Say I have the following sources defined in my sonar project properties file.
sonar.sources=src/client/app,src/server
Could I get SonarQube to use one quality profile for one path, and a different profile for the other?
Is this possible?
It's possible to apply multiple quality profiles to a project only as separate SonarQube projects with separate keys and analyses.
I.e. You'd have to analyze twice: once for each directory.
Your next question, of course, is how to re-combine the products of the two separate analyses. The answer is that that's only available with the Governance($) plugin, and Governance is only LTS-compatible (5.6 at this writing.)
Related
I have a very large Java project with a massive codebase statically analysed with SonarQube. A part of it, confined to one module, is currently being rewritten. I would like to apply a different quality profile to this part of the codebase without changing the profile for the rest of the project. To be more specific: I would like to disable one of the rules in the current quality profile just for this one module. Is this possible and if yes, how do I do that?
I have been scouring through SonarQube settings looking for any options for this kind of setup. The only thing I have found until now is the option to Restrict Scope of Coding Rules under Project settings > Analysis Scope. Here one can restrict the application of a certain rules or rules to only certain file patterns. Not exactly what I was looking for.
Any ideas?
I know that SonarCube could exclude certain codes or modules.
My question is that, currently i have certain project, i only want to scan part of the codes using all SonarCube rules;
but at same time, for other parts of same project codes, i only want to apply some of the Sonar rules(for example, rules relates to security).
See this image for my example
Any experts can give me some hints, whether sonar can do this using maven or not, and how if possible. thanks.
This is not a common use case, but I see two options:
Create two quality profiles, and analyze your project twice using a different project key and a different quality profile. In SonarQube it will show 2 different projects. Using file inclusion/exclusions, you can partition your modules in the two projects. Note that having two projects could bring some difficulties, for example if you use PR analysis. Still you can have an overall view of the quality using an application to group them.
Keep a single quality profile and single project, but use advanced issue exclusion patterns to exclude issues you don't want on specific files. Managing those exclusions could be a bit tedious.
I want to integrate multiple projects in sonarqube(Not multiple modules). Is it possible to integrate multiple projects in sonarqube?
When I used multiple comma-separated sources in sonar.sources attribute of sonar-project.properties file, I got an aggregated report. I want to monitor multiple projects, is it possible to get distinguished reports for multiple sources?
You can use the commercial Views plugin : http://www.sonarsource.com/products/plugins/governance/portfolio-management/
There is an example on how to use it on my blog: http://qualilogy.com/en/your-own-quality-model/
Regards
I would recommend to take a look on the project https://sq.4smart.cloud/. It allows to gather results from multiple projects in one consolidated report.
Is there a way to have several profiles for one project in Sonar ?
For example we have a Java EE project with : EJB and WebApp (JSP and Back Bean).
We have 3 quality profiles: Java, Web and XML. To "execute" these 3 profiles on our project we run three sonar analysis and create 3 result projects in Sonar.
We use views to regroupe these three projects, is there a way to have one project that use 3 profiles and not use views?
We want to use views to group different projects and not on the same project.
You can't have multiple profiles for the same project. But if you want this, you just have to create your own custom profile which has all the rules defined in your profiles. For Example, let's say you have quality profile "Android Lint" and "Sonar Way", and if you wan't to check your project against both these profiles, just do the following:
Go to Quality Profiles tab in SonarQube
Click on Back Up on the Profiles you want. It will download an .xml file for each profile.
Just go through the .xml file and figure out how it is written and then Create a new .xml file which contains the rules of both the profiles and give it a cool name.
Go back to Quality Profiles tab in SonarQube
Click on Restore Profile and upload your .xml file.
That's it.
You now have your own custom quality profile with all the rules that you want.
UPDATE:
In the latest version of SonarQube (I am using 6.2), you can use the concept of "Inheritance" to combine multiple quality profiles. You can now set a parent quality profile for any profile. Using this you can chain multiple quality profiles.
See: SonarQube: How to apply multiple quality profiles to one project?
Applying multiple profiles for one project is not possible.
I see two alternatives: Merging your profiles as already mentioned or scanning the same project under a different "branch" (as in SonarQube terminology).
For a scan under a different branch refer to the sonar quality profile to project association. Please be aware that the syntax of the maven call is actually wrong, use this one instead:
mvn ... -Dsonar.profile="Your profile name" -Dsonar.branch=YOUR BRANCH
Using this will create a new project under the same name plus the branch as postfix. (projectName:branchName)
Regarding the merge of two profiles the easiest way is within the Rules tab:
Select Quality Profile x in Filter View
Bulk Change (in the upper right of the List View)
Activate In
Select Quality Profile y
This will automatically merge the two sets and prevent redundancy.
Just expanding on #guitarium 's answer above:
For SonarQube 7, you can simply do the following on the SonarQube web portal to add extra rules from other profiles into a custom profile (same as merging, really):
Go into Quality Profiles and click the dropdown next to a profile you want to merge
select Copy
Give the copy a cool name
Click on the new copy to go into it's Quality Profiles page
Go to Actions -> Activate more rules
Click Bulk Change , then Activate in and select your new cool profile
You now have a super cool merged profile. Nice job
I have some projects and i wrote an ant script to run sonar with this projects.
Its okay so far. But i need to show these projects under a top level project like sub projects.
I am using just Ant to run sonar and i just working on pure code not on binaries.
(I just need to analysis)
I could not find how i can solve this.
You have 2 choices:
Either those projects are really linked together, and you can configure an Ant build script to have a multi-module project that wraps all your projects => http://docs.codehaus.org/display/SONAR/Analyse+with+Ant+Task#AnalysewithAntTask-Analysemultimodulesproject
Or those projects are different (=> they have different lifecycles, they are functionnaly different, ...), and the best option is to use the Views Plugin => http://www.sonarsource.com/plugins/plugin-views/Overview/
Sounds like you need the Views-Plugin: http://www.sonarsource.com/plugins/plugin-views/Overview/
The SonarSource Views Product enables the creation of any aggregation
trees to regroup projects. Projects can for instance be grouped by
applications, applications by team, teams by department… Each level of
the tree is a View and offers all standard services such as dashboard,
hotspots, timemachine, drilldown… showing the consolidated measures.