Move "Won't fix" between projects in Sonarqube - sonarqube

I am using SonarQube to analyze my code before uploading to Gerrit and as a step in the review process in Gerrit. The same code is analyzed twice and I have two projects, e.g. "development-project" and "gerrit-project" in SonarQube. I then sometimes marks something as "Won't fix" or " False positive" etc in my "developpment-project". I would like to move that to the "gerrit-project". Is that possible?

I was in similar situation and I created simple command line tool for copying Won't Fix and False-Positive resolution types from one SonarQube project to another. A bit clumsy solution, you need to run it after each merge, but better than manually resolve the same issues in two or more SonarQube projects.
You can find the tool on GitHub - https://github.com/HonzaTau/SqCopyResolution

Unfortunately you cannot. There is information, in SonarQube documentation, that projects created with sonar.branch parameter are treated as independent* projects.
*independent - not associated with any other project
http://docs.sonarqube.org/display/SONAR/Local+and+Branch+Analysis:
[...] you add the sonar.branch=[branch key] analysis property to the
release branch to create a second, independent project in SonarQube.

Related

Two Sonar reports generation for 2 branches under one project

I have a java-maven project named clarity which has one pom.xml file. we recently created a bitbucket account and created two branches one for development team and one for reporting team. It's like two teams make changes to their own branch. Now I need to configure jenkins for running separate sonar reports for this two branches with one project itself, how do i that. Should I change the pom.xml file or need to specify something in jenkins jobs. Please mention clearly as I am new to this jenkins config.
Any help is appreciated, Thanks :)
You should differentiate the two copies using the sonar.branch analysis parameter, which you should be able to pass into the Maven analysis on the command line using, E.G. -Dsonar.branch=reporting

Project analysis (Sonar Report )for branches

I recently configured our build server using bamboo and Sonar. In our case we have a multiple developer environment and chose to not only analyse our trunk but also the branch. The nightly builds of trunk and branch are analysed by sonar. And there lies our problem. The last build will be the build saved in Sonar, which is plausible from a Sonar point-of-view, ie the projects have the same name so are probably the same.
In Branch we have fixes for our major release all projects name and code are same just in branch we have bug fixes. so we would love to see the analysis of branch and trunk separately in sonar dashboard.
The question is there is a way to make multiple version of the same project in Sonar? Or is there any other best practice in this situations?
Looking forward to you replies :)
Use the sonar.branch analysis property to distinguish the branches from head and from each other. Note that there are limitations. E.G. Issues marked "False Positive" in one version of the project will not show up as FP's in the other versions.
More analysis params in the docs

Sonarqube 5.1 TFS sonar msbuild runner with branches

We have just started using Sonarqube 5.1 integrated in TFS build as described on this page http://www.sonarqube.org/announcing-sonarqube-integration-with-msbuild-and-team-build/
We have one main branch, and two development branches for the same project.
What is the recommended strategy for handling this?
I want to be able to see analyze result trends over time and also let people working in different branches able to see analyze result for the branch they are working in. As far as I can see the Sonar msbuild runner (https://github.com/SonarSource/sonar-msbuild-runner) only supports projectkey, projectname and version, but not branch key.
Any advice and suggestions will be greatly appreciated!
Indeed Wangen, I do confirm that the MSBuild Runner 0.9 doesn't yet provide a way to inject some SonarQube properties and so including the "sonar.branch" property. This limitation is going to be dropped in version 1.0 of the MSBuild Runner. Nevertheless, you must be aware that the support of branches by SonarQube is really limited because at the end in your case you're going to have 3 different projects in SonarQube and for instance flagging an issue as false-positive won't lead to flag the same issue in another branch as false-positive.

SonarQube - analyzing branches of the same project

I know that there is no "new project" button on SonarQube UI. However, I have two branches of the same project that I want to do analysis on. The thing is that since the project names are the same, SonarQube will upload the analysis results of the two branches into the same project on SonarQube Server. How do I configure SonarQube so that one branch will upload analysis results to one project and the other branch will upload results to another project on SonarQube server?
You might want to look at this part of the Sonar documentation, specifically at the sonar.branch parameter. It seems to be designed for what you want to do, and is working that way for us.
As the sonar.branch parameter is deprecated and the Developer Edition costs money, one possible option it to use the already mentioned branch plugin for SonarQube Community Edition (LGPL).
Update: seems like the repo is gone, not sure why. Active fork can be found here.
If you use SonarQube Runner, then you have to change the sonar.projectKey property to different values. If you use maven based analyses, then add -Dsonar.projectKey="Something" to your command. Example:
mvn sonar:sonar -Dsonar.projectKey="My project in first branch"
mvn sonar:sonar -Dsonar.projectKey="My project in second branch"
You can change the project name in a similar way with the sonar.projectName property.
This blog post by the SonarQube team suggests that treatment of branches will be improved in version 6.
Additionally, if you are using pull requests, have a look at its pull request analysis plugins (both GitHub and BitBucket at the moment).
The sonar.branch parameter is deprecated from sonar version 7.1 so, for alternative for that and having separate branch analysis on sonarQube version 7.1 on-words you can use something like this.
I assume you have maven project. if not just remove -D from it and use it.
mvn sonar:sonar -Dsonar.projectKey=<projectname>
mvn sonar:sonar -Dsonar.projectName=<project-name>
The project key should be unique. Otherwise it will combine the result of other branches who has the same project key.

Using sonar in pretty big team

We have something about 20 people in our team and we are using sonar for now to analyse new code before submiting it to the main stream. So each designer uses it's own Sonar installed on his machine.
What I'm trying to do is to create a one instance of the Sonar which each designer will be able to use. The only concern I have is what will happen if:
One designer will launch analysis on one revision of file and right after that the second designer will launch analysis on another revision of this file (in the worst case we can have a bunch of such a files). First designer won't be able to see his violations and won't be able to see code he wrote at all. Do we have some mechanism to overcome this?
What will happen if two designers will analyse the same project at the same time? AFAIK, Sonar won't allow them to do so. Any workaround for this?
Of course, we can, somaehow, create a project on the sonar side for each team member, but this has it's drawbacks, such as issues, marked as false positive in one proect won't appear as such an issues in another project and so on.
Any ideas on such an issues?
What you probably want to set up is:
a central Sonar instance that analyses the code base on a regular basis (for instance every day) based on the code located in the repository. This instance should be the reference and the project manager(s) will use it to monitor the project.
ask the developers to run local analyses before commiting their code:
either using Sonar Eclipse if you're coding in Java, C++ or Python. Everything is perfectly described in the documentation, more precisely the "Checking code prior to commit" section
or using the Issues Report plugin if your language is not supported yet in Sonar Eclipse.

Resources