I'm testing SonarQube with a .Net solution file. I'm trying to figure out which files exactly get uploaded/imported into the SonarQube database. Based on my tests with the SonarQube MSBuild runner, it analysis and uploads all files which are stated in the .csproj project file(s) (only those that can be associated with a language plugin because I have set "Import unknown files" to false).
Is there a way to specify additional files which should be analyzed and imported? I had some hope for the "sonar.inclusions" setting, but it's not exactly what I need because the description says Patterns used to include some source files and only these ones in analysis.
I'd like to just specify additional files.
My use-case: at the moment, SonarQube does not create issues for compiler warnings (see Displaying C# compilation warnings in Sonar?) (which in my opinion is really sad/weird for a tool that wants to improve code quality). So my idea is to use msbuild with an xml-logger, import the generated xml log file and use the XML plugin with custom XML path rules to extract the compiler messages.
Similar issue for analyzing Delphi code. I found an old SonarQube Delphi plugin which I could not yet get to work with SonarQube 5.x, but I'd like to try to get at least the compiler messages into SonarQube (convert Delphi compiler output into XML, get SonarQube to import this file, use custom XML path rules).
Is there a way to get SonarQube to analyze/import such additional files?
Related
I am trying to learn how to use SonarLint plugin in Eclipse. I downloaded the plugin and I have 4 views in my Eclipse now - SonarLint on the Fly, SonarLint Report, SonarLint Rule Description, SonarQube Servers.
In the SonarLint on the Fly, I am able to see only the JavaScript bugs scanned by SonarQube. Not the Java ones (I have Java rule set in SonarQube server as well). But if I open a Java file, then I am able to view java bugs and errors in this window.
In SonarReport, I have two tabs at the bottom - Current Project and All Projects. When I click on Current Project it scanned the current project and showed me only JavaScript errors but not Java.
So, my question is - Is there any way to see Java errors along with JavaScript? I should be able to view the Java errors throughout my project (without having to open java files and then see the bugs).
If analysis of JavaScript files is working, it should be easy to also have Java files. Few things to check:
For Java analysis to work fine, you should have installed the optional feature "SonarLint For Eclipse Java Configuration Helper"
Java files that are not part of an Eclipse Java project are ignored
Also, in the SonarLint Report view, the two buttons will only analyze changed files (ie files that are reported as changed by your SCM) so be sure that you also have some Java files with modifications.
Looking at SonarLint console while enabling verbose + analysis logs may help to understand your issue.
Scenario:
I am migrating our current VS Solution analysis setup from using the sonar-runner to using the MSBuild runner. However I am encountering a fairly significant problem.
In the old setup, we specified our project name, key and most importantly a long list of skipped projects (sonar.visualstudio.skippedProjectPattern) using the sonar-project.properties file.
This is because [WARNING: ugly legacy bad coding practice alert] we have six solutions that build dozens and dozens of projects, all out of the same git repo. A lot of the projects are common across several solutions and we don't want them analyzed more than once. So each solution has a set of projects that it "owns" and which are analyzed as part of it. Thus the sonar-project.properies file for each of the other solutions specifies that these projects are to be ignored.
The Problem: In the new MSBuild Runner approach, there does not appear to be MS solution level (also read as SonarQube Project level) configuration file or mechanism aside from passing arguments on the command line to the MSBuild runner's 'begin' phase. One either has the global configuration file, or the MSBuild *.*proj files, (that is, MS project level configuration files). This latter is clearly out of the question as whether a project gets excluded from analysis is based on which solution is being analyzed.
As noted, conceivably we could pass all this in on the command line but that is sub optimal. Our builds are done by scripts that are, to the extent possible, generic. Having the configuration in the sonar-project.properities file was a big help in keeping them that way and we are hoping we are missing something here that will let us keep using that file or a similar one. Are we?
There currently is no equivalent to the sonar-project.properties file in the MSBuild SonarQube Runner version 1.0. I've added a new ticket to the project's backlog to consider adding this feature in an upcoming release: http://jira.sonarsource.com/browse/SONARMSBRU-124
The v1.0 MSBuild SonarQube Runner supports a /s: command line argument that allows you to specify the global settings file to use. The settings file can contain any additional global settings that previous you would have put in the sonar-project.properties file.
If you don't specify a global setting file the MSBuild Runner will look for a default global settings file in the same location as the runner executable.
See the documentation repo for more information: https://github.com/SonarSource/sonar-.net-documentation/blob/master/doc/appendix-2.md
The properties now can be added via ItemGroups in each .csproj file, this way:
<ItemGroup>
<SonarQubeSetting Include="sonar.cpd.exclusions">
<Value>Models/**/*.cs</Value>
</SonarQubeSetting>
</ItemGroup>
I've used Jenkins CI for a few years and I want learn TeamCity.
In Jenkins I tracked FxCop issues by enabling code analysis on my .net projects and then telling the Violations plugin where to find the code analysis XML files i.e. MSBUILD would put a file named [project name].CodeAnalysisLog.xml in the build output directory and you could use something like **/*/*CodeAnalysisLog.xml to find those files with the Violations plugin.
TeamCity has its own FxCop runner but I don't want to run FxCop again because MSBuild has already done that for me.
I just want to be able to tell TeamCity where to find the XML files and have it produce the trend graph in the same way Jenkins does with the Violations plugin.
I have a similar issue with StyleCop, jsLint and cssLint. MSBuild build tasks or batch commands that run as part of the build produce XML output. I would like to use this output to create trend graphs.
To my knowledge TeamCity is different from Jenkins for the reports in a sense that it takes them in HTML format. That's what we have had to do for our code quality analysis product - convert our XML report to HTML for TeamCity. Due to that we can't do violation trend report when integrated with TeamCity unlike the Jenkins plug-in we have. We haven't looked whether there were TeamCity changes in the last couple of years that would enable the XML report input.
I am running clover before running the sonar ant task and providing its xml output to Sonar 3.7.
Is it possible to later fetch the line level coverage data for a given Java file using one of the Sonar webservice API's?
If not, is there a library that I can use to get the same info from clover xml without writing all the parsing code?
Well if you need a complete report to line level granularity.
You should go for html reports of Clover.
They provide details from the highest level such as project and packages to lowest level of details like complexity of each package or source file, method coverage, line coverage etc. (If proper attributes are specified)
Many of the above specified things are provided in XML report as well but HTML generated by Clover is very interactive and fancy. You can actually see all the source files in that report and figure out the parts which were covered in the file.
As you already have the xml report generation target, you can add html report task as well into it.
Hope this helps. :)
I know that you can create a template project to ensure that certain required settings (for ex: code analysis, treat warnings as errors, platforms, etc.) are set in a new project.
I want to enforce this as a part of the CI process i.e. in the build I want to validate the C# project files against a template (or an XML file) and cause a build failure if the project files don't conform to it. I need suggestions and ideas on how this can be achieved.
I want to try this with TFS 2010 and VS 2010.
I am writing a custom task to search for all the C# project files and compare the Xml structure of the Template project file with the Actual project file and report any difference as error.
I usually tackle this by customizing my build process to run Code Analysis/StyleCop/etc against all projects regardless of project settings.
Likewise for Treat Warnings as Errors. I just override the proejct settings at the build-level so that no matter what people do to the projects I know that everything I want to run is being run at build time.