In a quality gate, we are able to specify values for 'Mutations Coverage', that specify when a warning or error is generated. Is there a way to display the mutations coverage value.
For example in the Measures -> Coverage tab?
This is where It coverage and the number of unit tests are displayed.
Any suggestions would be most welcome
All non-hidden measures (there are some metrics that are hidden either because they're deprecated or because they're calculated solely to feed other metrics) are displayed automatically in the Measures space.
If you have a plugin that's creating Mutations Coverage metrics, those values should already be available. But such measures are not created by default.
Tangential but relevant: SonarQube 6.2 consolidated coverage metrics into simply Coverage. Now you can feed as many coverage reports as you want, assuming the language plugin has been upgraded to support that, but the values are consolidated under the theory that by and large people don't care how the code is covered, only that it is.
Related
i am a Beginner with SonarQube and really tried to google and read a lot of community pages to understand which functions SonarQube offers.
What i dont get is: What does the test coverage in SonarQube refer to?
If it says for example that the coverage on New Code is 30% what does new code mean?
And when does SonarQube say that a issue is a bug? Is the analyzed code compared to a certain standard in order for SonarQube to say that there is a bug?
I hope someone with more knowledge about SonarQube can help me understand it. Thank you very much
Test coverage (also known as code coverage) corresponds to the proportion of the application code (i.e., code without test and sample code) that is executed by test cases out of all application code of the code base.
SonarQube does not compute code coverage itself. Instead coverage is computed and uploaded by external code coverage tools (e.g., cobertura, JaCoCo). SonarQube presents code coverage at different levels (e.g., line coverage, condition coverage); see https://docs.sonarqube.org/latest/user-guide/metric-definitions/#header-9.
Coverage on new code refers to the proportion of code that is both covered and added (or modified) since a certain baseline out of all added and changed code since the same baseline. The baseline can, for example, be the previously analyzed code state or the code state of the previous commit. That is, this metric expresses how extensively changes have been tested. Note that 100% coverage does not mean that code has been perfectly tested; it just says that all code has been executed by test cases.
Issues in SonarQube do not necessarily represent bugs. Usually most issues are actually not bugs but are problems affecting code maintainability in the long term (e.g., code duplications) or violations of best practices. Still, some issues can represent bugs (e.g., potential null-dereferences, incorrect concurrency handling).
Note that an issue can also be false a positive and therefore not be a problem at all.
Most issues are identified with static code analysis by searching the code structure for certain patterns. Some can be uncovered by simple code searches (e.g., violation of naming conventions). Other analyses / issue classes may additionally need data-flow analyses (null-dereferences) or require byte-code information.
SonarQube 7.3 it has inbuilt support for golang where I have found at least 2 issues :-
It does not exclude *_test.go automatically from coverage. In unit tests it also picks up IP addresses and asks them to be made configurable (not constant which also does not fix the error).
It counts structs and const as not covered lines and hence has a significantly lower % covered than the go coverage tool itself making it a bad use case. For example in a medium size project it reports 40% coverage against go tools 70%
Apart from commenting them all to be sonar exclude or putting constants and structs in a common exclude pattern file is there something else that can be done? Is there a plan to address these in a later version of SonarQube?
For now (SonarQube 7.4), SonarGo analyzer does not identify automatically *_test.go as test files. This is a missing feature, this is why the SonarGo documentation describes how to properly identify test files through settings:
sonar.test.inclusions=**/*_test.go
Without proper test identification, the coverage result will be wrong and the analysis result could raise issues that do not make sense (like hard-coded IP addresses in tests).
About the coverage accuracy (for files that are not test files), there's two cases:
If a file has entries related to it in the coverage report, the covered lines shown in SonarQube should match exactly the ones in the report, otherwise it's a major bug. But the percentage shown by go tools (ranges coverage) could be slightly different that the percentage shown in SonarQube (lines coverage), e.g: +2%.
If a file is not in the coverage report, SonarGo generate a 0% coverage based on its definition of executable line of code. If there's a difference with go test definition of executable line of code, it's a bug that will disappear once the file is partially covered.
The best way to have those coverage bugs fixed, is to report them at community.sonarsource.com by creating a Report a Bug topic with a small code reproducer.
Is there any way to include the test coverage of Cucumber features and other useful statistics in the SonarQube analysis? I have done a bit of researching, but couldn't find a proper plugin.
From this thread (written after the OP's question), David Racadon added:
As far as I understand:
It is not possible to run an analysis on a project containing only test code because the 'sonar.sources' property is mandatory.
Measures on test code are not aggregated at project level.
As far as I am concerned, I consider test files part of the project the same way source files are. Thus, measures of test files should be aggregated on top of source files.
For now, SonarQube shows that your project is 1,000 lines even if you have 0 or 10,000 lines of test code on top of those 1,000 lines of source code. For me, SonarQube gives you a biased estimate of the size of your project and the effort of maintenance.
The closest would then be his plugin racodond/sonar-gherkin-plugin which:
analyzes Cucumber Gherkin feature files and:
Computes metrics: lines of code, number of scenarios, etc.
Checks various guidelines to find out potential bugs and code smells through more than 40 checks
Provides the ability to write your own checks
I'm using SonarQube 5.4 and I noticed that when a metric, which is used to calculate the Quality Gate status, is missing then that is handled in the same way as if the criteria was met.
Isn't it more intuitive that the Quality Gate fails if there is missing information to determine the status?
Or at least that it is configurable to fail by default if there is missing data?
Instead of having the quality gate able to deal with a missing code coverage measure our goal is to find a standard way to force coverage to 0 when there is no coverage information available for one source file. This is not an easy subject but this is something that we'll try to fix part of https://jira.sonarsource.com/browse/MMF-345.
I have enabled code coverage statistics in Xcode 7.0 and Objective C (like this) and it's working well.
Is it possible to mark some source lines so that they are ignored by the coverage report? If I was using lcov then I could use LCOV_EXCL_START and LCOV_EXCL_END markers (as in How to tell lcov to ignore lines in the source files) but Xcode doesn't recognize those.
Does Xcode have an alternative mechanism for doing this?
Xcode7 and later (based on some forum posts), the coverage system uses LLVM's coverage generation and reporting mechanisms, the format for which is detailed at http://llvm.org/docs/CoverageMappingFormat.html. As of Xcode 9, this format does not support any means of exclusion of lines (or other structures).
The resulting mapping is exported into a consumable format (txt or html) by llvm-cov, which also doesn't really have much in the way of exclusion mechanisms. llvm-cov does have some simple thresholding for only reporting on "greater than" or "less than" coverage for both lines and regions, but I suspect that's not entirely what you're after based on the question above.