.4)
when i do sonar analysis on sonar 3.2 everything is working fine in both of the above cases but problem comes only when i use sonar 3.5.1.
Can anybody help me out on this issue??
Please suggest what would be the possible way to overcome this issue..
your revert will be appreciable.. Thanks in advance!!
Please refer below for logs
and sonar dashboard
So I do confirm that the Sonar Java plugins have been deleted from the extensions/plugins directory and that's why you don't get any measures/violations when analysing a java project. Here is the link to download version 1.2 of the Sonar Java plugin ecosystem : http://docs.codehaus.org/download/attachments/230396085/JavaEcosystem-1.2.zip. You just have to decompress this archive, place all jar(s) in the extensions/plugins directory and relaunch the Sonar server.

Eclipse sonar plugin vs findbugs+pmd+checkstyle eclipe plugins

We are trying to install a CI Platform with (Jenkins,sonar,eclipse ...).
So that every developer can make analysis on his code before commit, I'm wondering between two alternatives :
running local analysis with the sonar plugin.
install the different plugins that sonar use (findbug,pmd,checkstyle ...) and configure them to meet the sonar configuration.
I'm not sure which alternative to use? I used to work with findbugs,pmd, checkstyle in eclipse and they look great.
Can you tell me which is the best alternative?
Thanks in advance.
Regards.
With Sonar plugin you can manage the violations like:
Create a review
Mark a violations as false positive or fixed
View the hot classes and hot violations
View yours reviews
If you use separate plugins you have to go sonar web to do that.
The great advance of sonar is the reviews.
Other question is how many projects you have and will have. I currently work with more than 70 projects and many profiles. Is more simple to me run analysis with one plugin, because I need just add the server and find the project. With other plugin you need add the link for each project in each plugin configuration.
Why not install the Sonar Eclipse plugin?
This was designed to solve the following problems:
Sonar does not support parallel analysis of the same project. This issue rules out the option of each developer running Sonar locally. (See SONAR-2761, SONAR-3306)
You don't really want developers uploading metrics and source code into the Sonar database. They could be working on an uncommitted workspace and would therefore cause both inaccuracies and confusion if Sonar is being used for code review.
Sonar is really designed to be run from a continuous integration server (like Jenkins), building code that has been submitted onto a shared codestream (or branch)
The big advantages of using the Eclipse plugin are:
True local analysis, no updates of the Sonar database
Configuration of the other tools is retrieved from the Sonar server and jars automatically downloaded.
Centralized management of Sonar quality profiles

Resources