No LOC or Bugs picked up by SonarQube runner - sonarqube

I am using sonar-web-frontend-plugin
I have the following sonar-project.properties file which is located at this path
E:\agent2\test\sonar-project.properties
sonar.projectKey=Test
sonar.projectName=Test
sonar.projectVersion=1.0
sonar.sources=src/app
sonar.sourceEncoding=UTF-8
I have my source code in the following location
E:\agent2\test\src\app
My runner is located here
E:\agent2\test\.sonarqube\bin\sonar-scanner-2.8\bin\
and I am running the following in cmd E:\agent2\test>
E:\agent2\test\.sonarqube\bin\sonar-scanner-2.8\bin\sonar-runner -Dproject.settings= E:\agent2\test\sonar-project.properties -X
It is all running fine but no issues are being reported and no LOC are being picked up in the log it says the following
Calculating CPD for 0 Files
So it does not actually seems to analyse anything, I know there are issues because when i run TSlint locally i get issues found

Your analysis setup looks okay.
It is very likely that you don't have the relevant language plugin installed on your SonarQube instance. Either that, or your code is contained in files with unrecognized extensions.
Each language plugin tells SonarQube scanner "I'm interested in files with these extensions:..."
The fact that the analysis is over "0 Files" indicates that no file extensions were recognized.

Related

SonarCFamily only detects code-smells duplicate code blocks

I'm trying to use SonarScanner with SonarCFamily plugin on my C codebase on ubuntu. I see that the scanner is able to only detect "code smells - duplicate blocks of code" in my codebase and no other forms of bugs/vulnerabilities. I intentionally added a memory leak in the code and SonarQube couldn't detect it while open source SA tool Cppcheck was able to. Am I missing some setting in the sonar-project.properties file ? My sonar.properties file is as follows. Are there any settings needed in the server/SonarCFamily plugin for the tool to detect other forms of SA errors ?
# must be unique in a given SonarQube instance
sonar.projectKey=c-sa-test
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=c-sa-test
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=src
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
sonar.host.url=http://localhost:9000
sonar.cfamily.build-wrapper-output=bw_output
sonar.c.file.suffixes=.c,.h
sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp
Found the root cause - Was missing providing some elements of the project build process as input to the build wrapper. Once those were added, SonarQ provided a detailed report.
I had the exact same problem where SonarCFamily was only reporting code duplications. It was due to an incorrect build process as input to the build wrapper. In my case, I was using SonarScanner.MSBuild and on my build-wrapper line, I didn't have the Configuration and Platform specified, so my projects were not getting built or scanned. The final working lines were:
SonarScanner.MSBuild.exe begin /k:"your key" /d:sonar.cfamily.build-wrapper-output=”bw_output”
build-wrapper-win-x86-64.exe --out-dir bw_output MSBuild.exe your_solution.sln /p:Configuration=Release /p:Platform=x64
SonarScanner.MSBuild.exe end

How to configure a sonar-project.properties file for code coverage?

Current my scanner is running through and only scanning the parent and skipping the rest of my nested files. If I run sonarlint (using the cli and specifying some test and source files) , it tries to analyze 37k files instead of the few I need. I have been able to skip ~3k files by adding the <sonar.skip>true</sonar.skip> property to a pom file. However, I still can't configure the project to run across certain sub-folders and print out some kind of code coverage test. (Is JaCoCo needed for the latest version(6.3,0)? Or can code-coverage be handled through some configuration?).
If Sonar seems to be analyzing too many files, it is probably because you had not set the sonar.sources=src/main/java in your sonar-project.properties file, so it defaults to the basedir and includes everything.
SonarQube can't do code-coverage itself, it just reports on coverage-reports from a tool like JaCoCo. It is funny they don't clarify these things in https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner --but with enough digging, you can find good info on that site.

Generic test plugin ignores file

I try to use the generic test plugin. I have the unittest.xml file with an absolute path
<file path="/Users/emerson/dev/sonar/project/workspace/components/triage/src/assets/test/unit/tests/controllers/controller.coffee">
the coffee script got compiled into js and unit tests were executed with the unittest.xml as result.
When I add this to my sonar build via the sonar.genericcoverage.unitTestReportPaths, it does recognise the unittest.xml, but does nothing.
The log says
[sonar:sonar] 14:32:55.108 INFO - imported unit test data for 0 files
[sonar:sonar] 14:32:55.109 INFO - unit test data ignored for 1 unknown files, including:
and then the path to the file named in the unittest.xml
The path is valid, why does it not recognise it ? Neither the coffee script nor the compiled js are part of the sonar build, is it therefore ?
As there is no support of coffee script with sonar, my hope was to at least include the unittest results in sonar.
Can someone explain whether it is possible and what should be written into the path field in the unittest.xml ?¨
Thanks for any clarification
Indeed the files need to be indexed in SonarQube in order to import test data.
You can set sonar.import_unknown_files to true with SonarQube 5.1+ to have all files indexed by SonarQube.
http://docs.sonarqube.org/display/SONAR/Analyzing+Source+Code#AnalyzingSourceCode-Unrecognizedfiles

