I am looking for a way to scan only new code of a project with the findbugs plugin for maven but I can't seem to figure out how.
There is no such way to scan only new code with the existing Findbugs mavne plugin.
You would need to develop your own that would check your SCM tool and run the check only on given files.
If you are running Findbugs on either Jenkins or SonarQube, you can view a report of the difference between two scans.
Related
We currently use the sonar-scanner utility to run sonar analysis on our maven multi-modules java project.
I wanted to move from the sonar-scanner to the sonar-maven-plugin, but the first tests shows a big discrepancy in the reported metrics.
For example the number of lines of code went from 466'000 to 154'000.
The main difference seems to be that the maven plugin does not analyse the src/test directories whereas the scanner does. Another reason could be that the maven plugin only analyses the modules which are enabled.
Do this behavior seems normal to you ?
or did I miss some configuration in the plugin or the scanner. They both should pull the config from our sonarqube server.
If this is the normal behavior then should I stay with the scanner and keep the metrics history or should I start over with the maven plugin ?
I could redo some analysis for all versions we released to have some comparisons and trends.
Thanks for your advices.
Update:
Settings the sonar.sources and sonar.inclusions like mentioned there gives some better results...
sonar-maven-plugin: extending sonar.sources in multi-module project
Can I analyze pom files correctness using Sonar? (like the maven enforcer plugin rules)
The short answer is no. The slightly longer answer is maybe. There is no plugin listed on the office plugins page with this functionality, but it's possible to write a plugin that could run some rules on a maven project and report the issues as like with any other metric...
Which is the best and featured way to generate reports either by using Maven or ANT? What are the features and differences ? I am using selenium webDriver with TestNG. By using testNG should I prefer "build.xml" or "pom.xml" ?
Maven and ant are build tools. What generates the reports is Testng. So if you use ant or maven, the report generated will still be the same. You can probably do a comparison between maven and ant as build tools, not as a report generation framework, to pick up the one you find better. If you might find this any help.. A blog written long back to describe the ecosystem..http://niharikawhatsnext.wordpress.com/2012/02/15/test-automation-to-building-to-execution-to-scheduling-java/
You can use both maven and ANT to produce XSLT reports which uses TestNg generated output.html. Both are mainly used for build purpose not for report generation.
The XSLT reports generated from maven and ANT both looks same. But there are many advantages in Maven over ANT in testing frame works (I am assuming you know what are those). So I would personally prefer Maven. Please go through the below links which you might found helpful.
http://www.javatpoint.com/difference-between-ant-and-maven
http://blog.varunin.com/2012/05/generate-testng-xslt-report-using-maven.html
I have a multi-module maven project and have it's modules as Sonar components.
Is it possible to set alerts separate per module/component, or Sonar considers the whole project? If not, what's the best way of having my maven modules as separate projects in Sonar, so that mvn sonar:sonar is only executed once. I use cobertura for report generation.
At the moment of writing this answer, that feature is not supported by Sonar.
If separate metrics needed you need to create a separate project and trigger a separate build from Jenkins and providing specific pom.xml file for desired module.
I have set up Sonar with MySQL Database. My project is a multi module eclipse project, which means it has multiple plugins.
I have set up a Jenkins build with Maven to build this project and also installed Jenkins Sonar plugin to analyse the code with sonar.
All the configurations seem to be correct. However, when sonar tries to analyse this project after the build, it complains of duplicate source code and the build fails.
Each eclipse plugin has Activator.java class and Sonar complains that this is duplicate. I have excluded this class from analysis, but Sonar complains of classes in a particular plugin that is added as a dependency to lot other plugins.
Incomplete analysis of the code leads to other issues in Sonar for this project. like, even though the project is visible in the Sonar dashboard, it asks for authentication again on clicking the project, even though I am logged in as admin.
Any inputs on pointing me to the right direction would be very helpful.
Please let me know if any additional inputs are necessary to better understand my problem.
IMO, the best example you can follow is our Sonar Eclipse project: https://github.com/SonarSource/sonar-eclipse. This is also a multi-module Eclipse project.
In this example, you want to have a look at the parent module (https://github.com/SonarSource/sonar-eclipse/tree/master/org.sonar.ide.eclipse.parent) which goal is only to define the parent POM. Almost everything happens there.
I guess that you should find your way thanks to this.
I was able to fix this issue by removing the test tag in the parent pom.xml. This was somehow causing sonar to throw the duplicate source error. It was a tedious task to figure out the root cause and I had to reconstruct pom.xml from scratch, adding section by section.
Thanks to all for the help.