Since we updated to SonarQube 6.2 it seems code coverage plugin got merged in the core.
It shows red flags everywhere and I can’t find how to turn it off, we do not use code coverage.
You don't specify what language(s) you're analyzing. I'll assume Java and/or JavaScript. Starting from 6.2, SonarQube supports "force coverage to 0", which marks as uncovered executable lines in files that don't show up in any coverage reports. (That's assuming the underlying code analyzers support the feature, and Java and JavaScript already do.) The purpose is to have a more accurate picture of what's missing when you actually are using unit tests. Without this feature, it's impossible to tell whether a file that's omitted from coverage reports is missing because it has no executable code or because there are no tests on it - even when there should be.
Since you're not using unit tests (really?) you can exclude all the source files in your project from coverage calculations via the UI: Administration > Analysis Scope > Coverage Exclusions. A pattern value of **/*.* ought to do it for you.
Code coverage feature is in SonarQube misleading. To turn this off:
Under Quality gates create new or copy existing profile.
There delete Coverage metric
SonarQube Version: 9.2
Related
It has been cleared here that from Sonarqube version 6.2 that coverage reports are merged and there won't be separate unit and integration coverage report anymore.
We still interested to have these two coverage reports separately. So, We have three sonar projects: unit-tests, integration-tests, whole-project(which is responsible to create overall coverage report)
Problem: All source files are analysed in all three projects. Since the number of files are too many, it takes several minutes to perform the analysis.
Question: Is it possible to turn off sonar issue analyser somehow in a project? It is desired to report only test coverage in the the first two projects(unit-tests & integration-tests) without analysing all files, and then run the issue analyzer only on the last project(whole-project). It could help us to analyse all files once instead of three times.
Additional info: We use sonar gradle plugin version 2.6.2 and sonarqube version 7.4
SonarQube/SonarCloud main responsibility is informing users about issues. Displaying code coverage is just an additional feature. It means there is no flag/parameter which allows you to do it.
Luckily, there is a workaround. You can create empty quality profiles, and use them to scan those two projects (unit-tests & integration-tests). You will get 0 issues because there are zero rules enabled.
The following feature request should be interesting for you: Making test coverage measures mode useful. Feel free to vote on it.
I have several java projects with no unit test cases. When I try to analyse these projects using SonarQube I am unable to get unit test code coverage because it doesn't have any test cases. As per my research I saw that I can force it to show it as zero if there are no unit test cases. The official Jacoco Java documentation mentions sonar.jacoco.reportMissing.force.zero=true.
My SonarQube analysis will be done using maven builds and SonarQube 5.6.6 and sonar-java 4.11.0.10660.
How can I set this parameter in maven so that it can show as zero unit test cases in my coverage?
From version 6.2 SonarQube does this automatically where the behavior is supported by the analyzers. Before that version, availability of the feature is spotty and not entirely reliable. For best results you should upgrade SonarQube.
That said, you can set that property on the analysis command line like so:
mvn sonar:sonar -Dsonar.jacoco.reportMissing.force.zero=true
Or by setting a property in your pom, as shown in the docs
Update 16 Dec 2019
Most language analyzers now calculate Executable Lines, so files omitted from the coverage report are included in calculations anyway. But that only kicks in if you provide coverage reports. No coverage reports -> no coverage metrics at all.
Here's a screenshot so you better understand what I'm talking about:
Shouldn't all directories have coverage?
I have to say that those directories (without any number) are not covered by any tests but doesn't this mean that the coverage is 0%?
Yes, they should. But they don't because when no coverage engine reports any coverage on a file, is that because the file is executable but there are no tests on it, or because the file is not executable?
SonarQube v6.2 will begin to address this by automatically forcing to 0 the coverage metrics on files not covered in the unit test reports. However, this behavior will only be fully enabled when each of the language plugins reports the "executable lines" for each file.
So in practice the new behavior enabled in 6.2 (not released at this writing, but "soon") won't be truly available until the language plugins start supporting it. Probably over the next few months.
I am using SonarQube 4.3 version to show Unit tests and other code metrics analysis results. Now I am looking for incremental preview or mode for my analysis results as described here.
I am looking to see whether the last code checked-in has a 100% unit test coverage, no security violations and has other quality gates passed.
Currently sonar gives overall combined report for all the files within project. Can we have one for the changed files in the last build as well?
Does Sonar offer any way to raise alerts and fail a build when the trend for certain metrics is bad?
Background: In our legacy project using a static threshold for example for code coverage ("red alert when coverage is below 80%") does not make much sense. But we would like to make sure that the coverage does not go down any further.
Please do not give any advice on lowering the bar by using a less restrictive rule set. This is no option in our case.
There is a build breaker plug-in that will fail the build if you breach a Warning or Error threshold setup in the quality profile.
Plug-in details are here:
http://docs.sonarqube.org/display/PLUG/Build+Breaker+Plugin
Not aware of any functionality that enables you to a metric trend.
We use Sonar as the second last step in our release process. The build breaker ensures that releases do not breach predetermined quality criteria.
We tried exactly the same, using the build breaker plugin. After a while, it showed to be too unflexible (and configuring Sonar is a mess), so we moved from sonar to Jenkins/Hudson plugins like Cobertura (for code coverage) or PMD for code style:
https://wiki.jenkins-ci.org/display/JENKINS/PMD+Plugin
https://wiki.jenkins-ci.org/display/JENKINS/Cobertura+Plugin
With these plugins, very fine-granular settings are possible, to set for example the build to yellow at <70% code coverage or to red by <50%; even the weather-symbol for each build is setable.
In the meanwhile we scripted our own buildbreaker that gets excecuted within our build. We use Groovy to query the REST API of Sonar to retrieve a certain set of metrics (including their historical values). The retrieval of metrics is provided by a build plugin that is provided for our whole division.
Each team can parameterize their build with a set of rules regarding those metrics that have to be verified for their project. Of course, the rules are also provides as Groovy snippets :-)
Typical are:
Number of (major|critical|blocker) violations is less or equal than in previous build
No new duplicates
Coverage not lower than in previous build
Bad findings can then be used for breaking the build or just for reporting.