Having trouble getting started with SonarQube

I installed SonarQube and sonar-runner, and the web server seems to work just fine as I can browse it. I tried to keep things as simple as I could, I put the "sonar-project.properties" file in my project's source folder and gave . as the sonar.sources path. After doing so, the console output reported success and the web page listed my project and last analysis date, but when I went into the "Compare" tool to look at statistics it showed all items as blank, except for issues for which is displayed the number 0.
I edited the sonar-project.properties file to give the full path (instead of a relative current directory path of .) to my project's source code, replacing backslashes with forward slashes, and ran the sonar-runner command again from the command line while the working directory was the path of my source folder. It again reported success and when I reloaded the web page, it gave an updated last analysis date, but again no issues were reported and the statistics were all blank.
I have no idea what I'm doing wrong, the Sonar log only reports the installation and starting of the Windows service, and it doesn't indicate any problems. The StartNTService script starts the service without error, but the StartSonar script reports "jvm 1 | WrapperSimpleApp: Encountered an error running main: org.apache.catalina.LifecycleException: Failed to initialize component [StandardServer[-1]]". I don't know if that's relevant for the way I'm using SonarQube as a Windows service. I'm using pretty much all default configuration except I edited the sonar-runner.properties file by un-commented these lines:
sonar.host.url=http://localhost:9000
...
sonar.sourceEncoding=UTF-8
If anybody can help me figure out how to get this to work, I would greatly appreciate it. I am running Windows XP Pro x64 SP2 and Java 1.7.0_51 (32 bit). On my first attempt I did incorrectly use the 64 bit service install/launch scripts but when the console output indicated it didn't match the JVM architecture, I stopped and uninstalled the service and installed and launched the 32 bit service.
Edit: I'm using Sonarqube version 4.2 and Sonar-runner version 2.3.
By default, SonarQube is packaged with the Java ecosystem (Java, Checkstyle, PMD), but for C/C++ you will have to install one of the plugins that support analysis of these languages.
There is a commercial C++ plugin from SonarSource and a free Community Plugin.

How to make sonar analysis for C++ work?

I'm trying to use sonar for static analysis on a c++ code. I've installed sonar and configured my project (it appears on the localhost sonar page, but i do not see any code violation for the respective code). I have the C++ community plugin installed.
My sonar-project.properties looks like this:
# required metadata
sonar.projectKey=DiceInvaders
sonar.projectName=Dice Invaders
sonar.projectVersion=1.0
# optional description
sonar.projectDescription=DiceInvaders by CS
# path to source directories (required)
sonar.sources=D:\\DiceInvaders\\Code
# path to test source directories (optional)
#sonar.tests=D:\\DiceInvaders\\Code
# path to project binaries (optional), for example directory of Java bytecode
#sonar.binaries=binDir
# optional comma-separated list of paths to libraries. Only path to JAR file is supported.
#sonar.libraries=path/to/library/*.jar,path/to/specific/library/myLibrary.jar,parent/*/*.jar
# The value of the property must be the key of the language.
sonar.language=c++
sonar.exclusions=**/*.ipch, **/**/*.rc
sonar.cxx.cppcheck.path = "C:\Program Files (x86)\Cppcheck\cppcheck.exe"
sonar.cxx.cppcheck.reportPath="D:\DiceInvaders\Code\cppcheck-reports\cppcheck.xml".
# Additional parameters
#sonar.my.property=value
I do not get any error when running sonar-runner from cmd.
If i run manually the cppcheck.exe tool on my project I can find violations. Why don't the violations appear on sonar's page?
Is there something else I should configure, am I doing something wrong?
I was able to make it work by running the cppcheck tool independently before sonnar-runner, and placing the generated xml report in the bin folder of sonnar-runner.
In the sonar-project.properties file I've specified the xml directly:
sonar.cxx.cppcheck.reportPath=cppcheck-result-1.xml
I had a similar problem, which was caused by a whitespace after 'sonar.language=cs'. Be sure that there is a linebreak immediately after 'cxx'. Hope it works.
The language key of the Sonar C++ Community plugin is not 'c++' but 'cxx'. See http://docs.codehaus.org/pages/viewpage.action?pageId=185073817.
So you must replace 'sonar.language=c++' by 'sonar.language=cxx'

Resources