I've successfully built up a SonarQube server, and I wrote several custom rules to review the code. Now, I can use the server and custom rule with Jenkins and with Maven only when the code is on the same server.
My question is when I develop maven project on another computer, and I want to use maven build or maven install, how can I still use the certain SonarQube server? Simply add plugins in the pom.xml can't use the SonarQube server I established, and the custom rules I developed are also not taken into effect.
As stated in the docs, you only need to make sure the address of your SonarQube server is available to the analysis. Beyond that, you should provide the token of a user with analysis permissions (and 'create project' permissions if the project doesn't already exist) and analyze away.
Of course, this pre-supposes that your SQ server is visible on your network.
Related
Is there any way I can get any sonarqube api which can provide the build number of bamboo or any bamboo api which can give sonarqube info.This would really help.
I have so far tried both side but i am surprised both the system are quite clueless about each other. Why it is not possible that a build which ran sonarqube as as one of it's job doesn't have any information about that. Also neither in sonar it tell which build has actually triggered that sonar execution
(Not sure I understand what exactly you are looking for, perhaps this ...? )
I don't believe you can relate a specific Activity (SonarQube analysis) to a specific build (Bamboo), just project to job.
You must have SonarQube Server configured in Bamboo
When executing your job, you can add these sonar.links optional parameters to the analysis step:
sonar.links.homepage Project home page.
sonar.links.ci Continuous integration.
and
sonar.links.scm Project source repository.
sonar.links.issue Issue tracker.
Maybe also specify sonar.host.url=$SONAR_HOST_URL (where SONAR_HOST_URL is the global setting in Bamboo) in the analysis step parameters.
Those populate the Project Overview page sidebar:
That should provide the links from SonarQube back to the other systems of interest.
If you have properly configured Bamboo, you should see a link in Bamboo to the SonarQube project, post execution.
I have a project where I my sonarqube is in a remote server and the server has connection to SVN repository.
Now I wish to add a jacoco plugin to sonar qube which will checkout the project from SVN, build it and generate code coverage report and display it in my sonar report.
can anyone suggest what should I do for this.
Thanks in advance.
First of all you are missing an important step. SonarQube Server will only display your report and your data, and tell you if you passed the quality gate or not and it will show you your issues. But it will not do the analyzing part.
For that you need to use a SonarQube Scanner. There are multiple scanners available as you can see here. Those scanners can be executed locally, or ideally will be integrated in your Continous Integration pipeline, via Jenkins, Bamboo, TeamCity, etc. This Scanner will analyze your project based on the plugins/sensors on your Sonarqube server.
This scanner has to be configured to point to your server via sonar.host.url property, and ideally you will have some login setup. More details regarding that can be found in the SonarQube Documentation, which i highly suggest to read.
Is it possible to restrict the publishing of new analysis on a sonar instance. My use case is I created new instance of sonar with the latest version. There are couple of projects configured with the old version. I want to make sure that no project team use old instance of sonar. At server level, is it possible to stop publishing new report.
Also what customization options sonar server gives for its home page. I want to display a custom message with Sonar 5.6 version
Atul
You seem to have stood up two different instances of SonarQube side by side. In doing so, you impose on your teams the requirement to update their CI configuration to point to the new instance.
You should instead replace the old version with the new one. See the Upgrading docs for details.
In the similar question Sonar-Runner talks to the local database "David RACODON - SonarSource" wrote:
The SonarQube Runner needs to talk to both the database and the web server.
I'm will try to understand why Sonar Runner talks do sonar database, because somebody who use sonar runner will known database user and password and do anything on it, for example change admin password and take control on Sonar instance.
On the other hand, at sonar runner docs (http://docs.sonarqube.org/display/SONAR/Installing+and+Configuring+SonarQube+Runner) I see info:
The SonarQube Runner is recommended as the default launcher to analyze a project with SonarQube.
So, it means that I should give database password to each developer of my team? This is inconsistent. Could somebody explain it?
SonarQube needs to talk to the database in order to save the results (metrics) of the analysis.
I will not talk about all the different possibilities that you can implement in order to avoid SonarQube's users to know the admin login, but here is the one I use:
SonarQube + Runner
Jenkins with Sonar plugin
This post (on my blog) is 1 year old http://qualilogy.com/en/install-sonarqube-the-sonarqub-jenkins-plugin/) but it will give you an idea.
You already have SonarQube + Runner installed.
Install Jenkins
Install SonarQube plugin for Jenkins
Configure the plugin:
Location of Runner
SonarQube dashboard URL
Connection to the DB : password is encrypted.
Then, when configuring and running an analysis from Jenkins, no need to use any DB login as a parameter.
Hope it helps.
As of version 5.2, this is no longer the case. Now, all DB credentials/connections are managed by Sonar itself, not the runner.
I'm trying to config a SonarQube server using puppet.
My puppet manifests install software, deploy my custom sonar.properties, deploy ssl certificates, download and configure few plugins and, at last, start service.
Default Global Permissions allows Execute Analysis and Execute Preview Analysis to Anyone.
Default Project Permissions allows Browse and See Source Code to Anyone.
I want change this from my puppet code without using the web interface. Not only before first deploy. In each repuppet I could want change this permissions.
The goal is config and reconfig SonarQube in automatic way.
Thanks and sorry for my english.
To update permissions, you can do it through web service calls: http://docs.codehaus.org/pages/viewpage.action?pageId=231735777