Recently we were migrated SonarQube-6.3 to SonarQube7.9. From the Hybris side we are using sonar.xml is ant build file.
When we ran the sonar via ant command is ant sonar
we are getting the below issues.
[sonar:sonar] File 'someFile.java' is ignored. It is not located in project basedir 'D:\HybrisSuites\HYBRISCOMM6400P\hybris\bin\platform'.
based on the sonar.xml, we are mentioned the sonar properties in local.properties file.
sonar.projectName=TE
sonar.projectKey=TE
sonar.projectVersion=1.0
sonar.verbose=true
sonar.language=java
sonar.sourceEncoding=UTF-8
sonar.scm.disabled=True
sonar.host.url=http://localhost:8000
sonar.java.source=1.8 sonar.excludedExtensions=core,testweb,b2bacceleratoraddon,hystrixaddon,oauth2,embeddedserver,tomcatembeddedserver,platformbackoffice,voucherbackoffice,backofficesolrsearch,pcmbackoffice,promotionsbackoffice,ticketsystembackoffice,adaptivesearch,ordercalculation,webservicescommons,solrfacetsearchbackoffice,basecommercebackoffice,ruleengine,ruleengineservices,ruledefinitions,ruleenginebackoffice,b2bcommercefacades,b2bapprovalprocessfacades,droolsruleengineservices,promotionengineservices,promotionenginebackoffice,couponservices,couponwebservices,couponfacades,couponbackoffice,rulebuilderbackoffice,solrserver,commerceservicesbackoffice,customersupportbackoffice,adaptivesearchbackoffice,adaptivesearchsolr,warehousing,commerceorgaddon,paymetric,scripting,paymentstandard,mediaweb,maintenanceweb,deliveryzone,commons,processing,impex,validation,catalog,europe1,platformservices,workflow,hac,comments,advancedsavedquery,springintegrationlibs,ldap,hmc,virtualjdbc,cockpit,admincockpit,reportcockpit,platformhmc,productcockpit,customerreview,sapcoretest,sapcoreodata,sapcore,sapcorejco,sapcorejcorec,sapcorebol,advancedexport,backoffice,datahubbackoffice,mcc,wishlist,mediaconversion,solrfacetsearch,solrfacetsearchhmc,voucher,promotions,basecommerce,ticketsystem,cms2,cms2lib,btg,cmscockpit,btgcockpit,b2bcommerce,payment,commerceservices,b2bapprovalprocess,commercewebservicescommons,cscockpit,acceleratorservices,b2bacceleratorservices,acceleratorcms,commercefacades,acceleratorfacades,acceleratorstorefrontcommons,b2bacceleratorfacades,addonsupport,sapcoreaddon,captchaaddon,liveeditaddon,commercesearch,commercesearchhmc,commercesearchbackoffice,datahubadapter,sapcoreconfiguration,sapmodel,sapproductavailability,sapproductavailabilityhmc,b2bsapproductavailability,sappricingbol,sappricinghmc,sappricing,sappricingproductcarouseladdon,b2bsappricing,sapcustomerb2c,sapcustomerb2b,sapmodelhmc,saporderexchange,saporderexchangeb2b,sapcoreconfigurationhmc,sapproducthmc,sapcoreconfigurationbackoffice,multipaymentmode,amazonpay,codpayment,bspay,paypalservice,acceleratorcmshmc,warehousingwebservices,npmancillary,acceleratorwebservicesaddon,commerceserviceshmc,yaddon,customerticketingfacades,consignmenttrackingservices,ordermanagementwebservices,ordermanagementaddon,sap,promotionenginesamplesaddon,cmsfacades,consignmenttrackingfacades,ordermanagementfacade,warehousingfacade,samlsinglesignon,ycommercewebservices,consignmenttrackingaddon,ycommercewebservices,ycommercewebserviceshmc,acceleratorserviceshmc,customerticketingaddon,orderselfserviceaddon,asynchronousOM,saporderexchangehmc,saporderexchangebackoffice
sonar.global.exclusions= **/gensrc/**/*.java ,**/mobile/**/*.java,**/v1/**/*.java
sonar.exclusions=**/gensrc/**/*.java ,**/mobile/**/*.java,**/v1/**/*.java
sonar.sources=D:/HybrisSuites/HYBRISCOMM6400P/hybris/bin/custom/te/tecore/src
sonar.java.binaries=D:/HybrisSuites/HYBRISCOMM6400P/hybris/bin/custom/te/tecore/classes
Can you please let me know is there any properties i missed?
