After a while I installed sonarqube 5.6 today and wondered where the dependency matrix feature is.
I found this SO question, but it is about sonarqube 4.5.
I also searched the update center to see if I must install a additional plugin now, but I had no success.
Does anyone know how to get the package design widget back?
I just found the answer. Sadly the package design widget is not available anymore.
Since sonarqube 5.2...
All design-related features were dropped
See http://www.sonarqube.org/sonarqube-5-2-in-screenshots/ section Also worth noting
All design-related features were dropped in this version (see SONAR-6553 for details), including Package Tangle Index and related metrics.
Related
I want to check if my project dependencies have any updates.
I've used
versions:dependency-updates-report
But I have some performance problems with it which I was unable to solve. Now I'm trying to use
org.owasp.dependency-check-maven:check
But I could not reproduce their example:
I'm getting similar look but I can't get 4 last columns (Next Version, Next Incremental, Next Minor, Next Major) which is most important for me.
How to reproduce this example?
(full disclosure - I am the founder of meterian)
You may want to consider a commercial product like sourceclear, snyk or meterian.
The meterian client is very easy to use, you can quickly check any maven or gradle project with no changes to the code: get the client, cd into the project folder, run it, see the results.
It's free for open source projects, badges are available for GitHub, and at the moment commercial use is not charged.
Hope this helps.
You will not reproduce the given report with org.owasp.dependency-check-maven because the shown report is created with versions-maven-plugin.
This are two different plugins.
org.owasp.dependency-check-maven is to find vulnerabilities according to the NVD in dependencies whereas versions-maven-plugin is for checking for newer versions, independent of vulnerabilities.
In the old version, there was a dashboard for the whole project from different views, but in the latest version there isn't. Why was this dashboard removed?
The short answer is that rather than making you figure out which measures are most important, and making you figure out how to display them, recent versions of SonarQube handle the hard work for you with a standard, non-customizable project homepage, and the new Projects space.
I see a big difference in the look & feel between the online dashboard (https://sonarqube.com/projects or https://sonarqube.com/governance?id=MASTER_PROJECT) and the one that we see by default on our local installation of sonar (v5.6.3).
I'm wondering about whether the online look & feel can in someway be easily applied to a local installation. It's just a matter of css/js or behind we have also a completely different HTML structure?
Any information about this will be much appreciated.
I think I've found the answer to my question. The nice-looking online demo is based on an Enterprise Grade deployment of sonar with the governance plugin.
https://www.sonarsource.com/why-us/products/plugins/governance.html
https://www.sonarsource.com/solutions/deployments/enterprise-grade/
Can't you update your install to the latest version? There have been UI changes in both version 6.0 and 6.1
http://www.sonarqube.org/sonarqube-6-0-in-screenshots/
http://www.sonarqube.org/sonarqube-6-1-in-screenshots/
I liked the package design (later renamed to file design) feature in SonarQube to detect cycles inside my application. See this old blog post:
http://www.sonarqube.org/fight-back-design-erosion-by-breaking-cycles-with-sonar/
In the recent 6.0 version of SonarQube I can't find this anymore, there is a design plugin but that only seems to be supported until version 4.5.6. Am I overlooking something or is the file design feature just gone?
Design-related services were dropped in version 5.2.
My project is analysed by SonarQube for every VCS check-in and I have observed some strange behavior:
The dependency cycle-count changes to extremes every now and then.
When viewing the details (e.g. clicking the link) the old (smaller number) value is displayed. What could be the cause of this?
This feature has been dropped from SonarQube platform in version 5.2 thus even if there might be some flaws on this on sonar java analyzer side there is not point to make an effort to fix them as this will be dropped when it will move to LTS version 5.x
See this ticket for detailed explanation : https://jira.sonarsource.com/browse/SONAR-6553