Differences between sonar-maven-plugin and sonar-scanner - sonarqube

We currently use the sonar-scanner utility to run sonar analysis on our maven multi-modules java project.
I wanted to move from the sonar-scanner to the sonar-maven-plugin, but the first tests shows a big discrepancy in the reported metrics.
For example the number of lines of code went from 466'000 to 154'000.
The main difference seems to be that the maven plugin does not analyse the src/test directories whereas the scanner does. Another reason could be that the maven plugin only analyses the modules which are enabled.
Do this behavior seems normal to you ?
or did I miss some configuration in the plugin or the scanner. They both should pull the config from our sonarqube server.
If this is the normal behavior then should I stay with the scanner and keep the metrics history or should I start over with the maven plugin ?
I could redo some analysis for all versions we released to have some comparisons and trends.
Thanks for your advices.
Update:
Settings the sonar.sources and sonar.inclusions like mentioned there gives some better results...
sonar-maven-plugin: extending sonar.sources in multi-module project

Related

SonarQube Configuration

We had recently implemented SonarQube in our team and we have a dashboard configured
We've been able to see some of the details but the line coverage and code coverage is 0 always
Can you advise what we're missing ? I've checked the configuration and all of it seems to be in place
Assuming the latest SonarQube version, note that, as mentioned in this thread
Version 5.12 of our SonarJava analyzer deprecated use JaCoCo’s binary format (.exec files) to import coverage.
As a replacement, we developed the sonar-jacoco plugin, which imports JaCoCo’s XML coverage report, and this is the preferred option now. I
That page illustrates how to include those reports for a maven or a gradle project. Again, it depends on the nature of your projects.

Analyze Maven pom with SonarQube

Can I analyze pom files correctness using Sonar? (like the maven enforcer plugin rules)
The short answer is no. The slightly longer answer is maybe. There is no plugin listed on the office plugins page with this functionality, but it's possible to write a plugin that could run some rules on a maven project and report the issues as like with any other metric...

SonarQube : Execution of several Sonar analysis at same time, on same project. Different versions

I want to have Sonar analysis being performed on twice on the same Maven project at the same time, but different versions.
i.e. GAV details
<groupId>com.test.exm</groupId>
<artifactId>exm001</artifactId>
<version>1.5.0-SNAPSHOT</version>
AND
<groupId>com.test.exm</groupId>
<artifactId>exm001</artifactId>
<version>1.4.0-SNAPSHOT</version>
This gives the error though...
Caused by: org.sonar.api.utils.SonarException: The project is already
being analysed. at
org.sonar.batch.scan.ProjectLock.start(ProjectLock.java:55)
Please don't ask why I have snapshot 1.4.0 and 1.5.0 at the same time.
Its a legacy build thing going on in the background.
I would have thought the semaphore lock used would include the version number, not just the artifact and groupID.
I've found this defect...
https://jira.codehaus.org/browse/SONAR-2761
I could turn off sonar for the legacy stuff, but I'd sooner see if there is a fix I could make to allow Sonar to do the analysis.
In order to achieve this, you can use the sonar.branch property on the legacy version of your project.

The Issues Report Plugin does not retrieve metrics

I have a problem when I run the Issues Report Plugin on the multi-module project. I noted that the documentation indicated that the plugin is incompatible with this kind of project.
Nevertheless, I tried to run a sonar-runner dry run on one of the modules using its projectKey and projectName (retrieved from the widget Description). Unfortunately, the plugin has not retrieved metrics previously analyzed for this module. All anomalies are marked as new.
Is there a way to ensure I get the right values?
The dry run mode for SonarQube analyses on multi-module projects suffers from limitations, which are all fixed in the upcoming 3.6.1 version of SonarQube.
See the following ticket: https://jira.codehaus.org/browse/SONAR-4265
And just to be clear: the Issues Report Plugin does not export measures of metrics, it only exports issues.

COBERTURA configuration within SONAR

I am using SONAR for Code Quality checks of my projects. In one project I would like to know the code coverage of a library which is included in the classpath (maven dependency).
Is it possible to configure SONAR (with embedded COBERTURA) to also instrument the specific library for code coverage analysis? As cobertura instruments the bytecode this should be possible but I do not know if it is supported by cobertura (even indepentend from SONAR).
Any hints are welcome.
Regards
Klaus
You would have to set up cobertura(maven target) yourself and import the results(See dynamic analysis)
sonar.dynamicAnalysis=reuseReports
sonar.cobertura.reportPath=PATH_TO_RESULT
But I will not help much:
you would need the src files of the jar to see the coverage, otherwise you would just get % numbers and I'm not even sure sonar will show the extra covered files
the coverage for your whole project will always include the % of the library, so it will go down
It is better to test each project with its own unit tests on its own.

Resources