This will only scan under the base directory, so all files that are not under the base directory will be ignored
sonar.projectBaseDir=D:\HybrisSuites\HYBRISCOMM6400P\hybris\bin\platform
I'm configuring my sonarqube to run on my project, following the instructions given to run from the cloud I have my file like this:
sonar.projectKey=yisera_aaswtest
sonar.projectName=aaswtest
sonar.projectVersion=1.0
sonar.sourceEncoding=UTF-8
sonar.language=js
sonar.profile=node
sonar.exclusions=node_modules, migrations, models_old, seeders, .gitignore
I downloaded sonarqube CLI, copied the bin file to %path% on windows but for some reason, after running the test, I get the following error:
Property "sonar.cfamily.build-wrapper-output" was not specified
As you can see, my project is in javascript(nodejs specifically) and not C++, and even then, for some reason it's scanning my node_modules folder while I explicitly state in my properties file to exclude scanning there.
Any ideas what I might be doing wrong? Here is the command I run:
sonar-scanner.bat -Dsonar.projectKey=yisera_aaswtest -Dsonar.organization=yisera-bitbucket -Dsonar.sources=. -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=cc10c0f538a6b50c876c2c53ed479eadd3e60988
I'm trying to run the analysis locally using Sonar-Scanner 2.6 pointing to SonarQube 5.4. The local solution folder contains the sonar-project.properties file used in the cloud analysis.
I am trying to create the properties file to be used locally, that is separate from the global sonar-project.properties file. This is the command that I ran:
sonar-scanner -D project.settings=sonar-project-local.properties
Expected behavior: Of the two files (sonar-project.properties and sonar-project-local.properties), sonar-scanner would choose the local one.
Observed behavior: If the file sonar-project.properties exists, sonar-scanner uses the global one and ignores the local one.
If I remove (rename) the global file from the directory, then the local file is recognized, and behavior is as expected.
Is this a bug? What is the way to solve this issue without messing with the global properties file?
Generally the answer would be the space in your command. So, not
-D project.settings=...
but
-Dproject.settings=...
But that property was dropped. You'll just need to shuffle the properties files in/out of the "correct" name.
I have very little exposure to SonarQube but have been asked to make a document explaining how to set up / use "sonar-project.properties file". Any information or input would be greatly appreciated.
Here are some resources to get you started
https://www.wrightfully.com/setting-up-sonar-analysis-for-c-projects/ - See Step 6: The sonar-project.properties file.
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
There are also some sample projects on github, you can refer to the project.properties files there as well,
https://github.com/SonarSource/sonar-scanning-examples
Create a configuration file in the root directory of the project:
sonar-project.properties:
# Must be unique in a given SonarQube instance
sonar.projectKey=my-project
# This is the name and version displayed in the SonarQube UI.
# Was mandatory prior to SonarQube 6.1.
sonar.projectName=My project
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file.
# Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=src
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
Reference:
https://docs.sonarqube.org/latest/analysis/analysis-parameters
https://www.devopsschool.com/tutorial/sonarqube/sonarqube-properties.html
I'm trying to use sonar for static analysis on a c++ code. I've installed sonar and configured my project (it appears on the localhost sonar page, but i do not see any code violation for the respective code). I have the C++ community plugin installed.
My sonar-project.properties looks like this:
# required metadata
sonar.projectKey=DiceInvaders
sonar.projectName=Dice Invaders
sonar.projectVersion=1.0
# optional description
sonar.projectDescription=DiceInvaders by CS
# path to source directories (required)
sonar.sources=D:\\DiceInvaders\\Code
# path to test source directories (optional)
#sonar.tests=D:\\DiceInvaders\\Code
# path to project binaries (optional), for example directory of Java bytecode
#sonar.binaries=binDir
# optional comma-separated list of paths to libraries. Only path to JAR file is supported.
#sonar.libraries=path/to/library/*.jar,path/to/specific/library/myLibrary.jar,parent/*/*.jar
# The value of the property must be the key of the language.
sonar.language=c++
sonar.exclusions=**/*.ipch, **/**/*.rc
sonar.cxx.cppcheck.path = "C:\Program Files (x86)\Cppcheck\cppcheck.exe"
sonar.cxx.cppcheck.reportPath="D:\DiceInvaders\Code\cppcheck-reports\cppcheck.xml".
# Additional parameters
#sonar.my.property=value
I do not get any error when running sonar-runner from cmd.
If i run manually the cppcheck.exe tool on my project I can find violations. Why don't the violations appear on sonar's page?
Is there something else I should configure, am I doing something wrong?
I was able to make it work by running the cppcheck tool independently before sonnar-runner, and placing the generated xml report in the bin folder of sonnar-runner.
In the sonar-project.properties file I've specified the xml directly:
sonar.cxx.cppcheck.reportPath=cppcheck-result-1.xml
I had a similar problem, which was caused by a whitespace after 'sonar.language=cs'. Be sure that there is a linebreak immediately after 'cxx'. Hope it works.
The language key of the Sonar C++ Community plugin is not 'c++' but 'cxx'. See http://docs.codehaus.org/pages/viewpage.action?pageId=185073817.
So you must replace 'sonar.language=c++' by 'sonar.language=cxx'