Where does Sonarqube collects data from? - sonarqube

Last day I was configuring a jenkins job to run sonar on my java project. I had sonar and jacoco plugins configured in my job. Sonar was throwing some error for which my sysadmin asked me to remove the jacoco plugin configuration from job. I removed and now sonar is saying it cannot find cobertura.xml.
So I am curious to know if sonar does analysis on already run jacoco or cobertura task or does it runs its own coverage analysis?

Short answer : In general, coverage is imported to SonarQube by reading a coverage report generated prior to any work of sonarQube.
Longer answer : Historically (read, about two years ago), SonarQube used to try to run coverage tool for java. This was a nightmare to maintain for every use cases and as such it is now up to the developers to provide a coverage report to SonarQube which will only act on those data (linking them to source, compute metrics, display them nicely).
In your case, that means you most probably have the cobertura plugin installed on your SQ instance and it is looking for a report to import.

Related

Does SonarQube always require an external code coverage tool to show coverage on sonar server?

Does SonarQube always require an external code coverage tool like jacoco (Java), Coverage (python), gcov (c/c++), in order to show coverage on a sonar server?
SonarQube by itself doesn't do any coverage. Its the job for other tools like jacoco and others.
However SonarQube can gather the "results" relevant to the project quality (of course including coverage as an important code quality metric) of the build and allows tracking of the quality over time.
Usually you run coverage tool first, it "adjusts" the code, then you run the tests in the build. Coverage tool creates some results, and only after that you run sonar plugin that processes the results and sends to the sonar qube server.
So, to answer your question: Yes, without an external code coverage tool, sonar won't produce any coverage results, and no, it doesn't have a "default, built-in" coverage tool

Export explicit Jacoco it report to sonarqube 6.7

I'm not able to see the Integration Tests in new sonarqube 6.7 version, here is what I'm doing,
Run Sonarqube task with Gradle to generate the report along with code coverage.
Here, Sonarqube is by default invoking test task and using the test.exec file from build/jacoco generated by Jacoco plugin.
However, I've a task depends on the test task to place an integrationTest.exec report in the build/jacoco as the integrations tests are run outside build(for some reason)
Though I place the integrationTest.exec file explicitly while Sonarqube execution it is still not considering the report and due to which I do not see any change in the coverage computed also I do not see Integration Tests section under coverage like I see Unit Tests.
Firstly, I would like to understand that whether is it feasible to export the integration tests result like I did above or not?
Second, is the latest Sonarqube having the capability to show integration tests report in the coverage section?
Your comments would help me.
Thanks in advance!

Integrated JaCoCo results in SonarQube using Jenkins Maven Multitarget-App

after fighting now with integrating JaCoCo results into my SonarQube to see code coverage for more then one working day, I will try to open another post regarding this topic, because the internet is really messed with postings.
Preconditions:
SonarQube: Version 6.7.2
Maven: 3.5.2
Windows Server2012 R2
I successfully integrated Sonar Scan and results are published. I added the configuration for JaCoCo in the pom.xml of my application and the result files are generated after the build and just using the JaCoCo Jenkins plugin they can be displayed on the Jenkins dashboard. But I did not figure out what Analysis properties the Jenkins action "Execute SonarQube Scanner" needs in order to import the results and display them.
Is "scan" the correct operation or do I need something else to trigger the import?
I saw so many variantes of giving JaCoCo and Sonar the correct parameters, that I do not have a clear picture any more. Any hints maybe looking at my parameters?
As described in the docs, since you're building with Maven you should analyze with it too. There's some global setup you want to do (see the docs) but once that's done, you'll add this to your job instead of your current SonarQube Scanner build step:
$SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL
Note that this needs to come after your build and test execution. The JaCoCo reports should be picked up automatically.
I successfully integrated it now with these Analyses properties and it is working.
sonar.projectName=
sonar.projectKey=
sonar.login =
sonar.password =
sonar.sources=./
sonar.java.binaries=./
sonar.jacoco.reportPaths=./trackingboard-service/target/jacoco.exec
sonar.jacoco.reportMissing.force.zero=true

How to force code coverage to Zero?

I have several java projects with no unit test cases. When I try to analyse these projects using SonarQube I am unable to get unit test code coverage because it doesn't have any test cases. As per my research I saw that I can force it to show it as zero if there are no unit test cases. The official Jacoco Java documentation mentions sonar.jacoco.reportMissing.force.zero=true.
My SonarQube analysis will be done using maven builds and SonarQube 5.6.6 and sonar-java 4.11.0.10660.
How can I set this parameter in maven so that it can show as zero unit test cases in my coverage?
From version 6.2 SonarQube does this automatically where the behavior is supported by the analyzers. Before that version, availability of the feature is spotty and not entirely reliable. For best results you should upgrade SonarQube.
That said, you can set that property on the analysis command line like so:
mvn sonar:sonar -Dsonar.jacoco.reportMissing.force.zero=true
Or by setting a property in your pom, as shown in the docs
Update 16 Dec 2019
Most language analyzers now calculate Executable Lines, so files omitted from the coverage report are included in calculations anyway. But that only kicks in if you provide coverage reports. No coverage reports -> no coverage metrics at all.

SonarQube not picking up Cobertura code coverage

I am analysing a Java project that has been unit tested and Cobertura coverage.xml reported. I am using SonarQube 4.1.1 and latest Sonar Runner. I have successfully imported Cobertura coverage results to Sonar 3.2 and Ant analyzer, but with this new version I am running into problems. In the new Sonar analysis execution (through Jenkins) I see no reference in logs that it would have started any Cobertura engine or anything. My settings in Runner Jenkins project:
sonar.dynamicAnalysis=reuseReports
sonar.java.coveragePlugin=cobertura
sonar.cobertura.reportPath=[mypath]/coverage.xml
sonar.junit.reportsPath=[mypath]/
No mentioning of Cobertura in the analysis output (except my own property values) and SonarQube page shows "-" in coverage report. Unit test results are shown fine.
I have also added all source, bin, and test directories. Any ideas? Thanks.
Update
I wonder if the reason why Cobertura coverage is not reported on SonarQube page, is because in Jenkins my SonarQube project clones (Clone plugin) the workspace from a previous Project build? If the coverage.xml file contains static paths, then maybe it goes wrong somehow.
Ok the solution was quite obvious. SonarCube 4.1.1 does not come with Cobertura preinstalled, so I installed it and now it works :) Maybe it was preinstalled in 3.2 version, I can't remember.
For any "reuse reports" feature in SonarQube (may it be for code coverage, test execution or any other third-party tool that generates a intermediate report), the report must be generated based on the same source files (in terms of file system location) than the ones that will be used for the SonarQube analysis. Otherwise the SonarQube plugins won't be able to match paths from the reports with paths of the analyzed sources.
So you guessed it right: cloning the workspace and running the SonarQube analysis on this clone is the reason why the coverage can't be computed.
The root cause of this problem is that SonarQube does not support Cobertura format and you need OpenCover, or dotCover format. Using reportgenerator is one of the solutions but it's unnecessary complicated: you can make "dotnet test" command to return the report in Opencover format by passing special parameter and then pick up the Opencover report.
Use
dotnet test --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=cobertura,opencover
to get two reports: one in OpenCover format for SonarQube and default Cobertura for Azure DevOps.
Now you can specify the path to OpenCover report in SonarQubePrepare task.
There is also detailed article on this here

Resources