How to set reporting level for sonar preview analysis - sonarqube

We are using the sonar github plugin to generate preview analysis for pull request as described here. This works beautifully but because we are working with a lot of legacy code is it possible to:
Set a minimum level for preview analysis (major and above)?
Ignore existing existing issues and only report on new ones?

Related

Sonar Qube report generation either as csv,xml or pdf

I'm using sonarqube-7.3 version. I want to make report from sonarqube either as csv, xml or pdf. I have googled it and found that we can make pdf report using sonar-pdfreport-plugin. I have dowload the version sonar-pdfreport-plugin-1.4 and pasted it in the extension/pluggin folder. But I can't restart the server. Anyone please provide a solution for getting report for the version provided above.
In general, SonarQube is not meant to be used as some reporting tool, but more as part of CI pipeline and users can use it's UI to manage code quality issues.
However, PDF reporting is available in the commercial Enterprise Edition of SonarQube for portfolios (groups of projects) as part of Governance. You can find details here https://www.sonarsource.com/plans-and-pricing/enterprise/
The plugin you are mentioning is most likely not updated for the 7.3 version

See history of Sonar analyses in SonarQube

I am triggering a Sonar analysis from Jenkins whenever a user commits any change to any branch of my project. In SonarQube I see the project analysis result, and quality gate status, for the most recently run analysis. It only shows the most recently run analysis for a given project.
How can I see a 'history' of previous analyses that were run prior? Specifically I would like to see the coverage from before and the where in the codebase specific 'critical' issues triggered a quality gate failure. Basically I want a historical snapshot of the 'project overview' page for each time the analysis is run. Since I am triggering the analysis from different branches I need to be able to differentiate an analysis of Branch A vs. a previous analysis of Branch B.
If you use SonarQube up to version 5.6: Use the Sonar Timeline Plugin, which allows you to add a graph to your dashboard.
If you use SonarQube version 6.5 or later (to be released in August 2017): Get feature rich history graphs out of the box (no plugin required)!
It looks like you have to make a custom dashboard and add a history widget. It looks like it shows you just the times the gate changed (which i guess is what I should have expected) for example the project I tested with only changed status 3 times so even though I asked for 10 columns it only showed 3.
This is on the Sonar homepage for your project, not the sonar widget in jenkins fyi

SonarQube Pre-commit analysis for JavaScript

I need to find a way to do a pre-commit incremental analysis with rules supplied by SonarQube 5.4 hosted on a server. The most important files to analyze are JavaScript files, and we are working in C# using ASP.NET framework, so installing Eclipse for a large team is not feasible.
I have tried Sonar-Scanner 2.8, but it does not pick up the analysis already done on the server (shows all issues as new), and it also does not react to exclusions. Documentation on that matter is outdated, as, for example, incremental analysis is not supported anymore, and issues analysis is not documented properly regarding what it does,
Some relevant parts from sonar-project.properties:
sonar.exclusions=**/Scripts/*angular*.js,**/Scripts/*bootstrap*.js,**/Scripts/*d3*.js,**/Scripts/*jquery*.js,**/Scripts/*modernizr*.js,**/Scripts/*respond*.js,**/Scripts/*toolkit*.js,**/tbshared/**/*.*,**/Scripts/*reference*.js,**/packages/**/*.*,**/Scripts/angular*.map,**/Scripts/*.json,**/Scripts/*.css,**/Scripts/i18n/*.*
...
#Enable HTML
sonar.issuesReport.html.enable=true
#Enable console output
sonar.issuesReport.console.enable
#Enable incremental analysis
sonar.analysis.mode=issues
Maybe one day SonarLint for Visual Studio will be extended to cover more languages than just C#.
But as of today you can take a look at:
SonarLint for Command Line
GitHub Plugin
All those links are available in SonarQube documentation on page "Local and Branch Analysis".

Can SonarQube be configured to show code coverage in "preview" mode reports?

I am currently working with SonarQube v5.6 and have a need to generate comprehensive "preview" reports locally before pushing the results to my remote SonarQube server. Specifically, I need to be able to see technical debt, code coverage, and duplicated blocks in the local HTML and/or console reports which are created when running the analysis in "preview" mode.
Currently, I am able to see issues -- new, existing, resolved, minor, major, etc. -- and nothing else. I would like to be able to see technical debt, code coverage, and duplicated blocks as well (at the very least, I need to see code coverage). Can SonarQube be configured to show these details in "preview" mode reports, via a command line argument or some other setting? I am using Maven and JaCoCo.
This is not supported currently (version 6.1). You can track this ticket to be informed of the progress: https://jira.sonarsource.com/browse/SONAR-6763

Does continuous inspection still work with Sonar 5.1.X?

I'm trying to run a preview analysis for a (Java) project of ours with SonarQube 5.1.1. I am able to get a local report generated, however I get no coverage data, and I also get the message [INFO] [XX:YY:ZZ.ZZZ] Build Breaker plugin is no more supported in preview/incremental mode.
If I check here, the page says that Starting with SonarQube 5.1, the Build Breaker plugin does not work any longer in the preview & incremental modes..
I'm confused - I thought that for continuous inspection one needs the build breaker plugin. Is that no longer so? Has the concept in SonarQube changed?
Why am I not getting coverage data when running a preview analysis?
I don't know where you've read this, but continuous inspection is not specifically related to the preview/incremental mode nor to the build breaker plugin - it's not even related to SonarQube (even though it has been pushed by SonarSource from the very beginning).
Here are the key points:
Continuous inspection is about analyzing your code as often as you can in order to monitor (and eventually improve) the quality of your code. Whatever the tool.
On SonarQube, this means running analyses that will push information on the server so that you can monitor what's going on and take the required actions for your application portfolio.
Obviously, when you are a developer, you'd like to manage those issues early, before they even get pushed to the source code repository. But experience tells us that preventing any code push because of issues is a bad pattern - because some issues might be false-positive or not relevant in the context (and still you want - and have the right, to push your code). This is why we feel that the build breaker plugin is not aligned with all this, and it will be replaced in upcoming versions of SQ by native features that match better these concepts:
Very efficient code analysis to display issues in the IDE at the speed of light - but without computing metrics
Preview mode that will compute everything and make it possible to check quality gate before pushing code to the source code repository - without impacting the results on the server
and in this case, using some specific information found in the logs, it will be possible for a CI to fail a build

Resources